https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/
Mozilla has announced a groundbreaking collaboration with Anthropic that leveraged advanced AI models to identify and fix 271 security vulnerabilities in Firefox 150, marking a potential paradigm shift in software security. The Firefox team has been working intensively since February using frontier AI models, including an early version of Claude Mythos Preview, to scan the browser’s codebase for latent security flaws. This effort follows an earlier collaboration using Opus 4.6 that resulted in fixes for 22 security-sensitive bugs in Firefox 148, demonstrating the rapidly expanding capability of AI-assisted vulnerability discovery.
The sheer volume of vulnerabilities discovered initially created what Mozilla described as “vertigo” for the team, as finding even a single such bug would have been considered critical in 2025. However, Mozilla’s Bobby Holley expressed optimism that this AI-driven approach fundamentally changes the security landscape from one that has been “offensively-dominant” to one where defenders can finally gain the upper hand. The AI models demonstrated capabilities matching elite human security researchers, able to reason through source code and identify vulnerabilities that traditional automated tools like fuzzers cannot detect, while doing so at a fraction of the time and cost.
Mozilla believes this technology represents a decisive turning point where eliminating all vulnerabilities becomes achievable rather than aspirational. While AI-discovered bugs initially favour attackers who gain access to these models, democratising these capabilities among defenders erodes the attacker’s traditional advantage of needing to find only one exploit. The company maintains that software complexity in well-designed systems like Firefox remains finite and human-comprehensible, suggesting that AI can help locate all existing defects rather than creating new categories of vulnerabilities beyond human understanding, provided that human-comprehensibility remains a core design principle.