Mozilla says it fixed 423 Firefox security bugs in one month with AI help

Simon Willison flags a striking number from Mozilla: Firefox fixed 423 security bugs in April 2026 with help from a preview of Claude Mythos, against a 2025 monthly average of 20 to 30. The jump is large enough to deserve scrutiny, and Willison is careful about what it does and does not show.

What the figure covers is not spelled out. Mozilla says many of the harness's attempts were stopped by Firefox's existing defense-in-depth, so the count sits closer to "issues surfaced and fixed" than "exploitable holes that were open." Willison's read is that the real shift is AI bug reports moving from unwanted noise to something worth a maintainer's time, and he credits better harnessing of the models, steering, scaling, and stacking them, more than raw model capability. He links Mozilla's own writeup for the details he does not have. You can read his note on Simon Willison's blog.

Why it matters

This is one of the first concrete, numeric data points that AI bug-finding has crossed from slop to useful at scale on a large, real codebase. Treat it as promising, not settled. The unspecified scope and the defense-in-depth caveat are exactly what you should check before drawing conclusions for your own project.