By ByteBot
Mozilla released Firefox 150 last month. Buried in the release notes: 271 security fixes. Not 27. Not 7. Two hundred and seventy-one — all discovered by running Anthropic’s Claude Mythos against the codebase before release, in a matter of weeks. That’s more than human security teams had found in the prior 18 months combined. This is not a future trend. It has already happened, and the AI vulnerability discovery arms race is now fully underway.
Three AI Systems. One Month. Hundreds of Bugs.
The Mozilla disclosure is not an isolated experiment. In May alone, three independent AI vulnerability systems published concrete numbers — and collectively, they’ve changed the security calculus for everyone who ships software.
Microsoft quietly revealed MDASH (Multi-model Agentic Scanning Harness) alongside this month’s Patch Tuesday: an internal system that orchestrates over 100 specialized AI agents to autonomously discover, validate, and prove exploitable bugs. MDASH found 16 of the 118 CVEs in May’s release, including two critical remote code execution flaws with CVSS scores above 9. One — CVE-2026-33824 — allows unauthenticated RCE via a crafted IKE v2 packet. The kind of vulnerability that can own a network without credentials. Microsoft VP Taesoo Kim put it plainly: “AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale.”
Meanwhile, Apple patched 52 vulnerabilities in May using Anthropic’s Project Glasswing — more than double its typical monthly output. Apple is one of 12 companies in the Glasswing consortium, alongside Amazon and Cisco. For context: Microsoft is already on pace to exceed 2020’s all-time record of 1,245 annual CVEs patched. We’re halfway through the year with over 500 addressed.
Back to those 271 Firefox bugs. Mozilla’s breakdown is worth sitting with: 180 were rated sec-high, meaning exploitable by ordinary user behavior — visiting a malicious webpage. Eighty were sec-moderate. Eleven sec-low. Some had survived in the codebase for up to 20 years, evading every human code review and fuzzing session thrown at them. Mozilla offered one important nuance: “We also haven’t seen any bugs that couldn’t have been found by an elite human researcher.” AI isn’t magic. It’s exhaustive in a way humans simply cannot afford to be.
The Other Side Already Has This
If the above is alarming, here’s the part that should genuinely concern every security-conscious developer: attackers are not waiting for a memo.
On May 11, Google Threat Intelligence Group confirmed the first known AI-generated zero-day exploit caught in the wild. A cybercrime group used AI to develop a working 2FA bypass targeting an open-source web administration tool, intended for a mass exploitation campaign. Google intercepted it before deployment and worked with the vendor to close the gap. The tell that it was machine-generated? Overly explanatory code comments and a hallucinated CVSS score. Sloppy — but functional. The capability is now proven in production.
The defenders-versus-attackers framing used to favor attackers by design: they needed one viable path; defenders needed comprehensive coverage. AI is eroding that asymmetry — but simultaneously, for both sides. Palo Alto Unit 42 warns the industry is already trending from “N-days” to “N-hours” for exploitation timelines after a CVE drops. The window your team has to respond is shrinking fast.
Your Patching Workflow Needs a Rebuild
Quarterly security reviews made sense when vulnerability discovery was slow and manual. They don’t anymore. Oracle just announced a move from quarterly to monthly Critical Security Patch Updates, effective May 28 — a direct response to the volume surge driven by AI discovery. Firefox now releases weekly security updates. The cadence signal from major vendors is unambiguous.
For development teams, the patch window is actually three overlapping sub-windows: proof (confirm you’re exposed), mitigation (reduce exploitability while you prepare the fix), and deployment (roll it out). Running these sequentially is no longer viable. Compress them in parallel or accept materially higher risk. The Verizon DBIR 2026 data already showed exploits outranking stolen credentials as the top initial access vector — and that report predates this month’s acceleration.
Practical starting points: run syft and grype against your dependency graph regularly so you have a current SBOM before a CVE hits, not after. Stop prioritizing solely by CVSS score — management planes, remote access tools, and file transfer services deserve accelerated response regardless of numerical severity. And if you are not already scanning commits with an AI security tool, Mozilla’s 271-bug haul shows precisely what your pipeline is currently missing.
Defenders Have a Chance — Use It
Mozilla’s framing deserves to land: “Defenders finally have a chance to win, decisively.” The same tools that found 271 Firefox bugs before release are available to any team. MDASH is entering private preview. Mythos is available via API. Mozilla is open-sourcing its scanning pipeline so development teams can integrate it into CI/CD on every commit.
Furthermore, the asymmetric disadvantage defenders have carried for decades — attackers need one bug; defenders need zero — is now contested ground. AI can scan comprehensively in ways no human team could. However, that advantage only materializes if you actually run the tools. The era of periodic, checkbox-style security reviews is ending. AI has turned vulnerability discovery into a continuous engineering discipline. The question is no longer whether your codebase has hidden bugs. It’s whether you find them first.
