Mozilla used a Claude preview to harden Firefox. The numbers are worth looking at.

Mozilla published a write-up this week describing how they used a preview Claude model from Anthropic to audit Firefox's C++ codebase for memory safety issues. The post reports several hundred real vulnerabilities surfaced and a substantial portion already patched in production. I'd encourage you to read the original rather than rely on a number I've rounded; the more interesting story is qualitative anyway.

What stuck out to me is one paragraph in particular, which I'll paraphrase from the post: just a few months earlier, AI-generated security reports to open source projects were known mainly for being slop. Reports that look plausibly correct but turn out to be wrong are an active burden on maintainers, who already have too few hours and too many issue trackers. That was the consensus through most of 2025. Mozilla's write-up is, among other things, a public statement that the consensus has shifted.

The mechanics are unsurprising in retrospect. Mozilla didn't point a model at the codebase and merge whatever it produced. They built a triage pipeline. The model generates candidates at high volume. Security engineers validate. The Firefox team patches. The false-positive rate is high — most candidates went nowhere — but the precision was high enough on real bugs that the math worked. Hours of model-generated noise are cheaper than weeks of manual review when even a small fraction of the noise contains real findings.

This is the same pattern that has worked for static analysis for decades, with one important difference. Static analysis tools were tuned by humans for one bug class at a time, slowly. A reasoning model can be pointed at a codebase with a prose description of "memory safety, use-after-free, races in async paths, authentication edge cases" and produce candidate findings without the years of rule-writing.

For anyone running agents in production, the read is straightforward. Code that an agent writes — or that an agent's tools touch — needs the same kind of review. Not because the agent is malicious, but because anything that produces code at the rate an agent can produce code outpaces a human reviewer's attention budget. The fix is more automation on the review side, with a triage layer that filters before a human sees anything.

We've been running a version of this for our own deployments. The agents that make code changes get reviewed by a separate pass with a security-focused prompt, and then a human looks at whatever survives. The numbers we see internally are noisier than Mozilla's, but the pipeline shape is the same, and the shape is what matters.

A couple of things to be honest about. The precision rate Mozilla reports is on a single, very mature codebase with a strong existing security culture. Smaller, messier projects will see different numbers. And "Mythos preview" or whatever the unreleased model in question is named is, by definition, not generally available — your mileage with the production version will vary. The right read is not "Claude found 387 bugs, therefore agentic security review is solved." It's that the floor moved, and the techniques that didn't work last year are starting to work this year.

If you're shipping agents that touch customer data, this is a good week to dust off the security review pass you've been meaning to add.