Mozilla fixes 423 Firefox bugs in a month using AI agents

Mozilla's use of AI agents to fix Firefox security bugs marks a new era in software security. The significant increase in patch volume occurred after Mozilla engineers paired Anthropic's Claude with a custom "agentic harness" to automate vulnerability discovery.

This innovative harness was crucial, filtering out noise so effectively that, according to TechRadar, almost no false positives reached human reviewers. This high signal-to-noise ratio allowed engineers to trust and act on each AI-generated suggestion with confidence.

The results were staggering: Mozilla's team managed the influx by treating it as an incident-response sprint, funneling each verified bug through their established pipelines.

How the agentic harness worked

Mozilla's system used an AI to score code files for risk, then directed other AI agents to "fuzz" or attack them. A verifier agent confirmed any discovered crash was reproducible before creating a report for a human engineer, which dramatically reduced false positives and manual work.

The system functions by wrapping multiple LLM-driven agents around Mozilla's existing fuzzing infrastructure. A scoring subagent begins by ranking files based on memory-safety risk and browser exposure. Other agents then perform targeted fuzzing on high-risk files until they generate a reproducible crash. Only crashes that pass a final verification loop are flagged as GitHub issues for human engineers to patch.

Key components:

• File-scoring agent that prioritized risky code paths
• Fuzzing executor integrated with Firefox's sanitizers
• Crash verifier that reproduced issues under fresh builds
• Report formatter supplying PoCs and suggested patches
• Human-in-the-loop gate before merge

According to technical notes on ChatPRD, some stubborn bugs required more than 14 agent attempts to find a valid trigger. Grinstead emphasized that the orchestration was key, stating, "the harness did just as much work as the model." He also noted the architecture is replicable by other teams using standard vendor SDKs.

Severity breakdown and historical context

Anthropic's Claude identified a significant number of vulnerabilities in Firefox. In a prior pilot during January 2026, Claude Opus uncovered 22 vulnerabilities in Firefox, 14 of which received high-severity ratings from Mozilla, with fixes patched in Firefox 148.

The 14 high-severity bugs found represent approximately 20% of all high-severity Firefox bugs patched in 2025. The AI agents uncovered deeply embedded flaws that had remained in the codebase for years, including critical vulnerabilities for which Anthropic's AI wrote working exploits that Mozilla validated.

Implications for large codebases

Mozilla engineers emphasized that the specific AI model choice was less important than the orchestration system built around it. Using vendor SDK hooks, the team could implement monitoring, identity rules, and kill switches without major engineering overhead. Grinstead argues this proves that future productivity gains in security will likely stem from purpose-built tooling, not just from developing larger LLMs.

The team also acknowledged the dual-use nature of this technology, as attackers could adopt similar automated pipelines. However, defenders currently hold an advantage: they can combine static code analysis with live agent fuzzing on private, internal codebases. Mozilla's success suggests that a well-designed system with disciplined verification loops can tip the cybersecurity balance in favor of defenders.

---

FAQ: How Mozilla fixed Firefox bugs with AI agents

3.1 What exactly did Mozilla achieve?

Mozilla shipped security fixes for Firefox using AI assistance.
- The AI-assisted approach significantly increased their bug discovery rate compared to traditional methods.
- Many of the fixes came from Anthropic's Claude; 22 earlier fixes came from a pilot testing program.
Source: Mozilla Hacks, The Register

3.2 How did the "agentic harness" work?

Brian Grinstead's team built a lightweight orchestration layer around the LLM instead of retraining the model:
1. File scoring: an LLM judge ranked every file by memory-safety risk and web exposure.
2. Agent swarm: sub-agents then fuzzed the top-ranked files, retrying each test case up to 14 different ways to trigger a crash.
3. Two-stage verification: every crash had to be reproducible in a fresh build; a second agent then audited the report quality before human review.
This cut false positives to near zero and let human engineers focus only on confirmed vulnerabilities.
Source: ChatPRD deep-dive

3.3 Why didn't earlier AI security tools scale?

Earlier tools produced "unwanted slop" - long lists of noisy alerts.
- Many alerts were false positives in earlier industry pilots.
- Mozilla's key insight: the harness matters more than the model. By combining vendor SDKs with simple scoring, verification, and fuzzy-build integration, the team turned generic LLMs into focused bug-hunters without extra model tuning.
Mozilla's approach now gives other organizations similar building blocks.
Sources: Mozilla engineering interviews

3.4 What kinds of bugs were uncovered?

The AI hunt revealed long-standing flaws:
- Sandbox escapes that could let malicious sites escalate privileges.
- Memory-safety bugs in media codecs and JavaScript engines.
- Boundary-condition errors that evaded traditional fuzzers because they required very specific interaction sequences - sequences the AI agents eventually reproduced after up to 14 attempts.
Anthropic's AI wrote working exploits for some bugs to prove exploitability before Mozilla patched them.
Sources: Mozilla advisories

3.5 Can other teams replicate these results?

Yes - Mozilla's stack is deliberately simple:
- Agent SDKs (any vendor) + file scoring script + repro-verifier loop.
- The team open-sourced a starter harness template (see example workflow) so others can fork it for their own codebases.
- Early adopters report faster triage and fewer false positives within weeks of deployment.
Grinstead's advice: "Start with one high-risk module, add the loop, then expand."