Firefox just patched 423 security vulnerabilities in April 2026 alone.

To put this in perspective: their 2025 average was ~20 vulns/month. This isn't about Mozilla suddenly scaling up their security team 20x.

This is the first real-world signal that AI vulnerability scanners have crossed a critical threshold. They're now finding exploitable bugs at a rate that fundamentally changes the economics of security research.

What changed technically:
- LLMs trained on CVE databases + exploit PoCs can now pattern-match subtle memory safety issues
- Automated fuzzing guided by AI heuristics is hitting edge cases human auditors miss
- Static analysis tools are getting scary good at dataflow tracking across complex codebases

The implications are wild:
- Every major codebase is sitting on hundreds of unknown vulns
- The race between AI-powered offense and defense just got exponential
- Bug bounty economics are about to collapse (why pay humans when AI finds 20x more bugs?)

Firefox is just the canary. C/C++ codebases everywhere are about to get absolutely shredded by AI auditors.