$4,000 vs $4,000,000: The Case That Proves Your Next Hire Won't Be Human

An AI agent found more bugs in Firefox in 2 weeks than the entire bug bounty program found in 2 months. Cost: less than a monthly salary. Mozilla has been paying the world's best hackers to find Firefox vulnerabilities for 22 years. Since 2004, when they launched the industry's first bug bounty program, they've paid over $4,000,000 to security researchers. In February 2026, Anthropic unleashed Claude Opus on Firefox's codebase. In 2 weeks, it found 22 security vulnerabilities. 14 classified as high severity. To put that in perspective: those 14 vulnerabilities represent nearly 20% of all high-severity bugs Firefox patched in all of 2025. The Numbers That Hurt This is what blew my mind when we discussed it on a recent podcast episode: Mozilla's bug bounty program: 22 years of operation (since 2004) Over $4,000,000 paid to researchers Pays up to $6,000 per high-severity bug Thousands of human researchers participating Claude Opus (2 weeks): Scanned ~6,000 C++ files from the JavaScript en