The economics of vulnerability discovery just broke. In twenty minutes, Claude Opus 4.6 found a novel use-after-free memory bug in Firefox — one of the most audited codebases on the internet, backed by millions of CPU hours of continuous fuzzing. That single result is a waypoint on a documented curve: from GPT-4 exploiting 87% of known one-day vulnerabilities with 91 lines of LangChain code in 2024, to Anthropic's red team finding 500+ high-severity zero-days in well-maintained open-source software in early 2026, to a live collaboration with Mozilla that found 22 Firefox vulnerabilities in two weeks. We are in a window: finding is democratized, reliable exploitation still has friction. This episode documents the curve, names what's most at risk, and argues for what defenders must do before the gap closes.
