Anthropic’s Claude Mythos Preview and Mozilla’s record patch batch suggest AI bug-finding could finally tip software security toward defenders. But penetrate-and-patch is the wrong end state. AI’s lasting contribution to security will come from making whole classes of vulnerability impossible to express in the first place.