The problem is "secure" is a vague term and thus easy to gamify.

eg is it secure because of fewer CVEs? You'd probably expect fewer CVEs because it is newer, so that doesn't mean it is more "secure" in any meaningful way but it's definitely an easy position to defend if someone were to challenge Microsoft's claim.

Look up the number of CVEs by OS and you'll find the results are... amusing.

Not if the claim contains "ever". They would need to prove that Windows 11 has fewer vulnerabilities than e.g. MS-DOS 6.22.

how secure is MS-DOS 6.22 though. sure, there's no networking access, but is the code secure in other ways? what kind of code was just never exposed to fully reveal how fragile they were? there has always been software slightly less fragile than a house of cards. people were just much less incentivized to poke them the way they are today