Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox
Lily Hay Newman Security Apr 21, 2026 2:30 PM Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn...
Anthropic — What company has the best second artificial intelligence model at the end of June?
A striking development has emerged in artificial intelligence. Lily Hay Newman Security Apr 21, 2026 2:30 PM Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition. Photograph: SOPA Images/Getty Images Comment Loader Save Story Save this story Comment Loader Save Story Save this story Amid a raging debate over the impact that new AI models will have on cybersecurity, Mozilla said on Tuesday that its Firefox 150 browser release this week includes protections for 271 vulnerabilities identified using early access to Anthropic's Mythos Preview . The Firefox team says that it has taken resources and discipline to adjust to the firehose of bugs that new AI tools can uncover, but that this big lift is necessary for the security of Mozilla’s users, given that the capabilities will inevitably be in attackers’ hands soon.
Both Anthropic and OpenAI have announced new AI models in recent weeks that the companies say have advanced cybersecurity capabilities that could represent a turning point in how defenders—and, crucially, attackers—find vulnerabilities and misconfigurations in software systems. With this in mind, the companies have so far only done limited private releases of their new models, and both have also convened industry working groups meant to assess the advances and strategize. In practice, though, cybersecurity experts have a range of views on how consequential the new capabilities will be.
Technical Details
Mozilla's experience, at least in the short term, shows that AI tools like Mythos Preview could have a profound impact for vulnerability hunters. “Our belief is that the tools have changed things dramatically, because now we have automated techniques that can cover, as far as we can tell, the full space of vulnerability-inducing bugs,” says Bobby Holley, Firefox's chief technology officer. For years, he says, Firefox and other organizations have relied on a combination of automated vulnerability hunting techniques, like software fuzzing , and manual vulnerability hunting by internal and external researchers to find and fix flaws.
And attackers have had these same tools and methods at their disposal. “There were categories of bugs that you could find with human analysis that you couldn’t find with automated analysis and, therefore, it was always possible if you were a threat actor and you were willing to spend many millions of dollars to find a bug—we tried to drive the price of that as high as possible,” Holley says. Holley now says that emerging AI capabilities will create a sort of bootcamp that all software will have to go through one way or the other to find and fix a set of latent vulnerabilities in their code.
Companies like Anthropic and OpenAI seem to be trying to get as many major players as possible to go through this overhaul before the capabilities are more widely available.
This advance offers important signals about the future of the sector, and the tech world is watching closely.
