- Mozilla used Anthropic’s Mythos Preview model to find and patch 271 vulnerabilities in Firefox 150.
- Firefox CTO Bobby Holley says AI now covers the ‘full space’ of vulnerability categories humans can discover.
- The AI didn’t find bugs beyond human capability—yet—but it scaled discovery dramatically faster.
Mozilla’s Firefox 150 release includes patches for 271 security vulnerabilities, and the foundation credits Wired with using Anthropic’s Mythos Preview model to find them. It’s a concrete data point in the ongoing debate about whether emerging AI cybersecurity capabilities will fundamentally change how software is defended.
“So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t,” Mozilla said in a statement to Engadget. The foundation adds that AI tooling didn’t turn up any bugs a determined human team wouldn’t eventually uncover given enough time and resources.
“Our belief is that the tools have changed things dramatically, because now we have automated techniques that can cover, as far as we can tell, the full space of vulnerability-inducing bugs,” says Bobby Holley, Firefox’s chief technology officer, according to Techmeme.
The Security Bootcamp for All Software
For years, organizations have relied on a combination of automated fuzzing and manual vulnerability hunting to find flaws—and attackers have used the same methods. Holley says the new AI capabilities will create a mandatory bootcamp for every piece of software: each application will need an AI-assisted audit to surface latent bugs before attackers do.
“Every piece of software is going to have to make this transition, because every piece of software has a lot of bugs buried underneath the surface that are now discoverable,” Holley explained. “This is a transitory moment that is difficult and requires coordinated focus and a lot of grit to get through, but I believe that it is a finite moment.”
The Mozilla blog post indicates that Mythos accelerated discovery dramatically—271 vulnerabilities in a single release cycle—while still operating within human-expertise boundaries. Whether that changes as models improve remains uncertain. Earlier Frontierbeat coverage of Mythos’s capabilities and the separate incident of unauthorized access to the model on Discord provide important context about the technology’s dual-use nature.
AI Finds What’s There—No More, No Less
The results validate Anthropic’s Project Glasswing, the initiative behind Mythos Preview. While company announcements naturally highlight successes, third-party validation from Mozilla carries additional weight. The foundation’s explicit note that Mythos didn’t exceed human capability is a noteworthy constraint amid broader concerns about AI-powered offense.
Mozilla acknowledged in its blog post that Anthropic’s buzzy announcement about AI cybersecurity earlier this month faced skepticism—a reality the foundation itself recognized. For now, the tally stands at 271 bugs found and fixed across Firefox’s latest release. The open question is how long it will take before AI starts surfacing vulnerabilities that would have remained hidden for decades.
The improvement comes from systematic tooling, not magic. Firefox’s team has warned that software developers are likely in for a rocky transition as these capabilities mature and more organizations adopt them.