When Anthropic announced its new Mythos model in April, it also issued a stark warning to those developing the software. The institute says its model is extremely powerful at sniffing out software vulnerabilities, finding thousands of high-severity bugs that need to be fixed before they can be released publicly.
Now, security researchers for Mozilla’s Firefox browser are taking a closer look at what that process actually looks like and what the power of Mythos means for overall software security.
In a post published Thursday, Mozilla said Mythos had discovered a wealth of high-severity bugs, including some that had been dormant in the code for more than a decade.
This is a significant improvement over the capabilities of AI security tools six months ago. Until now, AI bug-finding tools have had significant shortcomings, often inundating security teams with low-quality reports and false positives. But Mozilla researchers say they have turned a corner, especially with the latest generation of tools that allow agent systems to evaluate their own work and filter out bad results.
“It is difficult to overstate how much this dynamic has changed us in the short space of a few months,” the researchers wrote. “First, the power of the models has increased dramatically. Second, the technology for leveraging these models has improved dramatically.”
The results were amazing. In April 2026, Firefox shipped 423 bug fixes, compared to just 31 just a year earlier. The researchers also published details about 12 bugs. These range from two unusual sandbox vulnerabilities to a 15-year-old error in the way browsers parse HTML elements.
Brian Grinstead, a prominent Mozilla engineer, told TechCrunch: “We’re seeing it in our own internal scans, in external bug reports, and in all kinds of signals across the industry.”
tech crunch event
San Francisco, California
|
October 13-15, 2026
The fact that this system helped expose vulnerabilities in Firefox’s “sandbox” system is especially impressive, considering how complex an attack that exploits this system would have to be. To find sandbox vulnerabilities, the model must create a compromised patch for the browser and attack the most secure part of the software with the new code implemented. Finding and demonstrating bugs is a delicate, multi-step process that requires creativity and care.
To put this into context, Mozilla’s bug bounty program pays out up to $20,000 to researchers who discover bugs in Firefox’s sandbox. This is the highest bounty available. But despite the top bounty, Grinstead says Mythos is discovering more sandbox problems than human researchers have ever found. “We do have it, but it’s not in the amount that we’re going to find with this technology,” he told TechCrunch.
Notably, despite the well-documented advances in AI coding tools, the Firefox team still does not use AI to fix bugs. The team asks the AI to code a patch for each bug, but the resulting code typically cannot be directly deployed and instead serves as a model for human engineers.
“For each bug mentioned in this article, one engineer created a patch and one engineer reviewed it,” Grinstead said. “I didn’t know it was automatable.”
It is not yet clear how new capabilities in AI will change the broader balance of power in cybersecurity. It’s been a month since Mythos was previewed, but most of the bugs discovered may not have been patched, making it difficult to know the full extent of their impact. Anthropic has been very careful to follow responsible disclosure standards, but even if the model they use isn’t that great, bad actors may be using similar techniques behind the scenes.
Anthropic CEO Dario Amodei expressed optimism at a recent event that the new tools will ultimately give defenders an edge. “If we handle this correctly, we may be in a better position than we were in the beginning because we fixed all these bugs. There are so many bugs to find,” Amodei said. “So I think there’s a better world out there on the other side of this.”
Grinstead takes a more cautious view after dealing with the nitty-gritty details. “This is useful for both attackers and defenders, but once the tools are available, the advantage shifts a little bit to the defenders. Realistically, no one knows the answer to this yet.”
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
