How Anthropic’s Mythos rewrote Firefox’s approach to cybersecurity

When Anthropic unveiled the new Mythos model in April, it also issued a stern warning to anyone developing software. The model was so effective at discovering software vulnerabilities, the lab claimed, that it discovered thousands of high-risk bugs that needed to be fixed before they could be made public.

Now, security researchers at Mozilla’s Firefox browser offer a closer look at what this process looks like in practice, and what Mythos powers mean for software security more generally.

In a post published on Thursday, Mozilla said Mythos discovered a wide range of high-risk bugs, including some that had been lurking in the code for more than a decade.

This is a huge improvement over what AI security tools were capable of even six months ago. Until now, AI-based bug detection tools have been severely flawed, often inundating security teams with low-quality reports and false positives. But Mozilla researchers say the latest generation of tools has turned a corner, especially now that proxy systems are able to evaluate their work and filter out bad results.

“It is difficult to overstate how much this dynamic has changed for us in just a few short months,” the researchers wrote. “First, the models have become much more capable. Second, we have greatly improved our technology Harness These models.”

The results were astonishing: In April 2026, Firefox shipped 423 bug fixes, compared to just 31 the exact year before. The researchers have also published details of 12 bugs, which range from a pair of unusual sandbox vulnerabilities, to a 15-year-old bug in how the browser parses an HTML element.

“This stuff is suddenly very good,” Brian Grinstead, a distinguished engineer at Mozilla, told TechCrunch. “We see that in our internal scanning, we see that in external bug reports, we see that in all kinds of signals across the industry.”

The fact that the system helped expose vulnerabilities in Firefox’s “sandbox” system is particularly impressive, given how sophisticated the attack exploiting it must have been. To find vulnerabilities in the sandbox, the model must write a compromised patch for the browser, and then attack the most secure part of the software with the new code applied. Finding and revealing a bug is a delicate, multi-step process, requiring creativity and close attention.

To put this in context, Mozilla’s bug bounty program pays researchers who can find a bug in the Firefox sandbox up to $20,000 — the highest bounty available. Despite the big reward, Grinstead says Methos has discovered more problems than human researchers have ever discovered. “We’ve got them, but not on the scale we can find using this technology,” he told TechCrunch.

Notably, the Firefox team still isn’t using AI to fix bugs, despite well-documented progress in AI coding tools. The team asks the AI ​​to code corrections for each bug, but the resulting code typically cannot be published directly, instead serving as a template for a human engineer.

“For the bugs we talk about in this post, each one is one engineer writing a patch and one engineer reviewing it,” Grinstead says. “We didn’t find it to be automatable.”

It remains unclear how emerging AI capabilities will change the broader balance of power in cybersecurity. One month after the Mythos Preview, most of the bugs discovered have likely not been patched, making it difficult to recognize the full extent of their impact. Anthropic has been very careful to follow responsible disclosure standards, but it’s possible that bad actors are using similar techniques behind the scenes, even if the models they use aren’t quite as good.

Speaking at a recent event, Anthropic CEO Dario Amodei was optimistic that the new tools will eventually favor defenders. “If we handle this right, we might be in a better position than we started, because we fixed all these bugs,” Amodei said. “There are only very few bugs to be found.” “So I think there’s a better world on the other side of this.”

Having grappled with the nitty-gritty, Grinstead has a more nuanced view: “It’s useful for both attackers and defenders, but having the tool available shifts the advantage a little bit to the defense. Realistically, no one knows the answer to this yet.”