Mozilla says Anthropic’s Mythos is ‘every bit as capable’ as ‘the world’s best security researchers’ after Firefox experiment — and says the ‘zero-days are numbered’
Mythos matches top security researchers, finding 22 critical Firefox bugs instantly.
Mozilla partnered with Anthropic to test an early version of the Claude Mythos Preview model against its Firefox browser code, yielding dramatic results. In a single round of testing, the AI identified 22 security-sensitive bugs—all fixed before Firefox's latest release—along with 90 other non-critical bugs. Mozilla concluded that Mythos Preview is 'every bit as capable' as the world's best security researchers, marking a significant shift in automated vulnerability discovery.
Traditional automated tools like fuzzers probe systems at scale but unevenly, missing complex bugs that require reasoning through code interactions. Elite human researchers excel at this but are scarce and slow. Mythos bridges this gap by reasoning through source code like a human, but at machine speed. Mozilla notes that 'computers were completely incapable of doing this a few months ago, and now they excel at it.' The immediate challenge shifted from discovery to fixing, as the AI found hundreds of bugs at once, overwhelming traditional response workflows.
- Mozilla's experiment with Anthropic's Claude Mythos Preview found 22 security-sensitive bugs and 90 other bugs in Firefox in one round
- Mythos matches elite human researchers by reasoning through source code to find vulnerabilities that fuzzers miss
- Mozilla says this closes the gap between machine-discoverable and human-discoverable bugs, eroding attackers' long-term advantage
Why It Matters
AI-driven vulnerability discovery could flip the cybersecurity balance, making zero-days cheap for defenders and costly for attackers.