How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity - BERITAJA

When Anthropic unveiled its caller Mythos exemplary successful April, it besides delivered a stern informing to anyone processing software. The exemplary was truthful powerful astatine sniffing retired package vulnerabilities, the laboratory claimed, that it had discovered thousands of high-severity bugs that would request to beryllium fixed earlier it could beryllium made public.

Now, information researchers for Mozilla’s Firefox browser are providing a person look astatine what that process has looked for illustration successful practice, and what Mythos’ powers mean for package information astatine large.

In a station published connected Thursday, Mozilla said Mythos has unearthed a wealthiness of high-severity bugs, including immoderate that had lain dormant successful the codification for much than a decade.

That’s a important betterment from what AI information devices were could of moreover six months ago. Until now, AI bug-finding devices person travel pinch terrible drawbacks, often inundating information teams pinch low value reports and mendacious positives. But Mozilla’s researchers opportunity the latest procreation of devices person turned a corner, peculiarly now that agentic systems could measure their ain activity and select retired bad results.

“It is difficult to overstate really overmuch this move changed for america complete a fewer short months,” the researchers wrote. “First, the models sewage a batch much capable. Second, we dramatically improved our techniques for harnessing these models.”

Image Credits:Firefox

The results are striking: In April 2026, Firefox shipped 423 bug fixes, compared to conscionable 31 precisely a twelvemonth earlier. The researchers person besides published specifications connected 12 of the bugs, which scope from a brace of different sandbox vulnerabilities, to a 15-year-old correction successful really the browser parses an HTML element.

“These things are really conscionable abruptly very good,” Brian Grinstead, a distinguished technologist astatine Mozilla, told TechCrunch. “We spot that connected our ain soul scanning, we spot that connected outer bug reports, and we spot that successful each sorts of signals crossed the industry.”

The truth that the strategy helped uncover vulnerabilities successful Firefox’s “sandbox” strategy is peculiarly impressive, fixed really intricate an onslaught that exploits it needs to be. To find sandbox vulnerabilities, the exemplary must constitute a compromised spot for the browser, past onslaught the about unafraid portion of the package pinch the caller codification implemented. Finding and demonstrating the bug is simply a delicate, multi-step process, requiring some productivity and adjacent attention. 

To put this into context, Mozilla’s bug bounty program pays researchers who could find a bug successful Firefox’s sandbox up to $20,000 — the highest reward available. Despite the top-dollar bounty, however, Grinstead says Mythos is uncovering much sandbox issues than quality researchers ever did. “We do get them,” he told TechCrunch, “but not astatine the measurement that we are capable to find pinch this technique.”

Notably, the Firefox squad still isn’t utilizing AI to hole the bugs, contempt well-documented advancement successful AI coding tools. The squad does inquire AI to codification up patches for each bug, but the resulting codification usually can’t beryllium deployed directly, and alternatively serves arsenic a exemplary for a quality engineer.

“For the bugs we’re talking about successful this post, each azygous 1 is 1 technologist penning a spot and 1 technologist reviewing it,” Grinstead says. “We person not recovered it to beryllium automatable.”

It’s still not clear really AI’s emerging capabilities will alteration the broader equilibrium of powerfulness successful cybersecurity. One period since Mythos was previewed, about of the bugs discovered apt haven’t been patched, which makes it difficult to seizure the afloat scope of their impact. Anthropic has been scrupulous about pursuing responsible disclosure norms, but it’s apt bad actors are utilizing akin techniques down the scenes, moreover if the models they’re utilizing aren’t rather arsenic good.

Speaking astatine a caller event, Anthropic CEO Dario Amodei was optimistic that the caller devices would yet favour defenders. “If we grip this right, we could beryllium successful a amended position than we started, because we fixed each these bugs. There are only truthful galore bugs to find,” Amodei said. “So I deliberation there’s a amended world connected the different broadside of this.”

Having dealt pinch the gritty details, Grinstead has a much measured view: “It’s useful for some attackers and defenders, but having the instrumentality disposable shifts the advantage a small spot to defense. Realistically, cipher knows the reply to this yet.”