How Anthropic’s Mythos has rewritten Firefox’s approach to cybersecurity

When Anthropic unveiled its new Mythos model in April, it also issued a stern warning to anyone developing software. The model was so powerful in detecting software vulnerabilities, the laboratory claimedthat it had discovered thousands of very serious bugs that needed to be fixed before it could be made public.

Now, security researchers for Mozilla’s Firefox browser are providing a better understanding of what that process has looked like in practice, and what Mythos’ powers mean for software security overall.

In a message published on ThursdayMozilla said Mythos has discovered a wealth of very serious bugs, including some that have been dormant in the code for more than a decade.

That’s a significant improvement over what AI security tools were capable of even six months ago. Until now, AI bug tracking tools have had serious drawbacks, often leaving security teams inundated with low-quality reports and false positives. But Mozilla researchers say the latest generation of tools has turned a corner, especially now that agentic systems can review their own work and filter out bad results.

“It is difficult to overstate how much this dynamic has changed for us in a few short months,” the researchers wrote. “First, the models have become much more capable. Second, we have dramatically improved our techniques use these models.”

The results are striking: in April 2026, Firefox released 423 bug fixes, compared to just 31 exactly a year earlier. The researchers also published details about twelve of the bugs, ranging from a few unusual sandbox vulnerabilities to a fifteen-year-old flaw in the way the browser parses an HTML element.

“These things are actually suddenly really good,” Brian Grinstead, a leading engineer at Mozilla, told TechCrunch. “We see that in our own internal scans, we see that in external bug reports, and we see that in all kinds of signals across the industry.”

The fact that the system helped expose vulnerabilities in Firefox’s “sandbox” system is particularly impressive considering how complex an attack that exploits it would have to be. To find vulnerabilities in the sandbox, the model must write a compromised patch for the browser and then attack the most secure part of the software with the new code implemented. Finding and demonstrating the bug is a delicate, multi-step process that requires both creativity and close attention.

To put this into context, Mozilla’s bug bounty program will pay researchers who can find a bug in Firefox’s sandbox up to $20,000 – the highest reward available. Despite the high bounty, however, Grinstead says Mythos finds more sandbox problems than human researchers ever have. “We do get them,” he told TechCrunch, “but not in the quantity we can find with this technique.”

Notably, the Firefox team still isn’t using AI to fix the bugs, despite well-documented advances in AI coding tools. The team does ask AI to code patches for each bug, but the resulting code usually cannot be implemented directly and instead serves as a model for a human engineer.

“For the bugs we’re talking about in this post, they’re all one engineer writing a patch and one engineer reviewing it,” says Grinstead. “We haven’t found that it can be automated.”

It is still not clear how AI’s emerging capabilities will change the broader balance of power in cybersecurity. A month into Mythos’ review, most of the bugs discovered are likely unpatched, making it difficult to capture the full extent of their impact. Anthropic has been scrupulous about following responsible disclosure standards, but it’s likely that bad actors are using similar techniques behind the scenes, even if the models they use aren’t that good.

Speak at a recent eventAnthropic CEO Dario Amodei was optimistic that the new tools would ultimately benefit defenders. “If we get this right, we could be in a better position than when we started because we’ve fixed all these bugs. There are only so many bugs to find,” Amodei said. “So I think there’s a better world on the other side of this.”

After going over the rough details, Grinstead has a more measured opinion: “It’s useful for both attackers and defenders, but having the tool available shifts the advantage a bit to the defense. Realistically, no one knows the answer to this yet.”