In April, Anthropic introduced its Mythos model, cautioning developers about its powerful software vulnerability detection capabilities. This model identified numerous critical bugs that needed resolution before public release. Mozilla’s Firefox security researchers have now illustrated the process and implications for software security. A recent post by Mozilla revealed that Mythos uncovered high-severity bugs, some over a decade old. This marks progress compared to AI security tools from six months ago, which often produced low-quality reports. Mozilla’s team highlights improvements in harnessing AI, noting dramatic changes in recent months.
In April 2026, Firefox released 423 bug fixes, compared to 31 the previous year, and detailed 12 bugs, including long-standing and complex vulnerabilities. Brian Grinstead, Mozilla’s distinguished engineer, acknowledged the effectiveness of these new tools across the industry.
Notably, Mythos revealed vulnerabilities in Firefox’s sandbox system, which requires complex multi-step processes to exploit. Mozilla’s bug bounty program offers substantial rewards for discovering such issues, but Mythos has identified more than human researchers. Although AI isn’t yet used to fix bugs, the code it produces serves as a model for human engineers to develop patches.
The long-term impact of AI on cybersecurity remains uncertain. Many bugs found by Mythos likely remain unpatched, posing potential risks. While Anthropic adheres to responsible disclosure, bad actors might deploy similar techniques. Anthropic CEO Dario Amodei is optimistic about the potential improvements in defense, but Grinstead remains cautious, acknowledging the tool’s usefulness for both attackers and defenders, with uncertainty about the overall advantage.