Firefox ships 423 bug fixes after Mythos finds vulnerabilities
Updated
Updated · TechCrunch · May 7
Firefox ships 423 bug fixes after Mythos finds vulnerabilities
13 articles · Updated · TechCrunch · May 7
Mozilla said Thursday the April total was up from 31 a year earlier, and included flaws dormant for more than a decade, with details released on 12 bugs.
Researchers said Anthropic's model found unusually complex sandbox vulnerabilities at volumes beyond human bug hunters, though engineers still wrote and reviewed every production patch manually.
Mozilla said newer agentic AI tools are producing fewer false positives, but many discovered bugs across software may remain unpatched, leaving uncertainty over whether the technology ultimately favours defenders or attackers.
Will AI's ability to find old, hidden bugs ultimately lead to a more secure digital world, despite the immediate risks?
If cheap AI can find critical bugs, how can smaller open-source projects possibly defend against state-level AI attacks?
How Claude Mythos AI Discovered 271 Vulnerabilities in Firefox 150, Redefining Software Security
Overview
In May 2026, Mozilla released Firefox 150, applying Anthropic's advanced Claude Mythos AI to its codebase, which enabled the discovery and patching of 271 security vulnerabilities, including 40 critical ones. This breakthrough marked a major shift in software security, giving defenders a powerful new advantage by accelerating vulnerability discovery and remediation. However, the update also introduced challenges such as logistical strain on engineering teams, risks of AI-generated code complexity, and unequal access to these elite AI tools. Meanwhile, the dual-use nature of such AI raises concerns about attackers gaining similar capabilities, prompting efforts like Anthropic's Project Glasswing and calls for balanced governance to ensure security and equity in an evolving AI-driven cybersecurity landscape.