Mozilla reveals AI method finds 271 Firefox security flaws
Updated
Updated · Ars Technica · May 7
Mozilla reveals AI method finds 271 Firefox security flaws
1 articles · Updated · Ars Technica · May 7
Engineers said Anthropic Mythos, paired with a custom harness, uncovered the bugs over two months with almost no false positives.
Mozilla said the harness let the model use project-specific instructions, files, test cases and the same Firefox build and pipeline used by human developers.
The company said earlier AI vulnerability scans produced hallucinated reports, but improved models and tailored tooling now make large-scale automated bug hunting more practical.
As AI finds vulnerabilities faster than humans can fix them, how will the industry manage the growing backlog of known security flaws?
Is 'harness engineering,' not just bigger AI models, the true key to unlocking practical AI capabilities in complex, real-world tasks?
AI-Powered Breakthrough: 271 Firefox Vulnerabilities Discovered and Patched in Weeks
Overview
In April 2026, Mozilla partnered with Anthropic under Project Glasswing to use the advanced Claude Mythos AI, which employs deep contextual understanding to detect and chain vulnerabilities. This collaboration uncovered 271 security flaws in Firefox, including decades-old bugs, a twelvefold increase over previous efforts. To manage this volume, Mozilla built an automated pipeline and coordinated over 100 contributors to validate and patch the issues, culminating in the Firefox 150 release. This breakthrough marks a paradigm shift in cybersecurity, accelerating vulnerability discovery. However, as offensive AI capabilities evolve rapidly, an AI-driven cyber arms race intensifies, making 2026-2027 the highest-risk period for digital infrastructure.