For years, the cybersecurity landscape has been defined by a fundamental asymmetry: it is inherently easier to find a single flaw to exploit than it is to secure every possible entry point. However, new data from Mozilla suggests that the scales may finally be tilting toward the defense. Using a preview version of Anthropic’s latest model, Mythos, developers identified 271 security vulnerabilities in the source code for Firefox 150 before its release.
The sheer volume of these findings marks a stark departure from previous benchmarks. When Mozilla tested Anthropic’s Opus 4.6 model against Firefox 148 just last month, the AI uncovered only 22 bugs. The order-of-magnitude leap with Mythos reinforces the reality that we are entering an era of "turbocharged" AI-aided analysis, where large language models can parse millions of lines of code with a granularity that human auditors—and even previous generations of AI—could not match.
While Mozilla has not yet disclosed the specific severity of the 271 vulnerabilities, the results were significant enough to prompt Firefox CTO Bobby Holley to suggest that the perennial struggle between attackers and defenders has reached a strategic turning point. "Defenders finally have a chance to win, decisively," Holley noted, suggesting that the industry has "rounded the curve" in its ability to preemptively patch software.
This capability explains Anthropic’s cautious rollout of Mythos, which remains restricted to a select group of "critical industry partners." If a model can find nearly 300 vulnerabilities in a mature, open-source project like Firefox, its potential utility for offensive actors remains a primary concern for the industry. For the moment, however, the narrative is one of rare optimism for those tasked with keeping the web secure.
With reporting from Ars Technica.
Source · Ars Technica
