When Anthropic released its new model, Mythos, in April, the AI lab simultaneously issued a strong warning to the software development industry. It is said that this model is extremely capable of mining software security vulnerabilities and has discovered thousands of high-risk vulnerabilities. The model cannot be fully open to the outside world until these problems are repaired.

Now, for the first time, Mozilla Firefox browser security researchers have systematically disclosed the details of how this process works in actual engineering, and tried to explain what Mythos means to the overall software security ecosystem. Mythos has uncovered a number of high-severity vulnerabilities in Firefox, some of which have been dormant in the code for more than a decade, Mozilla said in a post Thursday.

In just half a year, there has been a significant leap in the usefulness of AI security tools. In the past, various AI automatic error-checking tools were often very noisy, frequently filling the security team with reports of poor quality and a large number of false positives, leaving the engineering team struggling to cope. Mozilla researchers believe that the new generation of tools has "reached an inflection point," especially after it has "agent-like" capabilities. The model can perform secondary evaluation and screening of its own analysis results, thereby filtering out a large number of unreliable outputs.

“It is difficult to overstate how much this change will affect us within a few months,” the researchers wrote. "First of all, the capabilities of the models themselves have been greatly improved; secondly, our technology stack in how to control these models has also made rapid progress."

Specifically at the results level, the changes are particularly intuitive: In April 2026, Firefox released a total of 423 vulnerability fix patches, while in the same month a year ago, this number was only 31. The research team also disclosed the technical details of 12 of the vulnerabilities, including two rare sandbox security mechanism flaws and a 15-year-old HTML element parsing error.

“These tools are really suddenly becoming very useful now,” Mozilla Distinguished Engineer Brian Grinstead said in an interview with TechCrunch. "We see this on our internal scanning systems, we see the same trend in vulnerability reports submitted externally, and across the industry."

One of the most striking points is that Mythos helped discover a number of vulnerabilities related to the browser's "sandbox" mechanism. In the industry, this type of vulnerability has always been regarded as one of the most difficult and harmful flaws to discover: to successfully find and verify sandbox vulnerabilities, the model must not only be able to write a patch with malicious changes, but also manage to attack the most protected parts of the browser after introducing this new code. This process requires maintaining strict logic and sufficient creativity between multi-step operations, and is much more difficult than conventional defect mining.

Its value can also be seen in terms of economic incentives. Mozilla's bug bounty program offers a maximum reward of $20,000 for Firefox sandbox vulnerabilities, the highest reward limit of any vulnerability category. Still, Grinstead said Mythos has now found more sandbox-related issues than human security researchers have uncovered through bounties in the past combined. “We do receive reports of sandbox vulnerabilities,” he said, “but in terms of volume, they are nowhere near the scale of what we proactively discover using this new technology.”

It’s worth noting that despite the industry’s significant progress in AI code generation tools, the Firefox team currently does not rely on AI to directly fix these vulnerabilities. The team will have the model try to generate patches based on each vulnerability, but these automatically generated codes usually cannot be directly integrated into the backbone and can only be used as a reference template for human engineers to write fixes.

"For each of the vulnerabilities mentioned in this article, one engineer completed the patch writing, and another engineer completed the code review." Grinstead emphasized. “We have yet to find a reliable way to fully automate this process.”

On a more macro level, it is still unclear how the rapid evolution of AI capabilities will change the balance of power between network offense and defense. It has been more than a month since the preview version of Mythos was released, and most of the flaws discovered are still in the process of being fixed, which also means that it is difficult for the outside world to fully assess its long-term impact. Anthropic has been strictly adhering to responsible disclosure practices and gradually communicating vulnerability details with relevant projects, but it is reasonable to speculate that some malicious actors are also trying similar techniques privately, even if the models they use are still inferior in capabilities.

At a recent public event, Anthropic CEO Dario Amodei was relatively optimistic about the trend. In his view, if the industry properly regulates how such tools are used, defenders may end up in a better position than they are today. "If we do it right, we'll hopefully end up with a situation that's more secure than we started with because we're going to fix these vulnerabilities one by one," Amodei said. “The total number of vulnerabilities is limited, so it is possible to usher in a better world after this.”

In contrast, Grinstead, who has been dealing with vulnerabilities on the front line for a long time, is more cautious. "This tool is equally useful for attackers and defenders, but its popularity has at least somewhat tilted the advantage slightly toward the defender," he said. "A more realistic statement is that no one can really give a final answer to this question right now."