原文 · 未翻译
Mozilla's agentic AI pipeline turns Claude Mythos Preview loose and finds 271 unknown Firefox vulnerabilities
Key Points
Mozilla developers used Claude Mythos Preview to identify and fix 271 unknown security vulnerabilities in Firefox 150, contributing to a record 423 resolved security issues in April.
Unlike earlier AI models that produced many false positives, new agentic systems build and run their own test cases to verify if a suspected bug actually exists before reporting it.
Claude Mythos successfully found decades-old flaws and validated existing security defenses, leading Mozilla to plan the integration of this pipeline to automatically check all new code before it is committed.
Anthropic's Claude Mythos Preview found 271 unknown vulnerabilities in Firefox 150, some up to 20 years old. Mozilla's agentic pipeline lets the AI write and run its own test cases to verify findings, and will soon check every new code commit automatically.
In a detailed post on the Mozilla Hacks blog, three Firefox developers describe how their team used Claude Mythos Preview to find and fix 271 previously unknown security vulnerabilities in Firefox 150. In total, Mozilla resolved 423 security issues in April - a massive jump from the previous record of just 76 in March. The breakdown makes clear how central Mythos Preview was to that effort: beyond the 271 bugs found in Firefox 150, roughly a third of the remaining 111 internally discovered bugs also came from Mythos runs. The other two-thirds were split between the same pipeline running other models and traditional testing methods like fuzzing. Only 41 of the 423 total vulnerabilities came from external reports.
Just a few months ago, AI-generated bug reports were widely dismissed as useless AI slop - findings that sounded plausible but turned out to be wrong, wasting developers' time on verification. According to the authors, two things changed that: more capable models and better infrastructure for separating real findings from noise.