{"id":544322,"date":"2026-04-22T08:39:09","date_gmt":"2026-04-22T08:39:09","guid":{"rendered":"https:\/\/www.newsbeep.com\/uk\/544322\/"},"modified":"2026-04-22T08:39:09","modified_gmt":"2026-04-22T08:39:09","slug":"mythos-found-271-firefox-flaws-none-a-human-couldnt-spot-the-register","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/uk\/544322\/","title":{"rendered":"Mythos found 271 Firefox flaws \u2013 none a human couldn\u2019t spot \u2022 The Register"},"content":{"rendered":"<p>The Mozilla Foundation has revealed it tested Anthropic\u2019s bug-finding \u201cMythos\u201d AI model and feels the results it experienced represent a watershed moment for software defenders.<\/p>\n<p>The FOSS outfit on Tuesday <a target=\"_blank\" href=\"https:\/\/blog.mozilla.org\/en\/privacy-security\/ai-security-zero-day-vulnerabilities\/\" rel=\"nofollow noopener\">reminded<\/a> readers that it used Anthropic\u2019s Opus 4.6 model to look for bugs in Firefox 148 and found 22 bugs.<\/p>\n<p>Mythos found 271 vulnerabilities in Firefox 150.<\/p>\n<p>Mozilla CTO Bobby Holley expressed mixed feelings about that result, which he described as giving the Firefox team \u201cvertigo\u201d as they confronted the need to fix so many flaws.<\/p>\n<p>\u201cFor a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it\u2019s even possible to keep up,\u201d he wrote.<\/p>\n<p>He also thinks the huge haul of bugs Mythos identified represent \u201clight at the end of the tunnel\u201d for security teams.<\/p>\n<p>\u201cOur work isn\u2019t finished, but we\u2019ve turned the corner and can glimpse a future much better than just keeping up,\u201d he wrote, then turned on Bold text and declared \u201cDefenders finally have a chance to win, decisively. \u201d<\/p>\n<p>He offered that prediction because he feels \u201cUntil now, the industry has largely fought security to a draw\u201d while acknowledging it\u2019s all-but impossible to eliminate all exploits.<\/p>\n<p>\u201cInstead, we aimed to make them so expensive that only actors with functionally unlimited budgets can afford them, and that the cost of burning such an expensive asset disincentivizes those actors against casual use,\u201d he wrote.<\/p>\n<p>Mythos changes the game, he feels, by improving on the fuzzing tools Mozilla uses to find bugs without human intervention.<\/p>\n<p>\u201cElite security researchers find bugs that fuzzers can\u2019t largely by reasoning through the source code,\u201d he wrote. \u201cThis is effective, but time-consuming and bottlenecked on scarce human expertise.<\/p>\n<p>\u201cComputers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world\u2019s best security researchers, and Mythos Preview is every bit as capable. So far we\u2019ve found no category or complexity of vulnerability that humans can find that this model can\u2019t.\u201d<\/p>\n<p>The CTO thinks Mythos\u2019 abilities \u201ccan feel terrifying in the immediate term, but it\u2019s ultimately great news for defenders.\u201d<\/p>\n<p>\u201cA gap between machine-discoverable and human-discoverable bugs favors the attacker, who can concentrate many months of costly human effort to find a single bug. Closing this gap erodes the attacker\u2019s long-term advantage by making all discoveries cheap.\u201d<\/p>\n<p>He then hit CTRL-B again, and busted out CTRL-I too, to note \u201cEncouragingly, we also haven\u2019t seen any bugs that couldn\u2019t have been found by an elite human researcher. \u201d<\/p>\n<p>The CTO also poured cold water on those who assert \u201cfuture AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension.\u201d<\/p>\n<p>He doesn\u2019t think that will happen, because \u201cSoftware like Firefox is designed in a modular way for humans to be able to reason about its correctness. It is complex, but not arbitrarily complex.\u201d<\/p>\n<p>\u201cThe defects are finite, and we are entering a world where we can finally find them all.\u201d \u00ae<\/p>\n","protected":false},"excerpt":{"rendered":"The Mozilla Foundation has revealed it tested Anthropic\u2019s bug-finding \u201cMythos\u201d AI model and feels the results it experienced&hellip;\n","protected":false},"author":2,"featured_media":544323,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[59,86,56,54,55],"class_list":{"0":"post-544322","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-gb","9":"tag-technology","10":"tag-uk","11":"tag-united-kingdom","12":"tag-unitedkingdom"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/544322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/comments?post=544322"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/posts\/544322\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media\/544323"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/media?parent=544322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/categories?post=544322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/uk\/wp-json\/wp\/v2\/tags?post=544322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}