Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

Source: Ars Technica

AI‑aided vulnerability discovery

By identifying bugs so efficiently, Holley writes that AI tools like Mythos tilt the cybersecurity balance toward defenders, who benefit when discovering vulnerabilities becomes cheaper for both sides. “Computers were completely incapable of doing this a few months ago, and now they excel at it,” Holley writes. “We have many years of experience picking apart the work of the world’s best security researchers, and Mythos Preview is every bit as capable.”

Interview insights

In an interview with Wired, Holley said that, from now on, this kind of AI‑aided vulnerability analysis is something that “every piece of software is going to have to [engage with], because every piece of software has a lot of bugs buried underneath the surface that are now discoverable.” While future models more advanced than Mythos may find bugs that current models miss, Holley is confident that “at least on the Firefox side, having had a bit of a head start here, that we’ve rounded the curve.”

Importance for open‑source projects

Running through the AI‑aided defense gauntlet could be especially important for the open‑source projects that underpin much of the modern Internet. Their public codebases are easier for AI systems to explore for vulnerabilities, and many such projects rely on wildly insufficient volunteer maintenance for their security.

Perspective from Mozilla leadership

In a New York Times essay last week, Mozilla CTO Raffi Krikorian argued that the human difficulty of both finding bugs and writing complex software has created a kind of balance in cyber‑threat research that Mythos could break wide open. “The programmer who gave 20 years of his life to maintain [open source] code that runs inside products used by billions of people? He doesn’t have access to Mythos yet. He should,” Krikorian wrote.