Mozilla’s security team thought AI-assisted vulnerability hunting would help speed up bug discovery.
What they didn’t expect was for it to completely rewrite how they think about cybersecurity itself.
According to new reports and disclosures from both Mozilla and Anthropic, the company’s highly restricted AI cybersecurity model, Mythos, has uncovered hundreds of vulnerabilities inside Mozilla Firefox including serious flaws that had remained hidden in the browser’s codebase for more than a decade.
The numbers are staggering.
Mozilla says Mythos helped identify 271 vulnerabilities, many of them classified as high severity, forcing engineers into one of the largest security remediation efforts in Firefox’s recent history. In April 2026 alone, Firefox shipped 423 bug fixes, compared to just 31 during the same month a year earlier.
And according to Mozilla engineers, the system produced “almost no false positives.”
That last detail may be the most important part of the story.
Because for years, AI-assisted security tools have struggled with reliability. They could generate enormous numbers of alerts, but many turned out to be useless, forcing human researchers to waste time separating real threats from hallucinations.
Mozilla CTO Bobby Holley described the shift in unusually dramatic terms, suggesting that AI may finally give defenders a chance to decisively outpace attackers in vulnerability discovery.
That’s a remarkable statement coming from one of the web’s oldest browser teams.
And it reflects how quickly the cybersecurity landscape is changing.
Traditionally, finding deep software vulnerabilities required rare expertise, enormous amounts of time, and painstaking manual analysis. Zero-day vulnerabilities often remained hidden for years because there simply weren’t enough skilled researchers capable of uncovering them.
AI changes that equation completely.
Mythos can reportedly scan massive codebases autonomously, identify subtle logic flaws, and even generate exploit paths overnight tasks that previously might have taken expert teams weeks or months.
In Firefox’s case, some of the discovered flaws involved sandbox escape vulnerabilities and long-standing HTML parsing issues buried deep inside legacy code.
And Mozilla is no longer treating this as experimental.
The company says it has “completely bought in” to AI-assisted security workflows, integrating these systems directly into how Firefox is audited and maintained going forward.
That may sound like good news and in many ways it is.
But there’s another side to this story. Because the same technology capable of helping defenders secure software could also dramatically accelerate offensive cyberattacks if it falls into the wrong hands.
That’s precisely why Anthropic has restricted Mythos from public release.
The company has repeatedly warned that the model is unusually capable at discovering and exploiting software vulnerabilities, to the point where it launched the system only through a tightly controlled initiative called Project Glasswing.
Even governments are paying attention.
European regulators are already in discussions with Anthropic about Mythos’s implications for cybersecurity and critical infrastructure protection.
And concerns intensified after reports emerged that unauthorized individuals may have briefly gained access to the model through a third-party environment.
That incident highlighted the uncomfortable reality at the centre of all this:
Once AI systems become capable enough to autonomously discover and weaponise vulnerabilities, controlling access becomes just as important as building the models themselves.
Mozilla’s experience with Mythos also reveals another challenge, scale.
Finding hundreds of vulnerabilities quickly is useful only if organizations can fix them just as fast. Large companies like Mozilla may be able to mobilize engineering teams to respond, but smaller open-source projects often lack the resources to patch issues at the same speed.
That could create a dangerous imbalance where attackers gain access to increasingly powerful AI-assisted discovery tools while defenders without sufficient resources fall behind.
Still, many security researchers believe this moment represents a turning point.
For decades, cybersecurity has largely favored attackers because discovering one hidden flaw could be enough to compromise a system. Defenders, by contrast, had to secure everything.
AI may finally be shifting that balance.
And Firefox’s experience with Mythos could end up being remembered as one of the first major examples of what that new era looks like.
An era where AI doesn’t just help write code.
It hunts the bugs humans missed at a scale the industry has never seen before.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
