- Mozilla says it has fixed over 400 bugs using Anthropic Mythos
- The tool should be ‘enabled’ for Firefox for best results
- Mythos offers a step away from the typical ‘junk slop’ provided by AI fuzzing tools
Anthropic’s latest cybersecurity tool Mythos continues to make waves as Mozilla announces that the AI model helped it ship more than 400 Firefox security fixes in April 2026 alone.
Mythos has been touted by Anthropic as ‘A new frontier model’ that could ‘reshape cyber security’ and is capable of identifying zero-day vulnerabilities across operating systems and browsers.
Mozilla has previously touted the tool as “as capable” as “the world’s best security researchers” and has now sought to back up that claim with hard evidence.
Mythos removes Firefox
Mozilla’s debugging performance with Mythos came down to two things, the company said.
The first is improvements in AI tools such as Mythos, and the second is Mozilla’s specially developed “harness” that allowed Mythos to analyze Firefox code without producing the “unwanted slop” typical of previous AI error fuzzing tools.
“In terms of the errors that come out the other side, there are almost no false positives,” Mozilla Distinguished Engineer Brian Grinstead said in an interview. Selenium, which Mozilla developed for Mythos, would give the AI tool access to a similar workflow used by a human team.
Mythos is then provided with files that have been shown to contain problems and tasked with creating an exploit test case, which is then run by fuzzing tools to scan for the potential vulnerabilities.
Some of the vulnerabilities Mythos managed to identify had been present for 15 to 20 years, and required a complex chain of multiple flaws to result in a complete chain compromise of Firefox. Typically, such an exploit chain will take weeks to identify and is notoriously difficult to spot using traditional fuzzing techniques.
Of course, Mythos is not a silver bullet for cyber defense and certainly should not be seen as such. As Mozilla has demonstrated, it cannot simply be deployed to instantly patch any vulnerability in a piece of software. It needs human guidance and direction to perform on such a scale.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
