In short
- Mozilla says Anthropic’s Claude Mythos identified 271 vulnerabilities in Firefox during testing.
- Anthropic is restricting this model to partners who view it through Project Glasswing due to cyber security risks.
- Researchers warn that this same capability can accelerate cyber attacks.
Over the years, attackers have had an advantage in cyber security. Artificial intelligence can change this.
In a blog post published on Tuesday, Firefox browser maker Mozilla said an early version of Anthropic’s Claude Mythos AI—which has attracted attention in recent weeks for its Internet security capabilities—helped identify 271 vulnerabilities in the browser during internal testing. The bugs were fixed this week.
The results show how advanced AI systems can analyze large codebases and find vulnerabilities that previously required manual review by cybersecurity researchers.
“As this capability gets into the hands of many defenders, many other teams are now experiencing the same thing we did when the findings first came to light,” Mozilla wrote. “For a solid target, only one mistake would be alert in 2025, and many at the same time make you stop to think if it is possible to continue.”
Mozilla tested a version of Anthropic that identified 22 security-related bugs in the original Firefox release. Despite these successes, Mozilla admitted that the internet security industry has long considered eliminating the use of the software as an “unattainable goal”.
“Until now, the industry has been struggling with security,” the company wrote. “Vendors of critical web applications like Firefox take security very seriously and have teams of people who wake up every morning thinking about how to protect their users.”
Mozilla said the new AI system can analyze sources and identify vulnerabilities in ways that previously relied on human expertise. However, Mozilla said the company was encouraged to observe that there were no bugs that could not have been found by an “elite researcher.”
“Some commentators predict that future models of AI will find new challenges that go against what we know now, but we don’t think so,” he said. “Programs like Firefox are designed in a standard way so that people can think about their accuracy. It’s difficult, but not difficult.”
The results, however, show that AI tools can allow developers to uncover many problems before their use, even in the wrong hands, can cause serious problems for companies and users.
Launched in March, Mythos is very Anthropic advance model for thinking, writing, and cybersecurity projects. Internal company sources describe the system as part of a new model beyond the company’s previous Opus series.
Pre-release testing showed that it could detect many previously undetected vulnerabilities in major operating systems and browsers.
Anthropic has limited access to the system through a restricted program called Project Glasswingwhich gives selected technology companies – including Amazon, Apple, and Microsoft – the ability to use this model to analyze software for vulnerabilities. It reflects a growing effort within the cybersecurity industry to use AI systems to detect and identify threats before they can exploit them.
However, the same technology can also enable new types of cyberattacks. Security researchers say AI systems that can analyze code on a large scale can make it possible to find vulnerabilities that can be exploited in widely used software.
After the launch of Mythos, testing by the UK’s AI Security Institute found that AI can autonomously give challenges cyber operations, including the completion of multi-level corporate testing without public assistance. Those capabilities have attracted the attention of governments and telecommunications organizations.
Despite President Donald Trump’s call to Stop using Anthropic technology because of controversy over its military use and surveillance, Monday, the National Security Agency said. to be revealed will be running the Claude Mythos Preview on select networks, according to sources familiar with the deployment. The use of Mythos confirms the growing interest among US security agencies in the model’s ability to detect software vulnerabilities.
The model’s performance has also highlighted limitations in existing AI systems. Earlier this month, Anthropic he agreed that several benchmarks of cyber security are no longer sufficient to measure the potential of its new models.
Mozilla said the results indicate a potential shift in cybersecurity, where defenders can begin to shut down attackers in the long run.
“We’re very proud of how our team has stood up to this challenge, and so have others,” Mozilla wrote. “Our work is not done, but we have looked ahead and we can see a better future than just working hard.
Mozilla did not immediately respond to a request for comment Decrypt.
Daily explanation A letter
Start each day with top stories right here, including originals, podcasts, videos and more.
