A year ago, Mozilla fixed 31 security flaws in its Firefox browser. In April 2026 has corrected 423. The growth is spectacular and has a single person responsible: Claude Mythos Preview, the AI model that Anthropic decided not to release publicly for considering him too capable. The recent analysis by Mozilla experts has confirmed more than ever that Mythos it wasn’t just hype.
AI sees everything. The integration of Mythos into the process analysis of Firefox vulnerabilities has caused a kind of technical “cleaning” explosion. It’s not that Firefox’s code is worse now, but that the eyes that analyze it are much sharper and seem to see everything. Mozilla’s graph is compelling: with the help of Claude Mythos, the Firefox team found more security flaws in April than in the past 15 months combined.
Smell. The model is not only faster when it comes to detecting these failures, but it has a certain “smell” that surpasses anything seen so far in commercial tools. The AI tool was able to identify 271 of the 423 bugs fixed, and that figure pales in comparison to other traditional methods such as fuzzing or manual inspection. Mythos has shown that he can evaluate his own work and filter out the noise, reasoning recursively and ruling out hallucinations.
Archaeological errors. Among the most surprising discoveries they have discovered in this process is a bug in the XSLT engine (bug 2025977) that had been present in the browser for a whopping 20 years. Mythos also unearthed a problem from 15 years ago with the element “
Human patches. Mozilla has, however, been clear about something important: they still do not use AI to write the final code that ends up being deployed in the version of the browser that users use. They do ask Mythos to suggest how to patch the problem, but the engineers have found that those proposals They are often conceptual models that are not ready for production environments. In each of the 423 patches made, there was at least one human engineer who wrote the patch and another who reviewed it. AI is the elite detector, but it is still no substitute for a senior developer in this case.
A hopeful future (for Amodei). At a recent event, Anthropic CEO Dario Amodei he was optimistic and highlighted that these new tools ultimately benefit cybersecurity defenders. “If we handle this right, we could be in a better position than we were, because we’ve fixed all these mistakes. There’s only a finite number of mistakes to find, so I think there’s a better world in sight.”
In Mozilla they are not so clear. Brian Grinstead, a distinguished engineer at Mozilla, has a more pragmatic and cautious view. He agrees in that having these options available is slightly more advantageous for defenders. However, it warns that it is very likely that attackers are already using similar techniques with their own models. The race won’t be so much who finds the bug, but rather who gets it done first.
AI as part of the process. Mozilla’s immediate plan is not only to analyze already published code, but to integrate this analysis into the software development process in real time. Or what is the same: every time a new line of code is “bitten”, analyze how that can introduce vulnerabilities. Firefox 150 is proposed as the most secure version of the browser to date, and all thanks to that work between human engineers and Anthropic’s computing power.
The end of bounty hunters? The rise of Mythos as a great vulnerability detector can endanger one of the most traditionally specialized professions in the world: the bug bounty hunters. The famous ‘bug bounty‘ that encouraged human experts to detect new bugs and rewarded them with succulent financial prizes could no longer make sense when faced with the use of tools like Claude Mythos.
In Xataka | For decades, Linux has earned a reputation as a “shielded” operating system. Until now
GIPHY App Key not set. Please check settings