On Tuesday, Mozilla’s free and open-source browser, Firefox, said it had fixed at least 271 vulnerabilities before releasing its latest update, with Mythos, a new AI model from Anthropic with advanced cybersecurity capabilities, helping the team discover these flaws.
Anthropic is not the only company developing AI models focused on identifying software vulnerabilities. Competitors such as OpenAI have also been pushing frontier models in this space, including GPT-5.4-Cyber, a specialized version of its GPT-5.4 model designed specifically for cybersecurity tasks.
Damilare Odedina
Some researchers see the release of these models as a major breakthrough in AI-assisted security. Critics, however, question whether the technology will make defense easier or simply give attackers more tools to exploit systems. Because of these concerns, Anthropic said it decided not to release Mythos publicly. Instead, the company opted for a limited rollout to a small number of technology and financial organizations under a program called Project Glasswing.
Firefox provides one example of how the model can assist defenders. Using Mythos, Mozilla engineers were able to identify hundreds of vulnerabilities in the browser before shipping the latest release.
“Our belief is that the tools have changed things dramatically, because now we have automated techniques that can cover, as far as we can tell, the full space of vulnerability-inducing bugs,” Bobby Holley, Firefox’s chief technology officer, told WIRED.
In practical terms, this means AI tools may be able to scan for potential bugs across far larger portions of code much faster than traditional automated tools.
According to Holley, security teams previously relied on a mix of automated techniques, such as fuzz testing, and manual vulnerability hunting by security researchers to find critical flaws. The introduction of powerful AI models signals a shift in the industry, allowing software systems to be analyzed at scale in ways that were previously difficult or impossible.
“There were categories of bugs that you could find with human analysis that you couldn’t find with automated analysis,” Holley said. "Therefore, it was always possible, if you were a threat actor willing to spend many millions of dollars, to find a bug; we tried to drive the price of that as high as possible.”
However, the arrival of tools like Mythos could also create new challenges for the open-source ecosystem. According to Raffi Krikorian, Mozilla’s chief technology officer, powerful organizations may gain early access to advanced AI security tools while smaller open-source projects struggle to keep up.
“The underlying economics haven’t changed,” Krikorian wrote in an opinion essay published in the New York Times. “The most valuable software infrastructure in the world continues to be maintained by people working for free, while the companies building fortunes on top of it never had to pay for its upkeep. Now a powerful new capability has arrived—and as we’ve seen repeatedly in tech, there’s the risk that organizations with resources will receive it first and learn to protect themselves, while others are left vulnerable.”
Holley also noted that some large companies are already preparing for the impact. “I’ve talked to engineering leaders at very large companies who are saying that they’re going to be pulling thousands of engineers off everything to be working on this for the next six months,” he said.
That shift could prove challenging for smaller projects. Many open-source initiatives are maintained by volunteers or small teams with limited resources, while large technology companies have significantly bigger engineering teams and budgets to respond to newly discovered vulnerabilities.
Holley added that Firefox gained access to Mythos through a partnership between the Firefox team and Anthropic, even though Mozilla itself was not officially part of the Project Glasswing program.
Ogbonda Chivumnovu
