Lily Hay Newman Security Apr 21, 2026 2:30 PM Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition. Photograph: SOPA Images/Getty Images Save this story Save this story Amid a raging debate over the impact that new AI models will have on cybersecurity, Mozilla said on Tuesday that its Firefox 150 browser release this week includes protections for 271 vulnerabilities identified using early access to Anthropic's Mythos Preview . The Firefox team says that it has taken resources and discipline to adjust to the firehose of bugs that new AI tools can uncover, but that this big lift is necessary for the security of Mozilla’s users, given that the capabilities will inevitably be in attackers’ hands soon. Both Anthropic and OpenAI have announced new AI models in recent weeks that the companies say have advanced cybersecurity capabilities that could represent a turning point in how defenders—and, crucially, attackers—find vulnerabilities and misconfigurations in software systems. With this in mind, the companies have so far only done limited private releases of their new models, and both have also convened industry working groups meant to assess the advances and strategize. In practice, though, cybersecurity experts have a range of views on how consequential the new capabilities will be. Mozilla's experience, at least in the short term, shows that AI tools like Mythos Preview could have a profound impact for vulnerability hunters. “Our belief is that the tools have changed things dramatically, because now we have automated techniques that can cover, as far as we can tell, the full space of vulnerability-inducing bugs,” says Bobby Holley, Firefox's chief technology officer. For years, he says, Firefox and other organizations have relied on a combination of automated vulnerability hunting techniques, like software fuzzing , and manual vulnerability hunting by internal and external researchers to find and fix flaws. And attackers have had these same tools and methods at their disposal. “There were categories of bugs that you could find with human analysis that you couldn’t find with automated analysis and, therefore, it was always possible if you were a threat actor and you were willing to spend many millions of dollars to find a bug—we tried to drive the price of that as high as possible,” Holley says. Holley now says that emerging AI capabilities will create a sort of bootcamp that all software will have to go through one way or the other to find and fix a set of latent vulnerabilities in their code. Companies like Anthropic and OpenAI seem to be trying to get as many major players as possible to go through this overhaul before the capabilities are more widely available. “Every piece of software is going to have to make this transition, because every piece of software has a lot of bugs buried underneath the surface that are now discoverable,” Firefox's Holley says. “This is a transitory moment that is difficult and requires coordinated focus and a lot of grit to get through, but I think that it is a finite moment, even as the models become more advanced. Maybe the more advanced models will find a few things here or there, but I believe that, at least on the Firefox side having had a bit of a head start here, that we’ve rounded the curve.” Holley says that the Firefox team gained access to Mythos Preview as part of direct collaboration with Anthropic and that Mozilla is not formally part of its larger consortium, called Project Glasswing. Firefox is open source, a type of software that in general could be particularly impacted by new AI bug hunting capabilities given that many open source projects are widely used and relied upon around the world and yet are often maintained by a very small group of volunteers or just one person. And the effects could be especially consequential for “abandonware” that is no longer maintained at all. Raising awareness about the urgency of the issue and the reality of what it takes to secure software in the age of advanced AI vulnerability hunting, both in terms of resources and time, is crucial to getting all hands on deck for open source, Holley says. “I've talked to engineering leaders at very large companies who are saying that they're going to be pulling thousands of engineers off of everything to be working on this for the next six months,” he says. “So it is going to be a big challenge for industry, and the concern is for smaller projects and open source. It’s difficult for these maintainers to not only have the wherewithal and the access to be able to use these tools, but also to actually do anything with them." In a New York Times Opinion essay last week, Mozilla CTO Raffi Krikorian argued that even with gestures from companies like Anthropic, the arrival of these new AI cybersecurity capabilities will perpetuate dynamics that have played out in software for decades. “The underlying economics haven’t changed,” Krikorian wrote. “The most valuable software infrastructure in the world continues to be maintained by people working for free, while the companies building fortunes on top of it never had to pay for its upkeep. Now a powerful new capability has arrived—and as we’ve seen repeatedly in tech, there’s the risk that organizations with resources will receive it first and learn to protect themselves, while others are left vulnerable.” For its part, Firefox's Holley says his team has relationships across the open source ecosystem and is working both formally and informally with as many maintainers as it can to share knowledge and tools. “Ultimately the open source stuff is a human problem,” Holley says. “There’s only so much that you can scale with technology—there’s a lot of the industry and everybody just needing to come together.” Updated at 2:36 pm ET, April 21, 2026: Corrected the headline with the total number of bugs Mozilla found and fixed in Firefox using Anthropic's Mythos Preview. Comments Back to top You Might Also Like In your inbox: Will Knight's AI Lab explores advances in AI Meta’s facial recognition glasses could arm sexual predators Big Story: The snake bros getting bitten by their lethal pets The deepfake nudes crisis in schools is worse than you thought Listen: Silicon Valley is spending millions to stop one of its own Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate, and was the staff writer for Future Tense, a publication and partnership between Slate, the New America Foundation, and Arizona State University. Her work ... Read More Senior Writer Topics OpenAI cybersecurity vulnerabilities security hacking malware Browsers Mozilla Firefox Read More Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything The AI lab's Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They'll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities. Lily Hay Newman Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think The new AI model is being heralded—and feared—as a hacker’s superweapon. Experts say its arrival is a wake-up call for developers who have long made security an afterthought. Lily Hay Newman In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy OpenAI says its safeguards “sufficiently reduce cyber risk” for now, while GPT-5.4-Cyber is a new cybersecurity-focused model. Lily Hay Newman Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk Major AI labs are investigating a security incident that impacted Mercor, a leading data vendor. The incident could have exposed key data about how they train AI models. Maxwell Zeff The US Army Is Building Its Own Chatbot for Combat The AI system, trained on real military data, is meant to give soldiers mission-critical information. Will Knight They Built a Legendary Privacy Tool. Now They’re Sworn Enemies There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history. Tiffany Ng Cursor Launches a New AI Agent Experience to Take On Claude Code and Codex As Cursor launches the next generation of its product, the AI coding startup has to compete with OpenAI and Anthropic more directly than ever. Maxwell Zeff AI Models Lie, Cheat, and Steal to Protect Other Models From Being Deleted A new study from researchers at UC Berkeley and UC Santa Cruz suggests models will disobey human commands to protect their own kind. Will Knight Microsoft Surface PCs Are Getting Big Price Hikes, and the Cheaper Models Are Going Away The price increases range from $200 to $300, and Microsoft doesn’t sell a sub-$1,000 Surface anymore. The rising cost of consumer tech is a common theme in 2026. Andrew Cunningham, Ars Technica The Hack That Exposed Syria’s Sweeping Security Failures When Syrian government accounts were hijacked in March, the breach looked chaotic. But it revealed something more troubling: a state struggling with the most basic layer of cybersecurity. Danny Makki Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool As DarkSword spreads, Apple tells WIRED it will enable iOS 18-specific fixes for millions of iPhone owners who remain on that iOS version rather than force them to update to iOS 26. Andy Greenberg AI Could Democratize One of Tech's Most Valuable Resources AI is making it easier to design chips and optimize software for different silicon. Some startups envision a revolution in chipmaking. Will Knight