Firefox 150 shipped this week with 271 fewer security bugs. Anthropic's Mythos Preview found them all before release. One month earlier, Anthropic's Opus 4.6 caught just 22 flaws in Firefox 148.
Mozilla's Bobby Holley put it plainly. "Defenders finally have a chance to win, decisively." He called Mythos Preview "every bit as capable" as the world's top security researchers.
Standard fuzzing throws random inputs at code and hopes something breaks. Mythos reads source code like a person would. It traces execution paths and spots logic errors that fuzzing can't catch unlike traditional proof-of-work systems that rely on brute force. Analysis that took "many months of costly human effort to find a single bug" now takes hours.
Open source projects run on public code that any AI could scan. But their maintainers are often volunteers working with minimal funding. Mozilla CTO Raffi Krikorian wrote in a New York Times essay about a programmer "who gave 20 years of his life to maintain code that runs inside products used by billions of people." That person still can't access Mythos. "He should," Krikorian wrote.
Holley told Wired that AI bug hunting is "something every piece of software is going to have to engage with." Bugs that stayed buried for years are now findable. Firefox got ahead of this. Most won't be so lucky as smaller models are demonstrating similar capabilities.