Firefox 150 shipped this week with fixes for 271 security vulnerabilities, all discovered by Anthropic's Mythos Preview AI model. Not a typo. Mozilla Squashed 271 Firefox Bugs Using Anthropic's Mythos. Two hundred seventy-one bugs caught before attackers could find them.
Firefox CTO Bobby Holley says this is a real shift. For years, teams relied on fuzzing and manual code review, accepting that well-funded attackers could always find bugs automated tools missed. "There were categories of bugs that you could find with human analysis that you couldn't find with automated analysis," Holley told WIRED. Now automated techniques can cover "the full space of vulnerability-inducing bugs." That changes the math for everyone.
The uncomfortable part is what happens next. Holley describes a coming "bootcamp" where every piece of software gets scrubbed for latent vulnerabilities, ready or not. He's heard from engineering leaders at large companies planning to pull thousands of developers off regular work for months to focus on security. Open source projects maintained by volunteers face a harder road. Mozilla CTO Raffi Krikorian wrote in the New York Times that "the most valuable software infrastructure in the world continues to be maintained by people working for free, while the companies building fortunes on top of it never had to pay for its upkeep."
Anthropic and OpenAI are keeping their security-focused models private for now, with industry working groups assessing implications. Anthropic Won't Release Mythos, Too Good at Hacking Mozilla got direct access to Mythos Preview but isn't part of Anthropic's Project Glasswing consortium. Holley thinks the transition is finite, not an endless arms race. "Having had a bit of a head start here, we've rounded the curve," he says. For projects without that head start, the curve hasn't even started.