On Thursday evening, Dan Goodin put Mozilla's new defense of its AI bug hunt under a headline built around one claim. The 271 Firefox flaws Mythos helped surface had "almost no false positives." Inside Mozilla, Brian Grinstead had a different object in view. The harness. Twelve Bugzilla reports were public now, against 271 Firefox 150 vulnerabilities and 423 April fixes, and the argument had moved from model power to workflow.

The Firefox lesson is that Mythos mattered, but Mozilla's harness turned model output into repairable bugs. The next security race rewards verification, triage and patch speed more than model access.

Key Takeaways

AI-generated summary, reviewed by an editor. More on our AI guidelines.

The wrapper changed the work

Mozilla's earlier Anthropic collaboration used Opus 4.6 and led to fixes for 22 security-sensitive bugs in Firefox 148; the Mythos evaluation for Firefox 150 produced 271. "First, the models got a lot more capable. Second, we dramatically improved our techniques for harnessing these models," they wrote.

Grinstead described the harness to Ars as "the code that drives the LLM in order to accomplish a goal." He gave the operational version in plainer terms. "With these harnesses, so long as you can define a deterministic and clear success signal or task verification signal, you can just keep telling it to keep working," he said. "In our case when we're looking for memory safety issues we have our sanitizer build of Firefox and if you make it crash you win."

Crash or no crash.

That changed the complaint. Earlier model audits produced plausible reports that human maintainers then had to disprove. Mozilla's setup asked a model to form a hypothesis, build a test case and submit the result to the same kind of machinery Firefox engineers already used.

The patch queue became the bottleneck

Mozilla says Firefox fixed 423 security bugs in April; TechCrunch put April 2025 at 31, and The Register put March at 76. "These things are actually just suddenly very good," Grinstead told TechCrunch. Speed exposed the limit.

"For the bugs we're talking about in this post, every single one is one engineer writing a patch and one engineer reviewing it," Grinstead told TechCrunch. "We have not found it to be automatable."

Mozilla's FAQ supplies the unnecessary detail. The canonical CVE assignments live in yaml in the foundation-security-advisories repo. The Firefox 150 rollups listed 154, 55 and 107 internal bugs, 316 total, more than the 271 credited to Mythos because the rollups also include other internal discoveries. A browser's AI future still passes through release notes, review queues and small files with boring names.

The queue moved by hand.

That is why the Firefox case cuts against the simplest version of the Mythos story. Discovery scaled first. Repair stayed labor-intensive.

The model claim still needs a ruler

Anthropic framed Project Glasswing as a way to give defenders time before similar cyber models spread, a point The Implicator covered when the program launched. Davi Ottenheimer told The Register that Mozilla had not shown a measurement proving Mythos, rather than the harness, drove the result.

"A reading and a measurement are not the same thing," Ottenheimer said in The Register. He said his own test put Sonnet 4.6 and Haiku 4.5 into a harness and produced eight findings in two minutes for about $0.75, with two matching bugs Mythos had identified.

Mozilla's best documented counterpoint, in Grinstead's telling, was the verification pipeline. "In terms of the bugs coming out on the other side, there are almost no false positives," he told Ars. "That's the key thing that has unlocked our ability to operate at the scale we've been operating at now," he said. "It gives the engineer a crank they can pull that says: 'Yep, this has the problem.'"

The skeptic's narrower point remains unresolved. If the wrapper is doing the hard filtering, then Mythos is one part of the system, not the system itself.

Access decides who benefits first

Dario Amodei told CNBC there may be a six-to-12-month window to patch tens of thousands of software flaws before Chinese AI models with similar capabilities catch up. "There are only so many bugs to find," he said at an Anthropic financial-services event with JPMorgan Chase CEO Jamie Dimon.

Rest of World put the same problem in distribution terms. About 40 firms and institutions had initial Mythos access, while a White House plan to expand access to about 70 additional organizations had been blocked. Chandramouli Dorai of Zoho gave the sharper version. "Security should not be a luxury," he told Rest of World. "If the technology giants treat it as one, everyone will pay the price."

And that's the point. Mozilla could turn Mythos into fixes because it had Firefox's codebase, a sanitizer build, engineers who knew the bug lifecycle and enough organizational muscle to absorb 423 April fixes. A smaller software vendor could get access later and still lack the codebase-specific wrapper.

On Thursday evening, the headline made Mythos the subject. Firefox's engineers had already shown the better noun. The next race will start with the harness around it.

Frequently Asked Questions

What did Mythos find in Firefox?

Mozilla says Claude Mythos Preview helped identify 271 vulnerabilities fixed in Firefox 150. The work formed part of 423 Firefox security fixes shipped in April.

Why is Mozilla's harness important?

The harness gave the model instructions, target files, test runners and sanitizer verification. It also used another model to grade reports before engineers handled patches.

Did AI fix the Firefox bugs?

No. Brian Grinstead told TechCrunch that every bug discussed still had one engineer writing a patch and one engineer reviewing it.

Why are some security researchers skeptical?

Davi Ottenheimer argued that Mozilla has not isolated how much of the result came from Mythos rather than the harness wrapped around it.

What should security teams watch next?

Watch whether vendors can pair models with reproducible tests, triage, patch review and access controls before similar offensive capabilities spread.

AI-generated summary, reviewed by an editor. More on our AI guidelines.

OpenAI Builds Cybersecurity Product for Select Partners as AI Hacking Fears Mount
OpenAI is finalizing a product with advanced cybersecurity capabilities for a limited set of partners, becoming the second major AI lab in a week to restrict access to cyber tools.
The Implicator
OpenAI Ships GPT-5.4-Cyber, Expands Trusted Access to Thousands of Defenders
OpenAI opened tiered access to GPT-5.4-Cyber for verified defenders, turning restricted cyber models into a product race.
The Implicator
Project Glasswing Gives Defenders a Head Start. It's Measured in Months.
Anthropic's Mythos found old vulnerabilities in hardened software, changing the economics behind open code, scanners and patch windows.
The Implicator
Analysis

San Francisco

Editor-in-Chief and founder of Implicator.ai. Former ARD correspondent and senior broadcast journalist with 10+ years covering tech. Writes daily briefings on policy and market developments. Based in San Francisco. E-mail: [email protected]