In short
- Mozilla says Anthropic’s Claude Mythos recognized 271 vulnerabilities in Firefox throughout testing.
- Anthropic is proscribing the mannequin to vetted companions by way of Challenge Glasswing due to cybersecurity dangers.
- Researchers warn that the identical functionality might speed up automated cyberattacks.
For many years, attackers have had the benefit in cybersecurity. Synthetic intelligence could also be about to alter that.
In a blog post printed on Tuesday, Firefox browser developer Mozilla mentioned an early model of Anthropic’s Claude Mythos AI—which has drawn consideration in latest weeks for its purported cybersecurity prowess—mannequin helped determine 271 vulnerabilities within the browser throughout inner testing. These bugs had been patched this week.
The outcomes spotlight how superior AI methods can analyze massive codebases and find weaknesses that beforehand required in depth handbook overview by human cybersecurity researchers.
“As these capabilities attain the palms of extra defenders, many different groups are actually experiencing the identical vertigo we did when the findings first got here into focus,” Mozilla wrote. “For a hardened goal, only one such bug would have been red-alert in 2025, and so many directly makes you cease to wonder if it’s even potential to maintain up.”
Mozilla had earlier examined one other Anthropic mannequin that recognized 22 security-sensitive bugs in a earlier Firefox launch. Regardless of these successes, Mozilla acknowledged that the cybersecurity business has lengthy handled the entire elimination of software program exploits as an “unrealistic purpose.”
“Till now, the business has largely fought safety to a draw,” the corporate wrote. “Distributors of vital internet-exposed software program like Firefox take safety extraordinarily critically and have groups of people that get off the bed each morning eager about learn how to hold customers protected.”
Mozilla mentioned the brand new AI system can analyze supply code and determine vulnerabilities in ways in which beforehand trusted scarce human experience. Nevertheless, Mozilla mentioned the corporate was inspired to see that no bugs had been discovered that could not have been found by “an elite human researcher.”
“Some commentators predict that future AI fashions will unearth totally new types of vulnerabilities that defy our present comprehension, however we don’t suppose so,” they mentioned. “Software program like Firefox is designed in a modular method for people to have the ability to cause about its correctness. It’s complicated, however not arbitrarily complicated.”
The outcomes, nonetheless, counsel AI instruments might enable builders to uncover massive numbers of vulnerabilities earlier than attackers exploit them—although conversely, within the improper palms, it might spell huge bother for software program companies and customers alike.
Launched in March, Mythos is Anthropic’s most advanced mannequin for reasoning, coding, and cybersecurity duties. Inside firm supplies describe the system as a part of a brand new mannequin tier past the corporate’s earlier Opus sequence.
Testing carried out earlier than the mannequin’s launch confirmed it might determine hundreds of beforehand unknown vulnerabilities throughout main working methods and internet browsers.
Anthropic has restricted entry to the system by way of a restricted program referred to as Project Glasswingwhich provides choose expertise firms—together with Amazon, Apple, and Microsoft—the flexibility to make use of the mannequin to scan software program for weaknesses. It displays a rising effort throughout the cybersecurity business to make use of AI methods to determine and patch vulnerabilities earlier than attackers can exploit them.
Nevertheless, the identical expertise might additionally allow new types of cyberattacks. Safety researchers say AI methods able to analyzing code at scale might automate the invention of exploitable vulnerabilities throughout broadly used software program.
After the launch of Mythos, testing by the U.Okay.’s AI Safety Institute discovered that the AI might autonomously execute complex cyber operations, together with finishing a multi-stage company community assault simulation with out human help. These capabilities have drawn consideration from governments and intelligence businesses alike.
Regardless of a name from President Donald Trump’s administration to stop utilizing Anthropic’s expertise resulting from a conflict over its use in warfare and surveillance issues, on Monday, the Nationwide Safety Company was revealed to be working Claude Mythos Preview on categorized networks, in keeping with sources aware of the deployment. Using Mythos underscores the rising curiosity amongst U.S. safety businesses within the mannequin’s capability to determine vital software program vulnerabilities.
The mannequin’s efficiency has additionally uncovered limits in current AI analysis methods. Earlier this month, Anthropic acknowledged that a number of cybersecurity benchmarks are not enough to measure the capabilities of its latest fashions.
Mozilla mentioned the outcomes level to a possible shift in cybersecurity, the place defenders might start to shut the long-standing benefit attackers have held.
“We’re extraordinarily pleased with how our crew rose to fulfill this problem, and others will too,” Mozilla wrote. “Our work isn’t completed, however we’ve turned the nook and might glimpse a future significantly better than simply maintaining. Defenders lastly have an opportunity to win, decisively.”
Mozilla didn’t instantly reply to a request for remark by Decrypt.
Every day Debrief Publication
Begin every single day with the highest information tales proper now, plus authentic options, a podcast, movies and extra.
