Mozilla Used Mythos to Fix 271 Firefox Bugs

Mozilla has announced that Firefox 150 (set to be released this week) will include fixes for 271 bugs found using Anthropic's "Claude Mythos" AI.

Claude Mythos was announced in early April as Anthropic's latest "general purpose" LLM. However, it is alleged to be particularly excellent at cybersecurity tasks, so much so that the company claimed it would be irresponsible to release it publicly without first giving organizations early access to find and patch the type of vulnerabilities it would find.

As such, Anthropic launched "Project Glasswing," a consortium of Big Tech companies who would be given early access to the model for the purposes of defense before the public release would inevitably empower the "bad guys" with these same weapons. (OpenAI later released their answer, ChatGPT Cyber, which they claim is also too dangerous for public release.)

Mozilla is not part of Project Glasswing, however they do have a preexisting working relationship with Anthropic which they leveraged to have Mythos examine their code.

This is not the first time Mozilla has used AI (specifically Anthropic) to find previously-unknown bugs in Firefox. Back in March, Anthropic's Frontier Red Team submitted around a dozen security discoveries which were patched and fixed in Firefox 148.

AI remains as controversial as ever, however it is commonly accepted that Firefox trails behind Chromium in terms of security. It is interesting to see a useful application of AI - instead of flooding content platforms with AI slop - even if it's arguably still an unethical tool at it's core. Personally, I'll be interested to see if this kind of work can close the security gap between Firefox and Chromium, if it can also be applied to improving Firefox's default privacy protections for users, and if other companies will start adopting similar initiatives.