Mozilla says Anthropic Mythos found many serious security bugs in Firefox

In short: Mozilla says Anthropic’s Mythos AI is helping it find many high-severity security bugs in the Firefox browser.

What's going on

Mozilla researchers say a new AI system from Anthropic, called Mythos, has changed how they look for security problems in Firefox. A security bug is a mistake in software that could let an attacker do something they should not be able to do, like steal data or take control of part of a program.

In a blog post, Mozilla said Mythos found many serious issues, including bugs that had been sitting in Firefox’s code for more than 10 years. One example was a 15-year-old mistake in how Firefox reads certain HTML (the basic building blocks of web pages).

Mozilla also highlighted results from April 2026, when Firefox shipped 423 bug fixes, compared with 31 in April 2025. The team said earlier AI bug-finding tools often created too many false alarms, but the newer tools are getting better at checking their own work and filtering out bad reports.

The AI also found problems in Firefox’s “sandbox,” which is a safety barrier that is meant to keep risky web content contained (like keeping a messy experiment inside a sealed box). Mozilla’s bug bounty program pays up to $20,000 for sandbox bugs, but Mozilla says Mythos is finding more of them than people typically do.

What to watch

Mozilla says it is not letting AI directly fix these bugs. Human engineers still write and review every patch. A key question is whether tools like Mythos will mostly help defenders fix problems faster, or also help attackers find more ways in.

Source: TechCrunch AI