For years, the cybersecurity landscape has been defined by a fundamental asymmetry: it is inherently easier to find a single flaw to exploit than it is to secure every possible entry point. Attackers need only one opening; defenders must guard them all. New data from Mozilla suggests that the scales may finally be tilting. Using a preview version of Anthropic's latest model, Mythos, developers identified 271 security vulnerabilities in the source code for Firefox 150 before its public release — a figure that, if it holds up to scrutiny, represents one of the largest single-pass automated audits of a major open-source codebase on record.
The volume alone is striking. When Mozilla tested Anthropic's Opus 4.6 model against Firefox 148 just last month, the AI uncovered only 22 bugs. The leap from 22 to 271 is not incremental improvement; it is a step change, the kind of discontinuity that forces a reassessment of what automated code analysis can actually do.
From static analysis to semantic comprehension
Automated vulnerability detection is not new. Static analysis tools — programs that scan source code for known patterns of insecure behavior — have been part of the software development pipeline for decades. Fuzzers, which bombard programs with random or malformed inputs to trigger crashes, have likewise been standard practice at organizations like Mozilla and Google. These tools are effective at catching well-understood bug classes: buffer overflows, use-after-free errors, integer overflows.
What large language models appear to bring is something qualitatively different: the capacity to reason about code semantically, identifying not just pattern matches but logical flaws in how components interact. A static analyzer can flag a known-dangerous function call. A sufficiently capable LLM can, in principle, trace data flow across modules, recognize implicit assumptions that violate security invariants, and flag vulnerabilities that no existing rule set would catch. The jump from 22 to 271 findings suggests that Mythos may be operating closer to this second mode — though without Mozilla's disclosure of the specific severity and nature of the bugs, the precise character of the improvement remains an open question.
Firefox is a particularly meaningful test case. It is a mature, heavily audited codebase with decades of security review behind it. Finding a handful of new vulnerabilities in such a project is expected. Finding hundreds implies either that prior tooling left significant blind spots or that Mythos is surfacing lower-severity issues that previous audits deprioritized. The distinction matters: 271 critical remote code execution flaws would be a different story than 271 minor logic errors. Mozilla has not yet drawn that line publicly.
The dual-use problem and Anthropic's restricted rollout
The defensive promise of a model like Mythos is inseparable from its offensive potential. A tool that can find 271 vulnerabilities in Firefox before release could, in adversarial hands, find them in deployed software that has not yet been patched. This is the classic dual-use dilemma of security research, amplified by the scalability of AI. A skilled human researcher might find a handful of zero-days in a year of focused work. A model that can scan millions of lines of code in hours compresses that timeline dramatically — for anyone with access.
Anthropic's response has been to restrict Mythos to a select group of "critical industry partners," keeping the model out of general availability. The approach mirrors the controlled disclosure norms that have governed vulnerability research for years, but applies them at the model level rather than the bug level. Whether that containment strategy holds as the underlying capabilities proliferate — through Anthropic's own future releases or through competitors reaching similar performance — is a separate and harder question.
Firefox CTO Bobby Holley framed the results in optimistic terms, suggesting that defenders have "rounded the curve" and may now hold a structural advantage. That framing carries weight coming from someone responsible for shipping a browser to hundreds of millions of users. But the asymmetry it describes is conditional: defenders benefit only if they have access to the best models before attackers do, and only if they can act on findings faster than adversaries can weaponize them. The window between discovery and patch remains the contested ground.
The deeper tension is whether AI-driven auditing ultimately favors the side that deploys it first or the side that deploys it most broadly. If models like Mythos remain gated, defenders at well-resourced organizations gain an edge. If the capability diffuses — as most AI capabilities eventually do — the asymmetry reverts to its historical norm, just at higher speed. Which of those futures arrives first may depend less on the models themselves than on the institutions that control access to them.
With reporting from Ars Technica.
Source · Ars Technica
