Mozilla says an early version of Anthropic’s Claude Mythos AI flagged 271 security flaws in Firefox during internal testing — and the team patched them this week. The scale of the results underlines how advanced AI is beginning to do at-scale code scanning that used to demand long, manual work from security teams.
Why it matters for crypto users
Browsers are a primary interface to web3: wallets, dApps, and browser extensions all depend on the same codebases that handle sensitive keys and transactions. Faster, more thorough discovery of browser bugs therefore has direct implications for the safety of crypto users and decentralized services.
What happened
- Mozilla ran an internal audit using an early Claude Mythos build and says the model surfaced 271 vulnerabilities in Firefox. All were patched this week.
- Earlier testing with a different Anthropic model had previously revealed 22 security-sensitive bugs in an earlier Firefox release.
- Mozilla reports the AI did not find exploit classes beyond what top human researchers could reach, but it found many more faster — a result that surprised the team and prompted caution about keeping up with discovery rates.
About Claude Mythos and Project Glasswing
- Claude Mythos, launched by Anthropic in March, is positioned as the company’s most advanced model for reasoning, coding and cybersecurity tasks.
- Anthropic claims the model can identify large numbers of unknown vulnerabilities across operating systems and browsers in pre-release tests.
- Access to the system is tightly controlled through Project Glasswing, a restricted initiative giving a handful of companies — including Amazon, Apple and Microsoft — the ability to scan software with the model.
Security upside — and the risk
- Mozilla says this may be a turning point for defenders: AI tools could help close the longstanding gap between attackers and defenders, enabling teams to find and fix far more bugs quicker.
- At the same time, security researchers warn the same capability can be weaponized. Automated, large-scale code analysis could accelerate offensive discovery of exploitable bugs.
- Independent testing by the U.K.’s AI Security Institute demonstrated the model could autonomously complete a multi-stage simulated corporate network attack, raising alarms among governments and operators.
Government interest and industry challenges
- Despite past tensions between Anthropic and U.S. policymakers, sources say the National Security Agency has deployed a Claude Mythos Preview on classified networks — a sign of active interest from U.S. agencies in AI-assisted vulnerability discovery.
- Anthropic acknowledges that existing cybersecurity benchmarks are struggling to keep pace with the latest generation of models, complicating how we evaluate these systems’ strengths and risks.
Mozilla’s view
Mozilla stresses that while eliminating all software exploits has long been unrealistic, these AI advances change the calculus. The company believes browser code remains human-reasonable and that AI is amplifying defenders’ ability to find issues more quickly, not uncovering fundamentally new classes of bug that are beyond human comprehension. “For a hardened target, just one such bug would have been red-alert in 2025,” they wrote — finding many at once forces a rethink of defenses and resource allocation.
Bottom line for crypto platforms and users
Rapid AI-assisted auditing can strengthen the security of the software layer that underpins web3, but the dual-use nature of these tools means the community must accelerate patching, auditing, and best practices (e.g., isolating wallets, auditing extensions). As defenders gain new tools, the race between offense and defense is entering a new, faster phase — and browsers like Firefox are now a frontline in that contest.
Read more AI-generated news on: undefined/news
