In short
- Mozilla says Anthropic’s Claude Mythos recognized 271 vulnerabilities in Firefox throughout testing.
- Anthropic is limiting the mannequin to vetted companions via Challenge Glasswing due to cybersecurity dangers.
- Researchers warn that the identical functionality may speed up automated cyberattacks.
For many years, attackers have had the benefit in cybersecurity. Synthetic intelligence could also be about to alter that.
In a weblog submit printed on Tuesday, Firefox browser developer Mozilla stated an early model of Anthropic’s Claude Mythos AI—which has drawn consideration in current weeks for its purported cybersecurity prowess—mannequin helped establish 271 vulnerabilities within the browser throughout inside testing. These bugs had been patched this week.
The outcomes spotlight how superior AI methods can analyze giant codebases and find weaknesses that beforehand required in depth handbook evaluate by human cybersecurity researchers.
“As these capabilities attain the palms of extra defenders, many different groups are actually experiencing the identical vertigo we did when the findings first got here into focus,” Mozilla wrote. “For a hardened goal, only one such bug would have been red-alert in 2025, and so many without delay makes you cease to wonder if it’s even attainable to maintain up.”
Mozilla had earlier examined one other Anthropic mannequin that recognized 22 security-sensitive bugs in a earlier Firefox launch. Regardless of these successes, Mozilla acknowledged that the cybersecurity trade has lengthy handled the entire elimination of software program exploits as an “unrealistic purpose.”
“Till now, the trade has largely fought safety to a draw,” the corporate wrote. “Distributors of essential internet-exposed software program like Firefox take safety extraordinarily severely and have groups of people that get away from bed each morning fascinated by the way to maintain customers secure.”
Mozilla stated the brand new AI system can analyze supply code and establish vulnerabilities in ways in which beforehand relied on scarce human experience. Nevertheless, Mozilla stated the corporate was inspired to see that no bugs had been discovered that could not have been found by “an elite human researcher.”
“Some commentators predict that future AI fashions will unearth solely new types of vulnerabilities that defy our present comprehension, however we don’t suppose so,” they stated. “Software program like Firefox is designed in a modular means for people to have the ability to cause about its correctness. It’s advanced, however not arbitrarily advanced.”
The outcomes, nonetheless, counsel AI instruments may permit builders to uncover giant numbers of vulnerabilities earlier than attackers exploit them—although conversely, within the mistaken palms, it may spell large hassle for software program companies and customers alike.
Launched in March, Mythos is Anthropic’s most superior mannequin for reasoning, coding, and cybersecurity duties. Inside firm supplies describe the system as a part of a brand new mannequin tier past the corporate’s earlier Opus collection.
Testing performed earlier than the mannequin’s launch confirmed it may establish hundreds of beforehand unknown vulnerabilities throughout main working methods and net browsers.
Anthropic has restricted entry to the system via a restricted program known as Challenge Glasswing, which supplies choose know-how firms—together with Amazon, Apple, and Microsoft—the flexibility to make use of the mannequin to scan software program for weaknesses. It displays a rising effort throughout the cybersecurity trade to make use of AI methods to establish and patch vulnerabilities earlier than attackers can exploit them.
Nevertheless, the identical know-how may additionally allow new types of cyberattacks. Safety researchers say AI methods able to analyzing code at scale may automate the invention of exploitable vulnerabilities throughout extensively used software program.
After the launch of Mythos, testing by the U.Ok.’s AI Safety Institute discovered that the AI may autonomously execute advanced cyber operations, together with finishing a multi-stage company community assault simulation with out human help. These capabilities have drawn consideration from governments and intelligence companies alike.
Regardless of a name from President Donald Trump’s administration to cease utilizing Anthropic’s know-how resulting from a conflict over its use in warfare and surveillance issues, on Monday, the Nationwide Safety Company was revealed to be operating Claude Mythos Preview on categorised networks, in line with sources acquainted with the deployment. Using Mythos underscores the rising curiosity amongst U.S. safety companies within the mannequin’s skill to establish essential software program vulnerabilities.
The mannequin’s efficiency has additionally uncovered limits in present AI analysis methods. Earlier this month, Anthropic acknowledged that a number of cybersecurity benchmarks are not adequate to measure the capabilities of its latest fashions.
Mozilla stated the outcomes level to a possible shift in cybersecurity, the place defenders might start to shut the long-standing benefit attackers have held.
“We’re extraordinarily happy with how our group rose to fulfill this problem, and others will too,” Mozilla wrote. “Our work isn’t completed, however we’ve turned the nook and might glimpse a future a lot better than simply maintaining. Defenders lastly have an opportunity to win, decisively.”
Mozilla didn’t instantly reply to a request for remark by Decrypt.
Day by day Debrief E-newsletter
Begin day-after-day with the highest information tales proper now, plus unique options, a podcast, movies and extra.