Mozilla's security team published a detailed report on May 7, 2026, describing how the Anthropic Mythos model transformed the company's approach to Firefox browser security. In just one month — April 2026 — the browser shipped 423 bug fixes, fourteen times more than in the same month the previous year. Some of the discovered vulnerabilities had been present in the codebase for more than 15 years.
Key takeaways
- April 2026: Firefox shipped 423 bug fixes — compared to just 31 in the same month a year earlier (13.7x increase)
- Mythos found Firefox sandbox vulnerabilities — the highest-valued bug category in Mozilla's bounty program (up to $20,000)
- A 15-year-old HTML parsing bug discovered automatically — not by a human researcher
- Anthropic previewed Mythos in April 2026 warning of thousands of critical bugs — Firefox is the first company to disclose results of the disclosure process
- AI does not fix discovered bugs — every patch still requires a human engineer
How Mythos works in the bug-finding process
Mythos is an Anthropic model designed specifically for finding software vulnerabilities. When the company previewed it in April 2026, it simultaneously disclosed that due to its effectiveness, it could not immediately release it to the public — doing so required first remediating thousands of discovered bugs in coordination with software vendors.
Mozilla describes the mechanism in detail: the model does not just statically scan code, but writes working exploits to demonstrate that a vulnerability can be triggered. For sandbox bugs — violations of the isolation layer protecting the operating system from malicious code inside the browser — Mythos writes a modified version of the browser and then attacks that secure portion with the new code. This is a delicate, multi-step process requiring both creativity and technical precision.
It is difficult to overstate how much this dynamic changed for us over a few short months. First, the models got a lot more capable. Second, we dramatically improved our techniques for harnessing these models.
Mozilla security team, May 2026.
Sandbox — the hardest category of bugs
Mozilla's bug bounty program pays up to $20,000 for each sandbox vulnerability — the highest reward in the entire program, reflecting the difficulty of finding and demonstrating such a bug. Despite the top-dollar bounty, Brian Grinstead — a distinguished engineer at Mozilla — confirms that Mythos finds sandbox bugs at a volume human researchers never matched.
"We do get them" — Grinstead said of human sandbox bug reports — "but not at the volume that we are able to find with this technique." Mozilla published details on 12 of the discovered bugs, including two unusual sandbox vulnerabilities and a 15-year-old error in how the browser parses an HTML element. The approach leverages agentic AI capabilities to write and validate exploits autonomously before reporting them.
AI writes exploits, humans write patches
One of the key takeaways from Mozilla's report is counterintuitive: despite spectacular AI progress in coding, Firefox does not use models to write production patches. The model generates a draft patch that serves as a starting point or reference for an engineer — but the final code always passes through two pairs of human eyes: author and reviewer.
"For the bugs we're talking about in this post, every single one is one engineer writing a patch and one engineer reviewing it" — Grinstead explained. "We have not found it to be automatable." This boundary between AI as a bug detector and AI as a patch author is deliberate: security vulnerabilities require a level of precision and contextual understanding where human verification remains essential.
Does AI favor offense or defense?
The question of power balance in cybersecurity has no clear answer. Dario Amodei (Anthropic CEO) presented an optimistic thesis: since the number of bugs is finite, mass discovery and remediation systematically strengthens defense. "If we handle this right, we could be in a better position than we started" — he said at a recent event.
Grinstead is more measured: "It's useful for both attackers and defenders, but having the tool available shifts the advantage a little bit to defense. Realistically, nobody knows the answer to this yet." One month after the Mythos preview, most discovered bugs in other software projects have likely not yet been patched — creating a potential window for attackers using similar techniques.
Why it matters
The scale of change is unprecedented in the history of software security: a 13x increase in fixed bugs within one year, with the only changed variable being the AI tool, not the team size. Previous AI-based bug-finding suffered from high false positive rates and flooded security teams with low-quality reports. Mythos and similar next-generation models filter results through self-assessment — the agent verifies its own discoveries before reporting. This is a fundamental qualitative shift. Equally significant is the context: Firefox is one of the few browsers with an open codebase, which allowed Mozilla to analyze the process in detail. If similar results are occurring in closed systems, the scale of unknown vulnerabilities in widely-deployed software may be far larger than previously assumed.
What's next
- Mozilla announced continued collaboration with Anthropic and further publication of results — the next report is expected to cover bugs discovered in Q2 2026
- Anthropic is conducting responsible disclosure for bugs in other projects according to industry standards — most have not yet been patched, maintaining short-term risk
- Mozilla's bug bounty program may need restructuring: as the volume of discovered sandbox bugs grows geometrically, the budget for human researcher rewards will require revision
