AIToday

Claude Mythos Preview found 271 previously unknown vulnerabilities in Firefox 150, including bugs up to 20 years old, using an AI system that writes and runs its own test cases to verify findings.

THE DECODERMay 8, 20262 min read
Claude Mythos Preview found 271 previously unknown vulnerabilities in Firefox 150, including bugs up to 20 years old, using an AI system that writes and runs its own test cases to verify findings.

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Anthropic's Claude Mythos Preview identified 271 unknown security vulnerabilities in Firefox 150. Mozilla resolved 423 security issues in April — a jump from 76 in March — with roughly a third of the remaining 111 internally discovered bugs also coming from Mythos runs.

  2. The breakthrough came from agentic systems (AI that builds and runs its own test cases) rather than read-only analysis with earlier models like GPT-4 and Claude Sonnet 3.5, which produced too many false positives. Mozilla's pipeline deduplicates reports, prioritizes findings, and tracks fixes through to release.

  3. Specific vulnerabilities included a 15-year-old bug in the HTML label element, a 20-year-old bug in the XSLT XML tool, and multiple ways to escape the sandbox — the security mechanism isolating websites from the system. One example: an HTML table with more than 65,535 rows caused an internal counter to overflow.

  4. Mozilla plans to integrate the pipeline directly into its development process so every new piece of code is automatically checked before it gets committed.

Discussion

No comments yet. Be the first to share your thoughts!

Log in to join the discussion

Related Articles

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →