Anthropic Mythos discovers 271 software vulnerabilities in Firefox 150 before release

Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150

Earlier this month, Anthropic said its Mythos Preview model was so good at finding cybersecurity vulnerabilities that the company was limiting its initial release to "a limited group of critical industry partners." Since then, debate has raged over whether the model presages an era of turbocharged AI-aided hacking or if Anthropic is just building hype for what is a relatively normal step up on the ladder of advancing AI capabilities. Mozilla added some important data to that debate Tuesday, writing in a blog post that early access to Mythos Preview had helped it pre-identify 271 security vulnerabilities in this week's release of Firefox 150. The results were significant enough to get Firefox CTO Bobby Holley to enthuse that, in the never-ending battle between cyberattackers and cyberdefenders, "defenders finally have a chance to win, decisively." "We've rounded the curve" Holley didn't go into detail on the severity of the hundreds of vulnerabilities that Mythos reportedly detected simply by analyzing the unreleased source code of Firefox's latest version. But by way of comparison, he noted that Anthropic's Opus 4.6 model found only 22 security-sensitive bugs when analyzing Firefox 148 last month. The vulnerabilities identified by Mythos could have also been discovered either by automated "fuzzing" techniques or by having an "elite security researcher" reason their way through the browser's complex source code, Holley writes. But using Mythos eliminated the need to "concentrate many months of costly human effort to find a single bug" in many cases, Holley added. By identifying bugs so efficiently, Holley writes that AI tools like Mythos tilt the cybersecurity balance toward defenders, who benefit when discovering vulnerabilities becomes cheaper for both sides. "Computers were completely incapable of doing this a few months ago, and now they excel at it," Holley writes. "We have many years of experience picking apart the work of the world's best security researchers, and Mythos Preview is every bit as capable." In an interview with Wired, Holley said that, from now on, this kind of AI-aided vulnerability analysis is something that "every piece of software is going to have to [engage with], because every piece of software has a lot of bugs buried underneath the surface that are now discoverable." And while it's possible that future models more advanced than Mythos may be able to find bugs that current models miss, Holley said he was confident that "at least on the Firefox side, having had a bit of a head start here, that we've rounded the curve." Running through the AI-aided defense gauntlet could be especially important for the open source projects that underpin much of the modern Internet. That's both because their public codebases are easier for AI systems to explore for vulnerabilities and because many such projects rely on wildly insufficient volunteer maintenance for their security. In a New York Times essay last week, Mozilla CTO Raffi Krikorian argued that the human difficulty of both finding bugs and writing complex software has created a kind of balance in cyberthreat research that Mythos could break wide open. "The programmer who gave 20 years of his life to maintain [open source] code that runs inside products used by billions of people? He doesn't have access to Mythos yet. He should," Krikorian wrote.

Project Glasswing Aims to Catch Critical Software Bugs

Malicious actors are now exploiting generative AI to carry out cyberattacks: scamming victims using AI-generated deepfakes, deploying malware developed with the help of AI coding tools, using chatbots to pull off phishing campaigns, and hacking widely used open-source code repositories with AI agents. And these AI-driven threats are rising. In early April, Anthropic's Frontier Red Team, which evaluates the potential safety and security risks posed by the company's AI models, announced that the company's Claude Mythos Preview model has identified thousands of high- and critical-severity vulnerabilities. The list includes some in "every major operating system and every major web browser," despite the model not being explicitly trained for this. Those findings prompted Anthropic to also establish Project Glasswing to help thwart AI-assisted cyberattacks. Its launch partners -- which include tech giants such as Amazon Web Services (AWS), Apple, Google, Microsoft, and Nvidia -- will use Mythos Preview to scan and secure software. While generative AI's coding, reasoning, and autonomous capabilities have become powerful enough to spot potential code security weaknesses, these same skills also enable it to exploit those flaws. Cybersecurity experts believe that finding the right and safe balance for using AI in detecting code vulnerabilities seems feasible -- as long as layers of verification are built into the process, and human judgement and expertise remain an essential part of the process. Among the vulnerabilities discovered by Mythos Preview are a 27-year-old bug in OpenBSD, an open-source Unix-like operating system, that enables a remote attacker to crash any machine running the OS; a web browser exploit that could allow a cybercriminal with their own website domain to read data from another domain, such as a user's bank; and a number of weaknesses in cryptography libraries that could, for instance, let hackers decrypt encrypted communications or forge certificates. Finding bugs is nothing new, especially for cybersecurity researchers, but AI serves as yet another tool in the toolbox, says Jeremy Katz, vice president of code security at Sonar, a company that offers code verification solutions. Large language models are adept at fulfilling directed queries to search for specific security vulnerabilities. "You can point an AI agent at a large codebase, and they're very good at finding the needle in a haystack," he adds. For Nayan Goel, a principal application security engineer at financial services company Upgrade, speed and semantics set AI models apart. They can pinpoint vulnerabilities faster than humans, and their ability to reason about the semantics of code, following data flows across different abstraction layers, is a cut above the pattern matching functionalities of traditional static analysis tools. "That's the kind of cross-component reasoning that is structurally beyond what rule-based tools can do," Goel says. "And what this new generation of tools is doing is closer to how a security researcher would actually think." Andrew Wesie, cofounder and chief technology officer at cybersecurity company Theori, takes a similar optimistic view. "We have an approach that may actually help us find all the bugs -- that was always considered to just be a pie-in-the-sky dream. And we're at the point where that does work." Despite their promising potential, LLMs are still prone to generating false positives. That could mean incorrectly flagging a bug as a security vulnerability, for example, or overstating a bug's severity. This makes it challenging to find the signal among the noise, especially for the volunteers maintaining important open-source resources, who face pressure to provide prompt fixes. Katz has witnessed this as someone who works closely with open-source maintainers on coordinated vulnerability disclosure. "I'm seeing a drastic uptick in the number of things being reported. In many cases, they're real bugs that would be good to fix but not actually a security vulnerability -- that fine line is getting lost. And just the amount of time to triage is becoming pretty large." Another drawback involves AI tools that can be attacked (such as through prompt injections) but can also do the attacking themselves. Mythos Preview, for example, can chain together separate but related vulnerabilities to form a step-by-step exploit that grants root access to the Linux kernel, the core or "seed" of the OS. Harnessing AI's benefits while avoiding its shortcomings is possible, according to cybersecurity experts. Tools such as Claude Code Security and Google's CodeMender conduct what's called an adversarial self-review pass, which means they can challenge and critique their own results before presenting them. This additional layer of scrutiny, which can also include an LLM or AI agent sending its findings to another model or agent for validation, could lessen false positives and build checks and balances into the process. But Goel emphasizes that the issues AI models flag must still be checked and confirmed by humans. "These tools produce probabilistic outputs. They're not the final verdict," he says. "They cannot act as a substitute for your secure design reviews or penetration testing reviews. You still need somebody who understands the business logic behind your code and reviews that. And anytime AI gives us a finding, it goes through a verification process. There's always a human in the loop so we create these trust boundaries." Goel also cites dynamic threat modeling and red teaming as other ways to achieve a safe balance for using AI in hunting code vulnerabilities. Dynamic threat modeling evaluates likely threats to AI systems and how to mitigate them as systems evolve, while red teaming assesses the safety and security of AI systems and the possible risks they might introduce. Uncovering the middle ground for code vulnerability detection also requires some process changes. Shifting security earlier in the software development process, when programmers are crafting code, can make a huge difference. "Organizations need to implement ongoing education and upskilling programs that give developers the skills they need to mitigate flaws in software before they can be released," says Matias Madou, cofounder and chief technology officer at software security firm Secure Code Warrior. "By ensuring that we have developers who can effectively create and review secure code from the start, we're taking the necessary steps to protect against potential disaster." As AI gets better at identifying the right code security weaknesses and accurately classifying their severity, the next challenge becomes closing the gap between detecting and fixing vulnerabilities at scale."The last bit of that workflow is remediation," says

Mozilla Used Anthropic's Mythos to Find and Fix 151 Bugs in Firefox

Amid a raging debate over the impact that new AI models will have on cybersecurity, Mozilla said on Tuesday that its Firefox 150 browser release this week includes protections for 271 vulnerabilities identified using early access to Anthropic's Mythos Preview. The Firefox team says that it has taken resources and discipline to adjust to the firehose of bugs that new AI tools can uncover, but that this big lift is necessary for the security of Mozilla's users, given that the capabilities will inevitably be in attackers' hands soon. Both Anthropic and OpenAI have announced new AI models in recent weeks that the companies say have advanced cybersecurity capabilities that could represent a turning point in how defenders -- and, crucially, attackers -- find vulnerabilities and misconfigurations in software systems. With this in mind, the companies have so far only done limited private releases of their new models, and both have also convened industry working groups meant to assess the advances and strategize. In practice, though, cybersecurity experts have a range of views on how consequential the new capabilities will be. Mozilla's experience, at least in the short term, shows that AI tools like Mythos Preview could have a profound impact for vulnerability hunters. "Our belief is that the tools have changed things dramatically, because now we have automated techniques that can cover, as far as we can tell, the full space of vulnerability-inducing bugs," says Bobby Holley, Firefox's chief technology officer. For years, he says, Firefox and other organizations have relied on a combination of automated vulnerability hunting techniques, like software fuzzing, and manual vulnerability hunting by internal and external researchers to find and fix flaws. And attackers have had these same tools and methods at their disposal. "There were categories of bugs that you could find with human analysis that you couldn't find with automated analysis and, therefore, it was always possible if you were a threat actor and you were willing to spend many millions of dollars to find a bug -- we tried to drive the price of that as high as possible," Holley says. Holley now says that emerging AI capabilities will create a sort of bootcamp that all software will have to go through one way or the other to find and fix a set of latent vulnerabilities in their code. Companies like Anthropic and OpenAI seem to be trying to get as many major players as possible to go through this overhaul before the capabilities are more widely available. "Every piece of software is going to have to make this transition, because every piece of software has a lot of bugs buried underneath the surface that are now discoverable," Firefox's Holley says. "This is a transitory moment that is difficult and requires coordinated focus and a lot of grit to get through, but I think that it is a finite moment, even as the models become more advanced. Maybe the more advanced models will find a few things here or there, but I believe that, at least on the Firefox side having had a bit of a head start here, that we've rounded the curve." Holley says that the Firefox team gained access to Mythos Preview as part of direct collaboration with Anthropic and that Mozilla is not formally part of its larger consortium, called Project Glasswing. Firefox is open source, a type of software that in general could be particularly impacted by new AI bug hunting capabilities given that many open source projects are widely used and relied upon around the world and yet are often maintained by a very small group of volunteers or just one person. And the effects could be especially consequential for "abandonware" that is no longer maintained at all.

Attack of the killer script kiddies

Last August, some of the best cybersecurity teams in the business gathered in Las Vegas to demonstrate the strength of their AI bug-finding systems at DARPA's Artificial Intelligence Cyber Challenge (AIxCC). The tools had scanned 54 million lines of actual software code that DARPA had injected with artificial flaws. The teams were capable enough to identify most of the artificial bugs, but their automated tools went beyond that -- they found more than a dozen bugs that DARPA hadn't inserted at all. Even before the security earthquake that Anthropic delivered this month with Claude Mythos -- the new AI model that seems to find vulnerabilities in every piece of software it's pointed at -- automated systems were growing increasingly capable of finding coding flaws. And fears are growing that not only can AI detect these flaws, but also be used to exploit them, putting hacking skills into the hands of everyone across the planet. This isn't an empty threat. For decades, this type of no-skill hacker, known as a script kiddie, has wreaked havoc, running scripts they ripped from the internet or copied from exploit tool kits. They didn't fully understand or have the technical know-how to write these scripts themselves. And yet they were still able to deface websites and propagate viruses. What's happening now represents a major escalation, where people without technical backgrounds are able to use AI to enhance their capabilities in a way that wasn't possible with simple scripts. It is likely to have far more wide-reaching repercussions. "There's a tidal wave coming. You can see it. We can all see it," said Dan Guido, CEO and cofounder of cybersecurity firm Trail of Bits, which was a runner-up in the challenge. "Are you going to lay down and die, or are you going to do something about it?" Even beyond Project Glasswing, Anthropic is trying to prevent the misuse of its software by criminals. A week after announcing Mythos, the company released Claude Opus 4.7, which for the first time built in safeguards meant to block malicious cybersecurity requests. (Security professionals who want to use the model defensively can apply to the company's Cyber Verification Program.) Anthropic's announcement of Mythos sent shockwaves throughout the industry, but there were warning signs of AI's cybersecurity prowess prior to it. In June 2025, the autonomous offensive security platform XBOW beat out human hackers to top the leaderboard of HackerOne, a bug bounty platform, indicating big leaps in the ability of AI models to find bugs. By the time AIxCC rolled around, "there were already 10 to 20 different bug-finding systems that could find orders of multitude more bugs than we could patch," Guido said."This is actually not a new problem." AI is great at pattern matching, and it's becoming easier and easier for people to find variants of bugs that are already known and ones that have not yet been discovered. And writing exploits is becoming easier as well. "You can use AI tools and with very minimal human guidance, and in some cases no human guidance, find a zero day in widely used software," said Tim Becker, senior security researcher at Theori, which was also a finalist in the competition. The concern is palpable across the industry, and improvements to models -- along with improved understanding of their capabilities -- are happening at lightning speed. Open-weight models, or models whose trained parameters (also known as weights) are publicly available, also pose risk. In fact, sophisticated threat actors would be far more likely to run their own deployments to prevent the exploits from being exposed on Anthropic or OpenAI servers, Becker said, as Anthropic may retain data to monitor abuse. And the industry is bracing for what may come next. Other model creators may not be as cautious as Anthropic, potentially unleashing their powerful new tools straight to the public. "Mythos or not, this is coming," Guido says. Mythos represents a step up at writing exploits, but current models are capable, too. Security researchers are already using more widely available models to report vulnerabilities to vendors before they're exploited in the wild. That means there's also the risk of malicious actors using them for ill purposes, such as creating exploits for oppressive regimes or stealing sensitive data on their own. Industry experts predict that the advancement in AI security capabilities is going to lead to a lot more exploits. Bad actors could direct AI to find bugs in uncommon pieces of software that no one previously would have put in the effort to exploit. "Now, because effort is cheap, you can do things that are lower down the food chain. You can write exploits for software that only one company has. You can write exploits for software that exists in only one configuration that one company has. And you can do it on the fly. So during the middle of an intrusion into some hospital and there's a wall standing between you and what you want, you can just point an LLM at that wall and say, 'Figure out a flaw here,' and it can grind until it's successful. And it'll find some vulnerability, it can find some configuration, it'll run an exploit, for a weakness that no one ever has before, and it'll do it with almost no effort on the part of the user... the hacker... the script kiddie," said Guido. This supercharges script kiddies, he says, because they'll be able to operate on their feet without the constraints of memorizing the weaknesses in random UNIX utilities but instead defaulting to the pretraining in the tool they are using. They'll be able to iterate through exploits targeting weaknesses at machine speed, something that no human -- let alone script kiddie -- can do. It's hard to determine exactly how much this is improving attacker capabilities, though there definitely seems to be a correlation. Security researchers can help us try to wrap our heads around the scale of bugs being discovered. Before Becker started working on automatic bug finding with AI, he worked on vulnerability research, finding zero days and reporting them to maintainers. He said it used to take him weeks or months to find a high-impact vulnerability in a brand-new codebase, and now it only takes hours. "I just drop the code into our AI bug-finding tool and in a couple hours I get a report with a bunch of candidate vulnerabilities, and most of them end up checking out and being real issues," he said. "The bar to diving into a new million-line codebase and finding a bug is so much lower than it used to be." Every release of an automated tool has led to some level of panic about how it might be exploited, whether that's text-to-image generators or open-source tools like the exploit development and delivery system Metasploit. The panic even goes back to 1995, when a free software vulnerability scanner named SATAN (an acronym for Security Administrator Tool for Analyzing Networks) was released. Often automated tools don't lead to the same level of mayhem that had been expected or predicted, due to prevention measures put in place, low adoption rates by attackers, or other factors. Joshua Saxe, CTO and cofounder of Security Superintelligence Labs, wrote in a blog post that exploits themselves don't cause cyberattacks, and that adoption of AI vulnerability research tools has been incremental. "There seems to be an implicit mental model where some new adversarial tool becomes available... and therefore we will immediately see criminal behavior with those tools. It's a kind of mental model where you don't even have to think about or do any empirical inquiry into what the humans are actually doing," he told The Verge. Saxe points out that it's possible there'll be friction in various attacker constituencies adopting these tools within their existing workflows and organization cultures."There's a whole human and organizational element here," he said. "It may be that there are certain attacker constituencies that are going to jump on these new tools, or it might be that the adoption curve is quite slow." Some may keep breaking into networks by phishing or using exploits they already have, while others might begin developing new exploits using these tools. While the rate of adoption is impossible to predict, there are steps companies can take to prepare for the coming onslaught of vulnerability reports. Katie Moussouris, founder and CEO of Luta Security, coined the term "Vulnapalooza" in a blog post complete with a concert poster and festival survival guide for security teams, explaining that this is the moment for companies to secure their weaker points. The advice for companies is not different from standard best practices: segmentation, working on identity and access management, using memory-safe code, and using phishing-resistant authentication and up-to-date software. The Cloud Security Alliance released an expedited strategy briefing on developing a "Mythos-ready" security plan detailing many of these concepts. The report also emphasized the need to not only patch vulnerabilities but also to identify which ones to prioritize. But the need to match machine speed threats is new, and the amount of bug reports is already skyrocketing, leading to the need to prepare for more incidents and mitigate and contain them at a faster rate. Moussouris says that many people in cybersecurity roles have been laid off because of AI's efficiencies, even though those efficiencies are exactly why more humans need to remain in the mix. Companies will need human threat hunters, threat intelligence officers, and incident responders to deal with the onslaught of new exploits. And they'll need people to decide which patches to prioritize and implement. "We don't have the AI defensive equivalent to automate all of those tasks, and I think we're going to need to staff up and hire a lot of people," she said. And organizations will need to build out secure software and secure architecture for networks to avoid ending up in an endless cycle of patching. "You have to build more secure software in the first place. We can't incident respond our way to resilience." Organizations that aren't ready to hire people could at least streamline their vendor onboarding processes to make it easier to bring on people or services as needed. "You don't want to be stuck in a four-month procurement process for a vendor when you're under fire and can't keep up with the patch rollout," Moussouris said. While many are concerned about vulnerabilities, Moussouris believes the so-called "vulnpocalypse" will actually manifest as a "patchpocalypse." "The model has already identified thousands of vulnerabilities, and that patch tsunami that's about to come from this coordination effort, that's going to be the first major pain point," she said. Organizations that are slow to patch their systems may have a rude awakening. Waiting too long risks active attacks on services that target vulnerabilities found by AI, perhaps even using exploits written by the models. "From the time a vulnerability is announced to the time where there is exploit code available has now shrunk to pretty much zero, and that is a major adjustment that I think people will have to take into account in their risk assessments and how long they can take to do things and how many resources they are applying towards this problem," she explained. There is an opportunity to use AI to at least speed up the remediation or mitigation process. Becker says that Theori is building a commercial tool called Xint that it's been running on open-source codebases, manually reporting high-severity findings to maintainers by sending detailed reports along with remediation suggestions on its own dime, both as a community hardening project and to demonstrate the tool's capabilities. Xint's current version was able to find all the bugs Mythos did when scanning the same codebases. It also found 12 additional zero-day vulnerabilities that were not part of Anthropic's announcement. But mitigating these bugs will not be as quick as finding them because it requires engineers who are extremely familiar with the codebase to determine whether the patches are the best way to fix the issues found or whether they may make the code less maintainable or harder to understand in the future. Sometimes a patch represents a way to fix a problem, but not the best way, so it'll take human time and effort to get the solutions to the finish line. The huge surge in bugs being reported can lead to a long queue of things to patch, especially for open-source maintainers, who may be unable to keep up with the load. While not all bugs are useful in an attacker's tool kit, sorting through the pile to determine which ones are a priority to fix can be almost as difficult as fixing them. "A lot of the prioritization needs to be contextual," Moussouris said. For example, a very bad bug running internally that would be hard for an outsider to access might be lower priority than a less critical bug that is exposed on the company's perimeter. Beyond prioritization of bugs, organizations will also need to decide when to apply patches that restrict functionality and may even lead to downtime, and when to wait. The fewer security controls they have in place, the more time they will need for patching. Simply putting out a patch makes it easier for attackers to reverse engineer the bug fix and exploit vulnerabilities they may have been otherwise unaware of on devices that have not yet been updated. That means that consumers, too, will need to get used to updating their software as critical fixes for security flaws increase dramatically. And organizations will want to invest in secure architecture to minimize the amount of patches they need to manage in the first place. But as Moussouris frames it, it doesn't have to be a reason to despair. "You don't have to treat it like this is going to be the worst thing that ever happened," she told The Verge. "You can treat it like, this is our opportunity to shore up some defenses and get some budget to do things we've been putting off." Whatever attitude organizations take, they need to be prepared. The stakes are higher, and even script kiddies have a lot more opportunities to find and exploit vulnerabilities. Companies need a plan to deal with this new threat of AI-enabled attacks. "2026 is the make-it-or-break-it year," Guido said. Companies need to secure their systems now, while they still have time to get ahead. "And if they don't do that, we're going to end 2026 with everything on fire."

New Firefox update patches a whopping 271 bugs, thanks to Claude Mythos

Anthropic's Claude Mythos Preview AI model found the many flaws. Keeping your web browser updated can be a hassle. But typically, you want to snag the latest updates as they introduce new features and fix security holes. That's certainly the case with the newest update to Firefox. Released on Tuesday, Firefox 150 enhances a variety of must-have features, including split view, tab management, language translations, and the built-in PDF editor. But even more critically, the new version patches a whopping 271 security bugs, thanks to the help of AI. Also: Can you trust Firefox's new free VPN for all browser users? What you need to know First, let's look at the new and improved features. Introduced to Firefox in March, Split View lets you view two web pages side-by-side in the same window, an option that had already been available in Chrome and Microsoft Edge. You can then compare the two pages and work with each one separately. With Firefox 150, you can now right-click on any link on a page and open it in split view to see it alongside your current page. When in Split View mode, you're also able to search your open tabs and reverse the order of the two pages. You've always been able to share single pages in Firefox with another person or device. Now, you can share multiple tabbed pages in one shot. Just select the tabs you wish to share and right-click on any of them. Select Share from the menu and then click the command to copy X number of links. When you paste the links into other apps, both the page title and URL are included. Also: I've used nearly every browser out there, and these are my top 4 (spoiler: Chrome is out) This sounds like a useful feature if only it worked. In version 150, when I right-click multiple tabs, there is no Share command, unlike when I right-click a single tab. I contacted Mozilla to find out why this isn't working as described. Need to translate a piece of text into a different language? You can now do that easily enough in Firefox. Type the phrase "about:translations" in the address field. You're then taken to a translation page similar to Google Translate. Here, you can copy and paste the text you want translated. Select the source language or let the tool automatically detect it. Select the target language. The translation then appears. Beyond just displaying a PDF you find online or load from your PC, Firefox will now let you edit it. Using the built-in PDF editor, you're able to reorder, copy, paste, delete, and even export individual pages from a PDF. To try this, open a PDF in Firefox and click the Manage pages icon in the upper left. You'll then see thumbnails of all the pages in the file. Here, you can select individual pages to delete them, as well as copy or cut them to paste them elsewhere. You can also move pages by dragging and dropping them, and export individual pages as separate files. When done, you can save the modified PDF. Also: How Google's updated AI Mode will ease your tab clutter when you search To update Firefox on the desktop, click the three-lined icon at the top, click Help, and select About Firefox. The browser will automatically download and install the latest update if necessary. Restart Firefox and you're set. That brings us to the security patches. Firefox 150 includes fixes for 271 security vulnerabilities. The list includes ones rated high, medium, and low. But collectively, they represent a record compared with the dozens of vulnerabilities typically addressed by past Firefox updates. How did the Firefox team find and fix so many security flaws? Thank AI. To uncover the underlying flaws, the team turned to an early version of Anthropic's Claude Mythos Preview, as revealed in a Mozilla blog post. Since February, the folks at Mozilla have been using frontier AI models to root out latent security holes in the browser. Previously, they used Anthropic's Opus 4.6 model to scan Firefox version 148, leading to fixes for 22 security bugs. Also: The best secure browsers for privacy in 2026: Expert tested Typically, Mozilla's human bug hunters are tasked with seeking out security flaws in Firefox. Even with advanced tools, that process can naturally take time. Anthropic's game-changing AI model was able to find such a large number of flaws much faster and more efficiently. And the results are more than promising. The model can uncover any category or level of vulnerability that humans can identify, meaning nothing is missed. Other major tech players such as Apple, Google, and Microsoft are also working with Claude Mythos as part of an initiative called Project Glasswing. This use of AI could be a turning point in cybersecurity. Typically, the defenders struggle to keep up with the attackers. In part, that's because the attackers need to find only one critical vulnerability to exploit; the defenders need to find them all. But the right AI model gives the good guys a powerful tool in their arsenal, one that Mozilla is clearly putting to good use.

Mythos sniffs out your bugs, can't fix your bloody idiots

Opinion In retrospect, calling it Mythos made it a hostage to fortune. Anthropic may have hoped that the name implied its AI code security model had mythical god-like powers, but there's an alternate reading. Another definition for Mythos is a set of beliefs of obscure origin which are incompatible with reality. That reality is trickling in, and it's looking less mythical, more typical. Mythos is a great tool that can automate a lot of the things expert humans do, and it's the expert humans who get the most from it. It is very good at finding classes of vulnerability that humans know about, while not finding ones that they don't. Training, amirite? Project Glasswing, limiting early use to trusted partners with a real need, is probably a responsible approach to using its powers for good, but other unrestricted models are quite good at this too. Some hype, some truth, LLMs gonna LLM. It is cynical to say the only real innovation is an AI company operating ethically. Equally cynical is seeing the closed roll-out and the attendant publicity as merely an exercise in hype. It is more constructive, arguably more accurate, and certainly more exciting, to take all this as an early glimpse of a better future. One where the threat landscape stops being a function of geological and climactic forces we can't control, turning instead into one cultivated, controlled and gratifyingly anti-climactic. Two propositions point the way. One is that the effectiveness of tools like Mythos will continue to evolve, exposing more and more structural and individual code flaws. The other, that these tools will inevitably become generally available. How quickly and cheaply may be controllable, but the outcome is inevitable. There are no long-term secrets in IT. Right now, and for some time to come, most running code has been written in the pre-industrial age of vulnerability detection. Eyeballs, not AI balls, did the work. This is a bad public environment to dump roaming packs of implacable vuln-hunting robots. If they come too soon, it'll be messy. And they are coming. But if we survive that transition intact, then let the robots roam at will. There is one class of code that is guaranteed to present no security risks whatsoever, and that's undeployed code. New code has a lot of problems, some caught before deployment and some that aren't, but never an infinite number. Where truly excellent tools exist, code can be made truly excellent before release. It doesn't matter if the same tools are available to the bad guys thereafter. A good model, and cited often, is aviation safety. At the beginning of the jet age, new airliners had structural and mechanical faults that made them fall out of the sky. Over time, not only did design and material knowledge improve, but the engineering and regulatory disciplines evolved alongside. Now, we still have crashes, but they are inevitably traceable to things that could and should be done right, but weren't. There's no new undiscovered class of failure waiting in the wings. It is highly unlikely that code is anything different -- after all, we've been doing it precisely as long as we've been flying jets. Just fixing code vulnerabilities doesn't fix security, in the same way that knowing how to make and fly exquisitely safe aircraft stops fuel contamination, flocks of geese, or foolish humans from creasing the things. It does help immensely, though. Looking at exploits based on long chains of known and unknown vulns shows how flakey code can be, but it also shows how removing just one of those bugs shuts down the entire attack. The Swiss cheese model of failure works less and less well the more the cheese tends to cheddar. As for the holes outside the code, the supply chain exploits, the special engineering, the straightforward inside sabotage job, to the extent that we can encode, model and train on them, they too will be amenable to the inexhaustible patience of the inference engines. And while huge swathes of enterprise infrastructure continue to run old, unpatched or misconfigured systems, it'll be like flying on aircraft from the Age of Death. There's no IT equivalent of the FAA with the power to ground that which should never be flying, much as that would be a fun counter-factual. This too shall pass. There is no way that a tool which catches vulnerabilities by the hundred does not make old code safer, new code so much more so. It will be most interesting to see how the tools for finding flaws evolve alongside the techniques for designing, factoring and writing code for inherent strength. Nobody should expect the way things are now to be the most efficient, least expensive way there is. Nor should anyone expect human expertise to fall out of use. The fact that so many aviation safety issues revolve around human failure shows how intrinsic humans still are in design, construction, maintenance and operation aloft. Let computers do what computers are good at, let humans do what humans are good at. Old but true. We know from decades of digital life that humans aren't so good at security, and that computers aren't so hot at it either. In another old saying -- give us the tools and we can finish the job. Mythos isn't a tool that can let us do that, not yet. AI in general seems determined to make things worse. Now, at last, we can see a path forward, a different way of doing things that is likely to actually happen. What was a threat landscape can become a garden where good things grow. That's no myth, that's the future. ®

After Mythos: New Playbooks For a Zero-Window Era

When patching isn't fast enough, NDR helps contain the next era of threats. If you've been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic's new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities and subtle cracks in your defenses in operating systems and browsers -- work that once took experts weeks -- can now be done in minutes with AI. As a result, the patch window of opportunity is now near-zero. The situation is so critical that Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell recently convened an urgent meeting with the CEOs of major U.S. financial institutions to discuss the implied risks. The takeaway was straightforward: surging AI capabilities have upended risk profiles, with profound implications for institutional stability and integrity across industries. Mythos also highlights the gap between discovery and remediation. It easily surpassed human expertise, solving a complex corporate network simulation that would have taken more than 10 hours of expert programming skill. Its discoveries also found problems in decades-old software that had been missed in thousands of security reviews. From Mythos to the assume-breach era Mythos isn't the only AI model capable of finding vulnerabilities this quickly. Other parties have found them using more basic LLMs. If your company uses any type of software, you should assume that software probably contains thousands of these unknown vulnerabilities, just waiting to be exploited by AI-assisted discovery. This is not a failure of your security team; rather, it's the structural consequence of 30 years of accumulated software complexity meeting a leap in offensive AI capability. Now that near-zero exploit windows are the norm, "patch faster" or "patch better" are no longer enough. Security teams will need new playbooks, based on an assume-breach model: breaches will happen, and detecting them as they occur and containing them at scale will be paramount. These outcomes are decided in real time, on the network. How to bring an assume-breach model into everyday operations The assume-breach model has three operational requirements, each of which uses automated methods designed to collapse time to containment: In practice, this method of containment requires: Visualizing containment as the scoreboard Prioritize reducing mean-time-to-contain (MTTC) to limit damage while maintaining your watch over detection and response metrics (MTTD and MTTR). As AI accelerates exploitation and reshapes attack methods, the importance of speed in pinpointing, containing, and resolving threats increases. Compressing MTTC starts with real-time, comprehensive network visibility. With it, SOCs can detect post-breach behavior, determine the blast radius, and disrupt events before they spread further. Monitoring for AI-favored techniques Autonomous AI attacks increasingly use sophisticated techniques to evade detection, including living-off-the-land (LOTL) methods that conceal malicious activity within legitimate tools and processes. Network Detection and Response (NDR) platforms play a crucial role in identifying these subtle indicators of compromise. They do this by continuously monitoring network traffic for unusual behavior. Signs of such activity might appear as unusual SMB admin shares, NTLM where Kerberos is expected, or new RDP/WMI/DCOM pivots, all of which can signify lateral movement across your network. Advanced NDR platforms can also detect attackers leveraging LOTL techniques to maintain command and control communications and exfiltrate data while trying to avoid generating alarms. Indicators of command and control can manifest as beacon‑like connection patterns, rare JA3/JA4 and SNI pairs, high‑entropy DNS, or unsanctioned DoH or DoT. Anomalies such as off‑hours uploads, upload/download asymmetry, first‑time destinations (e.g., S3, Blob, GCS, or new CDNs), compression before egress, or the presence of tunnels and VPNs to new destinations can indicate exfiltration. Automating and maintaining your software inventory Many organizations still lack a real-time, accurate inventory of their software, leaving them struggling to understand how assets connect and communicate. This gap creates openings for adversaries. Automating asset inventory and mapping helps organizations understand their exposure, react more quickly to emerging threats, and shrink the available windows for exploiting vulnerabilities. Correlating and reconstructing attack chains Once a breach is detected, quickly understanding the scope is vital, especially as AI-driven threats move too fast for manual analysis. The once painstaking process of reconstructing events needs to be automated and delivered in real time. Corelight Investigator, part of the company's Open NDR Platform, automatically correlates alerts and network activity to help reconstruct detailed timelines of attacks. This makes it easier for your own systems to automate the response workflow, and to improve your resilience against these attacks. Automating containment Advances in detection and attack reconstruction should drive decisive, reliable containment. Limiting the spread of threats, the third leg of the assume-breach model, is what turns data and insight into tangible protection. Embedding automated containment into network defense workflows can reduce the risk that fast-moving threats escalate into widespread incidents. Toward a Mythos-ready security future Claude Mythos and other AI models are rapidly upending long-standing practices in cybersecurity. Preparing for this dynamic landscape means, in part, building adaptive defensive layers that can help you accelerate your defenses against adversarial AI. * Monitor: Maintain continuous network visibility and automate detections to identify threats early. * Assume-breach: Operate under the expectation that breaches will occur and focus on rapid response and containment. * Protect: Safeguard your trusted ecosystems by strengthening controls where AI-driven attacks can cause the most damage. Builda "Mythos-ready" security program, as suggested by the Cloud Security Alliance. * Sharpen: Continuously refine your playbooks and response strategies to counter evolving threats. Corelight Network Detection and Response Uncover new attack methods with Corelight's Open NDR Platform. With comprehensive network visibility and deep behavioral analytics, Corelight is designed to help your SOC detect advanced, AI-powered threats faster, so you can act before incidents escalate. Learn more at corelight.com/elitedefense.

Mozilla says it patched 271 Firefox vulnerabilities thanks to Anthropic's Claude Mythos

Anthropic's buzzy announcement about using AI to improve cybersecurity earlier this month was met with plenty of skepticism. However, Mozilla shared some details that support use of the company's special Claude Mythos Preview model as a way to protect critical services. Using Mythos helped Mozilla's team find and patch 271 vulnerabilities in the latest release of the Firefox browser. "So far we've found no category or complexity of vulnerability that humans can find that this model can't," the foundation said. The blog post from Mozilla feels like a positive sign for Anthropic's Project Glasswing. Obviously the AI company would want to put itself in the best possible light while presenting its own initiative, but there's something encouraging about hearing the benefits from a third party. Mozilla also noted that in its time with Claude Mythos, the AI wasn't able to turn up any bugs that a human wouldn't have been able to find, given enough time and resources, which indicates that AI isn't presently able to do more to crack cybersecurity protections than a person can. An organizaion successfully using AI for good is certainly a refreshing change of pace in tech news. And for those Firefox users who aren't personally interested in applying any generative AI in their browsing, Mozilla has given the option to turn it all off for the past several months.

Mythos found 271 Firefox flaws - none a human couldn't spot

Mozilla CTO says AI means developers finally have a chance to get on top of security The Mozilla Foundation has revealed it tested Anthropic's bug-finding "Mythos" AI model and feels the results it experienced represent a watershed moment for software defenders. The FOSS outfit on Tuesday reminded readers that it used Anthropic's Opus 4.6 model to look for bugs in Firefox 148 and found 22 bugs. Mythos found 271 vulnerabilities in Firefox 150. Mozilla CTO Bobby Holley expressed mixed feelings about that result, which he described as giving the Firefox team "vertigo" as they confronted the need to fix so many flaws. "For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it's even possible to keep up," he wrote. He also thinks the huge haul of bugs Mythos identified represent "light at the end of the tunnel" for security teams. "Our work isn't finished, but we've turned the corner and can glimpse a future much better than just keeping up," he wrote, then turned on Bold text and declared "Defenders finally have a chance to win, decisively. " He offered that prediction because he feels "Until now, the industry has largely fought security to a draw" while acknowledging it's all-but impossible to eliminate all exploits. "Instead, we aimed to make them so expensive that only actors with functionally unlimited budgets can afford them, and that the cost of burning such an expensive asset disincentivizes those actors against casual use," he wrote. Mythos changes the game, he feels, by improving on the fuzzing tools Mozilla uses to find bugs without human intervention. "Elite security researchers find bugs that fuzzers can't largely by reasoning through the source code," he wrote. "This is effective, but time-consuming and bottlenecked on scarce human expertise. "Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world's best security researchers, and Mythos Preview is every bit as capable. So far we've found no category or complexity of vulnerability that humans can find that this model can't." The CTO thinks Mythos' abilities "can feel terrifying in the immediate term, but it's ultimately great news for defenders." "A gap between machine-discoverable and human-discoverable bugs favors the attacker, who can concentrate many months of costly human effort to find a single bug. Closing this gap erodes the attacker's long-term advantage by making all discoveries cheap." He then hit CTRL-B again, and busted out CTRL-I too, to note "Encouragingly, we also haven't seen any bugs that couldn't have been found by an elite human researcher. " The CTO also poured cold water on those who assert "future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension." He doesn't think that will happen, because "Software like Firefox is designed in a modular way for humans to be able to reason about its correctness. It is complex, but not arbitrarily complex." "The defects are finite, and we are entering a world where we can finally find them all." ®

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's Claude Mythos in a single evaluation pass

Summary: Mozilla released Firefox 150 with fixes for 271 security vulnerabilities identified by Anthropic's Claude Mythos Preview, an unreleased frontier AI model distributed under the restricted Project Glasswing programme. The collaboration began with Claude Opus 4.6 finding 22 bugs in Firefox 148 earlier this year; Mythos produced more than twelve times as many. Firefox CTO Bobby Holley said the defects are "finite" and that defenders can "finally find them all," while the UK AI Security Institute confirmed Mythos can also execute autonomous multi-stage network attacks, making the dual-use tension the central policy question. Mozilla released Firefox 150 on Monday with fixes for 271 security vulnerabilities identified by Anthropic's Claude Mythos Preview, an unreleased frontier AI model restricted to a handful of organisations under Project Glasswing. The number is striking not because the bugs were exotic but because they were not. "We haven't seen any bugs that couldn't have been found by an elite human researcher," Mozilla said in a blog post titled "The zero-days are numbered." The point is that no human team could have found 271 of them this fast. The collaboration between Mozilla and Anthropic began earlier this year with a more modest effort. Starting in February, Firefox's security team used Claude Opus 4.6 to scan nearly 6,000 C++ files across the browser's codebase. That pass produced 112 unique reports, of which 22 were confirmed as security-sensitive bugs and shipped as fixes in Firefox 148. Fourteen were classified as high severity, representing almost a fifth of all high-severity Firefox vulnerabilities remediated in 2025. The Mythos evaluation, which followed as part of the continued partnership, produced more than twelve times as many confirmed vulnerabilities. Bobby Holley, Firefox's chief technology officer, described the experience as giving the team "vertigo." Claude Mythos Preview is the model at the centre of Anthropic's restricted Mythos model programme, Project Glasswing, announced on 7 April. It is a general-purpose frontier model, not a security-specific tool, but its coding capabilities have crossed a threshold that Anthropic considers significant enough to warrant controlled distribution. The UK's AI Security Institute evaluated the model and found it capable of executing multi-stage network attacks autonomously, completing a 32-step corporate network attack simulation called "The Last Ones" in three out of ten attempts. It can chain multiple small vulnerabilities into a single devastating attack, reconstruct source code from deployed software to find exploitable weaknesses, and build custom tools for lateral movement and data extraction once inside a network. Access is restricted to 12 named launch partners, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, with roughly 40 additional organisations granted access for defensive security work. Anthropic committed up to $100 million in usage credits and $4 million in direct donations to open-source security organisations, including $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation and $1.5 million to the Apache Software Foundation. The model is available to Glasswing participants at $25 per million input tokens and $125 per million output tokens through the Claude API, Amazon Bedrock, Google Cloud's Vertex AI, and Microsoft Foundry. The restricted rollout has already been tested. On the same day Anthropic announced Glasswing, a group of unauthorised users gained access to Mythos Preview by guessing the model's URL through a third-party vendor environment, an incident Anthropic said it is investigating. Holley framed the 271 vulnerabilities not as an indictment of Firefox's code quality but as evidence that the security landscape is shifting in favour of defenders for the first time. "A gap between machine-discoverable and human-discoverable bugs favors the attacker, who can concentrate many months of costly human effort to find a single bug," he wrote. "Closing this gap erodes the attacker's long-term advantage by making all discoveries cheap." The logic is straightforward. A zero-day vulnerability is valuable to an attacker precisely because it is unknown. If a defender can find and patch the same bug before an attacker discovers it, the bug has no offensive value. The cost asymmetry has historically favoured attackers: a browser like Firefox has millions of lines of code, and a single undiscovered flaw in any of them is enough for exploitation. An elite human security researcher might spend weeks or months finding one such flaw. A model like Mythos can scan the entire codebase in a fraction of that time. Mozilla's thesis is that this changes the economics permanently. "Software like Firefox is designed in a modular way for humans to be able to reason about its correctness," the blog post stated. "It is complex, but not arbitrarily complex. The defects are finite, and we are entering a world where we can finally find them all." The claim is bold and deliberately so. Mozilla is arguing that the age of zero-day vulnerabilities in well-structured software has an expiration date, not because attackers will stop looking, but because defenders will get there first. The 271 figure requires some unpacking. Mozilla's official security advisory for Firefox 150, MFSA 2026-30, lists 41 CVE entries, three of which are standard memory-safety roll-ups that aggregate multiple individual bugs under a single identifier. The 271 number represents the total count of discrete code defects identified by Mythos during its evaluation, many of which were grouped into those CVE bundles. The distinction matters because the headline number and the formal advisory number measure different things: one measures what the AI found, the other measures how much AI-generated code actually ships through the industry's standard vulnerability disclosure process. The most dangerous flaws include use-after-free vulnerabilities in the DOM and WebRTC components, the kinds of memory safety bugs that have been the bread and butter of browser exploitation for two decades. These are not novel attack surfaces. They are the same categories of bugs that Google's Project Zero has been finding across browsers since 2014. Google's own AI vulnerability research programme, Big Sleep, a collaboration between Project Zero and DeepMind, found a zero-day in SQLite in October 2024 and has since expanded to discover multiple flaws in widely used software. The difference with Mozilla's effort is scale: 271 bugs in a single evaluation pass, patched before release, across a codebase that has accumulated technical debt over more than two decades. The UK AI Security Institute's evaluation of Mythos Preview confirmed what the Mozilla results imply from the other direction: the same capabilities that make the model effective at finding vulnerabilities make it effective at exploiting them. The model became the first AI to complete "The Last Ones," a benchmark designed to simulate a full corporate network compromise. It succeeded in three out of ten attempts, averaging 22 of 32 steps across all runs. Independent testing confirmed that Mythos cannot reliably execute autonomous attacks against organisations with well-hardened defences, but the trajectory is clear. Each generation of frontier model has performed better on offensive security benchmarks than the last. This is the tension that Project Glasswing is designed to manage. By restricting Mythos to vetted organisations with defensive mandates, Anthropic is attempting to give defenders a structural head start, a window in which the good actors can scan and patch before the capabilities proliferate. The strategy depends on the restriction holding. The vendor breach on launch day suggests that containment is harder than access control. Anthropic has also identified thousands of zero-day vulnerabilities across every major operating system and every major web browser using Mythos, findings it is disclosing to the affected vendors through Glasswing. Anthropic's expanding enterprise footprint, from legal contract review in Microsoft Word to cybersecurity through Glasswing, reflects a company that is monetising Claude across every professional vertical where accuracy matters. The Mozilla partnership is the most dramatic demonstration yet, not because the model did something no human could do, but because it did what only a handful of humans can do, and did it 271 times in a single pass. Holley's conclusion captures both the promise and the vertigo: "Our work isn't finished, but we've turned the corner and can glimpse a future much better than just keeping up. Defenders finally have a chance to win, decisively." Whether that future arrives depends on whether the models that find the bugs remain in the hands of the people who fix them, or whether the capabilities leak faster than the patches ship. For now, Firefox 150 has 271 fewer ways to be broken. That is not a small thing. The question is how long that advantage lasts when the tool that found them is commanding extraordinary valuations precisely because of what it can do.

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

Anthropic's Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations can validate, prioritize, and remediate what it finds. The debate that followed has mostly focused on the right questions: Is this a step-change or an incremental advance? Does restricting access to Microsoft, Apple, AWS, and JPMorgan actually reduce risk, or does it just concentrate defensive advantage among the already-well-defended? What happens when adversaries -- state actors, criminal enterprises -- build equivalent capability? These are important. But there's a quieter operational problem that's getting less airtime, and it's the one that will actually determine whether most organizations survive this shift. The Discovery-to-Remediation Gap The Mythos announcement, and the broader AI security conversation it kicked off, is largely about finding vulnerabilities faster. That's valuable. But finding a vulnerability and fixing it are two entirely different workflows, and the gap between them is where most security programs quietly bleed out. That's exactly the gap PlexTrac was built to close. Consider what typically happens after a penetration test or a vulnerability scan surfaces a critical finding: it goes into a spreadsheet, or a ticket, or a PDF report that lands in someone's inbox. The security team knows about it. The engineering team may or may not know about it. Remediation ownership is ambiguous. There's no clean way to track whether the patch actually shipped, or whether it was deprioritized, or whether a re-test was ever scheduled. Meanwhile, the findings are. AI models like Mythos will accelerate the input side of this pipeline dramatically. They can discover vulnerabilities at a pace and depth that human red teams simply can't match. But if the organizational infrastructure for triaging, prioritizing, communicating, and verifying fixes hasn't kept pace, faster discovery just means a faster-growing backlog of unresolved critical issues. This is the problem that a model like Mythos actually makes more acute. If your current pentest process takes three weeks to surface ten high-severity findings, and remediation is already struggling to keep up, what happens when that same surface area is scanned continuously and generates findings at ten times the rate? Schneier's False Positive Problem Is Real Bruce Schneier raised a sharp point in his writeup: we don't know Mythos's false positive rate on unfiltered output. Anthropic reports 89% severity agreement with human contractors on the findings they showcased -- but that's a curated sample, not a full-run distribution. AI systems that detect nearly every real bug also tend to generate plausible-sounding vulnerabilities in patched or corrected code. This matters operationally. A tool that generates high-confidence-sounding false positives at scale doesn't reduce security team burden -- it increases it. Every spurious critical finding that has to be triaged and dismissed is time a security engineer isn't spending on a real one. The value of AI-assisted vulnerability discovery is only realized if the findings that come out of it can be efficiently evaluated, contextualized against actual business risk, and routed to the right people. What the Infrastructure Problem Actually Looks Like The teams best positioned to absorb Mythos-era discovery velocity are the ones that already have three things in place: Centralized findings management. Not a ticket system, not a JIRA board bolted onto a spreadsheet. A purpose-built place where vulnerability findings from multiple sources -- scanner output, pentest reports, red team engagements -- live in a normalized, queryable format. Without this, integrating AI-generated findings just adds another data silo. Risk-contextualized prioritization. Raw CVSS scores are a starting point, not a decision. A critical finding in a system that's air-gapped and internal is not the same risk as the same finding in a customer-facing API. Organizations that can only sort by severity score will be overwhelmed when AI discovery starts producing findings at volume; organizations that can score against asset criticality, business impact, and exposure context can triage intelligently. Dynamic, Risk-Based Remediation via Configurable Scoring Closed-loop remediation tracking. This is where most programs actually fail. A finding that isn't verified as fixed is just a liability that has a name. Continuous re-testing, structured remediation workflows, and clear ownership handoffs aren't exciting features -- they're the difference between a security program that improves over time and one that just accumulates documented risk. PlexTrac is a pentest reporting and exposure management platform that's been building in exactly this direction -- centralized findings data, contextual risk prioritization, and structured remediation workflows. Mythos (and tools like it) is going to be very good at telling you your house has structural problems. PlexTrac is the operational layer that makes sure those problems actually get fixed, the right contractor gets assigned, and someone verifies the work before closing the job. Both are necessary. Most organizations have invested in the equivalent of better home inspections while letting the repair tracking system stay in a shared Google Doc. The Access Problem Schneier Identified Is Also a Workflow Problem One critique of Project Glasswing is that concentrating Mythos access among 50 large vendors means the organizations best-equipped to act on findings get them first. Fortune 500 enterprises, as the Fortune piece from the former national cyber director noted, are better positioned to absorb and remediate; it's SMEs, regional infrastructure operators, and specialized industrial systems that are most exposed and least resourced. This is a structural access problem that policy will have to address. But embedded in it is also a workflow problem: even if access were democratized, many smaller organizations don't have the operational infrastructure to turn AI-generated security findings into executed remediations. Tooling that reduces the overhead of that process -- faster reporting, clearer findings communication, lower-friction remediation handoffs -- is arguably more important for those organizations than it is for the enterprises that can already throw headcount at the problem. The Practical Takeaway The Mythos moment is a useful forcing function. Not because it means your systems will definitely be compromised tomorrow, but because it makes visible a gap that's been quietly growing for years: security teams are getting better at finding problems while the organizational machinery for fixing them has evolved much more slowly. The right response isn't panic, and it isn't waiting to see whether Glasswing access eventually expands to include you. It's taking the Mythos announcement as a prompt to audit your own remediation pipeline: How long does it take a critical finding to go from discovery to verified fix? How many open high-severity findings are currently in some ambiguous state of "being worked on"? Can you actually re-test after remediation, or do you just trust the engineering ticket was closed? Those questions don't require access to Mythos to answer. And for most teams, the answers will be more uncomfortable than anything in Anthropic's 245-page technical document.

AI has led to a zero-day bug discovery crisis, and it's getting worse

Tech companies and open-source teams are facing a deluge of AI-discovered software vulnerabilities. Now we're starting to get a sense of how big a deluge it is. The Zero Day Initiative, the largest vendor-agnostic bug bounty program in the world, has already seen a 490 percent increase in submissions this month compared to April last year, according to data provided to Mashable. And the month isn't even over yet. "Organizations that receive bug reports are struggling to keep up with the triage and response process," Dustin Childs, Head of Threat Awareness at the Zero Day Initiative, told Mashable. "A couple of programs, most notably the Internet Bug Bounty program, completely shutter[ed] their doors rather than try to keep up." On March 27, the Internet Bug Bounty Program announced it was closing submissions entirely because of the bug submission crisis -- which it said was changing the entire "landscape" of bug discovery. "AI-assisted research is expanding vulnerability discovery across the ecosystem, increasing both coverage and speed," HackerOne, the group that administered the program, said in a statement. "Accordingly, we are pausing submissions while we consider the structure and incentives needed to further these goals." So as AI tools improve, they're also finding much more severe vulnerabilities that require patching. And thanks to Anthropic, the deluge could be just beginning. Anthropic recently heralded the arrival of Claude Mythos, claiming it was too dangerous for public release. Claude Mythos "demonstrated a striking leap in cyber capabilities," the company said, and was capable of autonomously discovering and exploiting so-called "zero-day vulnerabilities" (the most urgent kind of bug, likely to be exploited by hackers) in every major operating system. Anthropic released Claude Mythos to a closed group of organizations, claiming it wanted to give tech leaders a chance to "secure the world's most critical software."The company said it found too many bugs to report them all at once. Critics have dismissed this as security theater and a publicity stunt; Anthropic pledged to disclose all the vulnerabilities Claude found after they're patched. Tucked inside its April 7 blog post about Claude Mythos, Anthropic included quite the flex. The company wrote that "fewer than 1% of the potential vulnerabilities we've discovered so far have been fully patched by their maintainers." That's because when Anthropic finds new zero-day bugs, it triages them and discloses only the highest-severity bugs first. The company says it does this to avoid flooding other organizations with "an unmanageable amount of new work." What's more, Anthropic estimates this is just "a small fraction" of the bugs it will find in the months ahead. To cope with the volume, Anthropic says it had to hire security contractors just to help with the disclosure process. Pre-Claude Mythos, cybersecurity researchers warned that AI tools had led to a surge in bug reports, but that the reports were typically very low quality. But the severity of bug reports is once again increasing, not that that helps developers. "Not every submission ends up being a real bug, but we still have to triage it as if it is," Childs said. Daniel Stenberg, a Swedish open-source coding expert and lead developer of cURL, paused the cURL bug bounty program in January because of AI. Stenberg recently said that cURL had received more bug reports in 2025 than in the previous two years combined, and that number is set to double again in 2026. "The main goal with shutting down the bounty is to remove the incentive for people to submit crap and non-well-researched reports to us. AI-generated or not. The current torrent of submissions put a high load on the curl security team and this is an attempt to reduce the noise," he wrote on his blog. However, he told Mashable that the latest deluge of security reports does, in fact, represent genuine security concerns, a stark reversal from last year's trend. Stenberg wrote this month that he had heard from more than 20 open-source projects "who all confirm this trend: a larger volume of decently highly-quality security reports." He confirmed in the latest update on his blog that both the volume of new bug reports and the severity of those bugs are increasing in 2026. "The rate of confirmed vulnerabilities is back to and even surpassing the 2024 pre-AI level, meaning somewhere in the 15-16% range." Stenberg also worries about the impact on developers. "I can only imagine that projects that are all volunteers, with a larger code base that perhaps has gotten less scrutiny, perhaps because they are younger, they can easily get drowned in quality reports," he says. "That has to be overloading and take a mental toll on many maintainers." So, is this zero-day deluge the Claude Mythos effect in action? Until Anthropic completes its reporting on the bugs Claude Mythos discovered, it's hard to know for sure, and neither Childs nor Stenberg said they could attribute the increases to Mythos specifically. Indeed, there are also signs that private companies are seeing an increase in AI-discovered bugs. Microsoft announced 165 new bugs patched in its April security update. Childs noted this was "the second largest monthly release in Microsoft's history," citing AI as a likely cause for the increase in his Patch Tuesday blog. In a statement to The Register, Microsoft denied that AI was to blame for the unusually security update, while crediting Anthropic researchers for one of the bugs. No matter the cause, the overall industry trend line is clear -- a huge increase in both potential and real bugs that require urgent fixing. In the Claude Mythos system card, Anthropic said AI tools will provide more benefits to cybersecurity defenders in the long run. However, hackers may have the advantage in the short-term. Existing AI tools "already provide 'significant help' to the relevant threat actors in the sense of increasing their general productivity," the company said. AI is likely both the problem and the solution for developers, who are turning to AI to triage the bugs discovered by AI. "We've begun using AI to aid in the triage process," Childs says. "It's the only way we'll be able keep up with this level of submissions." He allowed that "many entries are AI slop, but we've purchased a few of these bug [reports] just to teach our models what AI slop look like so we can avoid them in the future." If the industry doesn't adapt to the new reality, Childs added, consumers will suffer the consequences. "We've got to figure out how to scale up our fixes as fast as researchers (and attackers) are scaling up their findings," he said, otherwise users will have "little chance to apply these [fixes] in a timely manner" if they don't want to get hacked.

Mozilla says Anthropic's Mythos is 'every bit as capable' as 'the world's best security researchers' after Firefox experiment -- and says the 'zero-days are numbered'

New AI tools could shift the balance of power in cybersecurity * Mozilla used Anthropic's Mythos AI to find hundreds of Firefox vulnerabilities, matching top human researchers in capability * The experiment suggests AI can now reason through code to uncover complex bugs at scale * This shift could reduce the advantage attackers have traditionally had in discovering valuable zero-day vulnerabilities Mozilla thinks AI could change how bugs are found for good -- so it turned a version of the Claude model loose on its own browser code. The company's security team has spent the past few months collaborating with Anthropic and testing an early version of the Claude Mythos Preview model against its browser code. In just one round of testing, the AI model helped find 22 security-sensitive bugs, all fixed ahead of Firefox's latest release, along with 90 other bugs. "Mythos Preview is every bit as capable" as the world's best security researchers, Mozilla concluded. Bug bottleneck Software security has always depended on a small number of people who can read complex code and see where it might fail. These researchers do not rely on brute force. They rely on reasoning, tracing how different parts of a system interact and identifying the places where those interactions break down. Automated tools like fuzzers can probe systems at scale, but they tend to be uneven. They explore some paths thoroughly and miss others entirely. That's where human experts come in. But Mythos could reproduce the work that humans did, matching their abilities in many ways. "Elite security researchers find bugs that fuzzers can't largely by reasoning through the source code. This is effective, but time-consuming and bottlenecked on scarce human expertise," Mozilla explained in its post. "Computers were completely incapable of doing this a few months ago, and now they excel at it." For Mozilla's team, the immediate reaction was less celebration than recalibration. Finding one serious vulnerability used to trigger a focused response. Finding hundreds at once required something else entirely. Essentially, the AI made it so that discovering the bugs doesn't take long. Fixing it is the challenge. Cybersecurity defense evolution The cybersecurity industry usually assumes that circumstances favor attackers, as a system can have many potential weaknesses, and an attacker only needs one. Defenders, by contrast, need to protect everything. So companies try to make it costly to exploit vulnerabilities rather than fruitlessly trying to get rid of all of them. Highly valuable flaws, known as zero-days, have been treated as rare assets. But AI models like Mythos could change that equation. "This can feel terrifying in the immediate term, but it's ultimately great news for defenders," the company wrote. "A gap between machine-discoverable and human-discoverable bugs favors the attacker, who can concentrate many months of costly human effort to find a single bug. Closing this gap erodes the attacker's long-term advantage by making all discoveries cheap." Mozilla frames this as the beginning of a more balanced contest. That said, the flaws uncovered by Mythos are not new; they were just found much faster. The uncomfortable flip side of this, which Mozilla chooses to ignore, is that attackers have access to the same AI tools, and it's become a race of AI for defense vs AI for offense. If Mythos can keep up this pace, researchers will have to work faster to deal with it. Mozilla's team had to adjust quickly, focusing on fixing the biggest flaws while keeping the browser code stable. "We've turned the corner and can glimpse a future much better than just keeping up," Mozilla wrote. "The defects are finite, and we are entering a world where we can finally find them all." Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?

Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public release. Instead, the company has given access to Apple, Microsoft, Google, Amazon, and a coalition of others to find and patch bugs before adversaries can. Mythos Preview, the model that led to Project Glasswing, found vulnerabilities across every major operating system and browser. Some of these bugs had survived decades of human audits, aggressive fuzzing, and open-source scrutiny. One had been sitting for 27 years in OpenBSD, generally considered to be one of the world's most secure operating systems. It's tempting to file this under "AI lab says their AI is too dangerous," the same playbook OpenAI ran with GPT-2. Not so fast; there's a material difference this time. Mythos didn't just find individual CVEs. * It chained four independent bugs into an exploit sequence that bypassed both the browser renderer and the OS sandboxing * It performed local privilege escalation in Linux through race conditions * It built a 20-gadget ROP chain targeting FreeBSD's NFS server, distributed across packets. Claude Opus 4.6, Anthropic's previous frontier model, failed at autonomous exploit development almost entirely.Mythos hit a 72.4% success rate in the Firefox JS shell. This isn't theoretical, nor some new three-to-five-year prediction. This is about to be a real-world engineering reality. Why Project Glasswing Exposes the Real Cybersecurity Gap Here's the number that should keep security leaders awake at night: fewer than 1% of the vulnerabilities found by Mythos were patched. Let that sink in for a moment. The most powerful vulnerability discovery engine ever built ran against the world's most critical software, and the ecosystem couldn't absorb the output. Glasswing solved the finding problem. Nobody solved the problem of fixing. Why Defenders Can't Keep Up: Calendar Speed vs. Machine Speed This is the structural issue the cybersecurity industry has been circling for years. AI just made it impossible to ignore. Defenders operate on calendar speed. They: * Gather intelligence * Build a campaign * Simulate the threats * Mitigate * Repeat That cycle takes about four days on a good day. Attackers, especially those now leveraging LLMs at every stage of their operation, are moving at machine speed. For an up-to-the-minute take, David B. Cross, CISO at Atlassian, will be speaking at the Autonomous Validation Summit on May 12 about what this looks like from the inside, why periodic testing can't keep pace with adversaries that operate autonomously, and what defenders should be doing instead. AI-Powered Attacks Are Already Autonomous Earlier this year, a threat actor deployed a custom MCP server hosting an LLM as part of their attack chain against FortiGate appliances. The AI handled everything: * Automated backdoor creation * Internal infrastructure mapping fed directly to the model * Autonomous vulnerability assessment, and * AI-prioritized execution of offensive tools for domain admin access. The result? 2,516 organizations across 106 countries were compromised in parallel. The entire chain, from initial access through credential dumping to data exfiltration, was autonomous. The only human involvement was reviewing the results afterward. AI-based Vulnerability Discovery Is Outpacing Remediation The gap between attacker speed and defender speed isn't new. What's new is that a small but worrisome gap just became a canyon. * Autonomous systems like AISLE discovered 13 out of 14 OpenSSL CVEs in recent coordinated releases, bugs that had survived years of human review. * XBOW became the top-ranked hacker on HackerOne in 2025, surpassing all human participants. * The median time from disclosure to weaponized exploit dropped from 771 days in 2018 to single-digit hours by 2024. * By 2025, the majority of exploits will be weaponized before being publicly disclosed. Now add Mythos-class discovery to this picture. You don't get a safer world automatically. You get a tsunami of legitimate findings that still require human verification, organizational process, business continuity considerations, and patch cycles that haven't fundamentally changed in a decade. How to Build a Mythos-Ready Security Program The instinct after Glasswing is to ask: "How do we find more bugs?" That's actually the wrong question. The right one is: "When thousands of exploitable vulnerabilities land on your desk tomorrow morning, can your program actually process them?" For most organizations, the honest answer is no. And the reason isn't a lack of tools or talent; it's a structural dependency on periodic, human-initiated processes that were designed for a world where vulnerabilities trickled in, not one where they arrived in a tsunami. We can't fix every vulnerability. We can't apply every hardening option. That's not defeatism, that's the pragmatic starting point for any security program that actually works. The question that matters isn't "is this CVE critical?" but "is this vulnerability exploitable in my environment, right now, given what I have deployed?" A Mythos-ready security program needs three fundamental pieces. First: Signal-Driven Validation Over Scheduled Testing When a new threat emerges, when an asset changes, or when a configuration drifts, defenses need to be tested against that specific change in that moment. Not during the next quarterly pentest. Not when someone can find an open calendar slot. The entire concept of "scheduled validation" assumes a stable threat landscape, and today, that assumption is dead on arrival. Second: Environment-Specific Context Over Generic CVSS Scores Glasswing will produce an avalanche of CVEs. Yet most vulnerability management programs are still prioritized by CVSS scores. This context-free metric tells you how bad a bug could be in theory, not whether it's exploitable in your specific infrastructure, given your controls and business risk. When the volume of findings suddenly goes from hundreds to thousands, context-free prioritization won't just slow you down; it'll break your process entirely. Third: Closed-Loop Remediation Without a Manual Handoff The current model can't survive in a world where adversaries exploit CVEs within hours of disclosure. You know the drill: * Scanner finds a bug * Analyst triages it * The ticket goes to a different team * Someone patches it weeks later * Nobody re-validates That chain of manual handoffs is exactly where the system disintegrates. If the cycle from finding to fix to re-validation can't run without humans shuttling tickets between queues, it clearly isn't running anywhere near machine speed. This isn't about buying more tools. It's about defenders leveraging their one asymmetric advantage: you know your organization's topology, attackers don't. That's a significant advantage, but only if you can act on it at machine speed. How Autonomous Exposure Validation Closes the Gap -- and Where Picus Comes in This is the part where I'm going to be really transparent about who's writing this. At Picus Security, we build a platform for Autonomous Exposure Validation. So, full disclosure, I have a perspective here that comes with an inherent bias. Take it accordingly. What Glasswing crystallized for us, and for a lot of the CISOs we've been speaking with, is that the validation step within any exposure management program just became the most critical bottleneck. * Finding vulnerabilities is about to get radically easier and more efficient * Patching them is going to remain painfully slow. The only lever you can pull in between is knowing which ones actually matter to your environment. That's validation. From Four Days to Three Minutes: How Agentic Workflows Change the Cycle We built Picus Swarm, the AI team powering autonomous, real-time validation, to compress the traditional four-day cycle into minutes. It's a set of AI agents that work together to do what used to require handoffs between four separate teams: * A researcher agent ingests and vets threat intelligence. * A red teamer agent maps it against your environment to generate a safety-checked attacker playbook. * A simulator agent executes across your actual endpoints and cloud, gathering telemetry and proof data. * A coordinator agent bridges findings to remediation, opening tickets, triggering SOAR playbooks, pushing indicators of attack to your EDR, and re-validating after fixes land. Every action is traceable and auditable, andevery agent operates within guardrails you define. The whole chain, from a new CISA alert to validated, remediation-ready findings, runs in about three minutes. When a Mythos-class model drops thousands of findings on your organization, you need something that can immediately tell you which of these are exploitable in your environment. Which controls would hold, which would fail, and what's the vendor-specific fix? The Uncomfortable Truth Project Glasswing is going to be measured by one metric: how many vulnerabilities get patched before they get exploited. Not how many are found, not how impressive the exploit chains are, but whether the ecosystem can digest what AI is about to produce. Visibility alone has never been enough, 83% of cybersecurity programs still show no measurable results. What's changing the equation is closing the gap between seeing and proving: knowing whether a potential vulnerability would actually compromise your environment. That's validation. And in a post-Glasswing world, it's the only thing standing between a flood of discoveries and a flood of breaches. We're hosting the Autonomous Validation Summit on May 12 & 14 with Frost & Sullivan, featuring practitioners from Kraft Heinz and Glow Financial Services, along with our CTO, Volkan Erturk. Together, we'll be taking a deeper dive into this specific problem. >> Register here. Note: This article was written by Sıla Özeren Hacıoğlu, Security Research Engineer at Picus Security.

Anthropic's Claude Mythos AI Finds 271 Vulnerabilities in Firefox -- Yes, It's Seriously Powerful - Decrypt

Researchers warn that the same capability could accelerate automated cyberattacks. For decades, attackers have had the advantage in cybersecurity. Artificial intelligence may be about to change that. In a blog post published on Tuesday, Firefox browser developer Mozilla said an early version of Anthropic's Claude Mythos AI -- which has drawn attention in recent weeks for its purported cybersecurity prowess -- model helped identify 271 vulnerabilities in the browser during internal testing. Those bugs were patched this week. The results highlight how advanced AI systems can analyze large codebases and locate weaknesses that previously required extensive manual review by human cybersecurity researchers. "As these capabilities reach the hands of more defenders, many other teams are now experiencing the same vertigo we did when the findings first came into focus," Mozilla wrote. "For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it's even possible to keep up." Mozilla had earlier tested another Anthropic model that identified 22 security-sensitive bugs in a previous Firefox release. Despite these successes, Mozilla acknowledged that the cybersecurity industry has long treated the complete elimination of software exploits as an "unrealistic goal." "Until now, the industry has largely fought security to a draw," the company wrote. "Vendors of critical internet-exposed software like Firefox take security extremely seriously and have teams of people who get out of bed every morning thinking about how to keep users safe." Mozilla said the new AI system can analyze source code and identify vulnerabilities in ways that previously depended on scarce human expertise. However, Mozilla said the company was encouraged to see that no bugs were found that couldn't have been discovered by "an elite human researcher." "Some commentators predict that future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension, but we don't think so," they said. "Software like Firefox is designed in a modular way for humans to be able to reason about its correctness. It is complex, but not arbitrarily complex." The results, however, suggest AI tools could allow developers to uncover large numbers of vulnerabilities before attackers exploit them -- though conversely, in the wrong hands, it could spell big trouble for software firms and users alike. Launched in March, Mythos is Anthropic's most advanced model for reasoning, coding, and cybersecurity tasks. Internal company materials describe the system as part of a new model tier beyond the company's earlier Opus series. Testing conducted before the model's release showed it could identify thousands of previously unknown vulnerabilities across major operating systems and web browsers. Anthropic has limited access to the system through a restricted program called Project Glasswing, which gives select technology companies -- including Amazon, Apple, and Microsoft -- the ability to use the model to scan software for weaknesses. It reflects a growing effort within the cybersecurity industry to use AI systems to identify and patch vulnerabilities before attackers can exploit them. However, the same technology could also enable new forms of cyberattacks. Security researchers say AI systems capable of analyzing code at scale could automate the discovery of exploitable vulnerabilities across widely used software. After the launch of Mythos, testing by the U.K.'s AI Security Institute found that the AI could autonomously execute complex cyber operations, including completing a multi-stage corporate network attack simulation without human assistance. Those capabilities have drawn attention from governments and intelligence agencies alike. Despite a call from President Donald Trump's administration to stop using Anthropic's technology due to a clash over its use in war and surveillance matters, on Monday, the National Security Agency was revealed to be running Claude Mythos Preview on classified networks, according to sources familiar with the deployment. The use of Mythos underscores the growing interest among U.S. security agencies in the model's ability to identify critical software vulnerabilities. The model's performance has also exposed limits in existing AI evaluation systems. Earlier this month, Anthropic acknowledged that several cybersecurity benchmarks are no longer sufficient to measure the capabilities of its newest models. Mozilla said the results point to a potential shift in cybersecurity, where defenders may begin to close the long-standing advantage attackers have held. "We are extremely proud of how our team rose to meet this challenge, and others will too," Mozilla wrote. "Our work isn't finished, but we've turned the corner and can glimpse a future much better than just keeping up. Defenders finally have a chance to win, decisively."

'Defenders finally have a chance to win, decisively': Firefox CTO raves about Claude Mythos' bug hunting capabilities after it finds 271 vulnerabilities

When you create anything, whether that be software or a short story about two characters that never meet, there's no telling what a fresh pair of eyes will bring to the work. Once a work breaches containment, your adoring audience may reward you with a short work of fanfiction -- or make you kick yourself by immediately sniffing out a zero-day exploit. Well, Firefox claims that thanks to AI, 'the zero-days are numbered.' Firefox teamed up with Anthropic's Frontier Red Team earlier this year to leverage AI tools in finding and securing zero-day exploits before they have a chance to be unearthed in the real world. As part of that collaboration, Mozilla recently applied an early version of Claude Mythos to the Firefox bug hunt. The bot found 271 vulnerabilities, which the browser team were then able to fix and ship as part of Firefox 150. Coupled with reports of Claude Mythos finding thousands of vulnerabilities in 'every major operating system and every major web browser, along with a range of other important pieces of software' earlier this month, this could be a security game-changer. Firefox CTO Bobby Holley is quick to note that none of the bugs found by Claude Mythos "couldn't have been found by an elite human researcher," but also highlights that much of security is a battle fought "to a draw." "Vendors of critical internet-exposed software like Firefox take security extremely seriously and have teams of people who get out of bed every morning thinking about how to keep users safe," he explains, "Nevertheless, we've all long quietly acknowledged that bringing exploits to zero was an unrealistic goal." This is largely because it can be so time-consuming for even a team of 'elite human researchers' to pore over source code and look for exploits. Holley reflects on the sense of 'vertigo' these sorts of AI-assisted findings brought up for the browser team, sharing, "Just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it's even possible to keep up." But ultimately, Holley is hopeful for the future of security supported by AI assistance: "Our work isn't finished, but we've turned the corner and can glimpse a future much better than just keeping up. Defenders finally have a chance to win, decisively."

Anthropic's Claude Mythos found 271 Firefox vulnerabilities - CTO calls it just as capable as 'elite security researchers'

Anthropic's unreleased Claude Mythos is at the center of a cybersecurity debate. Its coding capabilities are so powerful that in pre-release tests, the model identified thousands of previously unknown vulnerabilities in major operating systems and web browsers. Since then, many have questioned whether the model is truly the future of cybersecurity or simply a normal step forward wrapped in overhype. Mozilla has now tipped the scales in Anthropic's favor, sharing in the zero-days are numbered blog post that early access to Mythos Preview helped it pre-identify 271 security vulnerabilities in the latest Firefox release. Firefox CTO Bobby Holley added that "in the never-ending battle between cyberattackers and cyberdefenders, defenders finally have a chance to win, decisively." According to the post, Mythos detected these hundreds of vulnerabilities simply by analyzing unreleased code from the browser's latest version. The post didn't go into detail on the severity of these vulnerabilities, but Holley compared Mythos to earlier AI tools, noting that Anthropic's Claude Opus 4.6 had detected only 22 security bugs when analyzing Firefox 148. Despite the impressive numbers, Holley made clear that Mythos did not identify any bugs that an elite human researcher couldn't have found. This suggests that AI isn't, at the moment, able to crack cybersecurity protections any better than a person can. He was quick to add, however, that using Mythos saved the company months of costly human effort to find a single bug, and the new AI model is every bit as capable as the world's best security researchers. "Computers were completely incapable of doing this a few months ago, and now they excel at it," Holley wrote. Speaking to Wired, he added that AI-aided vulnerability analysis is something every software company will need to integrate into its workflow to identify the hundreds of bugs "buried underneath the surface that are now discoverable." While future models may surpass Mythos and catch bugs current versions miss, Holley said he's confident that, at least for Firefox, the early head start has helped round the curve. But the results also carry a darker implication. Such tools in the wrong hands could enable new forms of cyberattacks and automate the discovery of exploitable vulnerabilities across widely used software at scale. That is likely why Anthropic has restricted access through a program called Project Glasswing, which allows select technology companies, including Amazon, Apple, and Microsoft, to use the model to scan software for weaknesses.

Mozilla fixes 271 Firefox vulnerabilities found by Anthropic's AI

Mozilla announced that Anthropic's Claude Mythos AI identified 271 vulnerabilities in Firefox during internal testing, with all bugs patched in the same week. This result underscores the ability of advanced AI systems to analyze extensive codebases and identify weaknesses that had previously required significant manual scrutiny. The findings could signify a transformative moment in cybersecurity, where defenders gain an upper hand over attackers. The identification of these vulnerabilities highlights the growing role AI plays in security analysis. "As these capabilities reach the hands of more defenders, many other teams are now experiencing the same vertigo we did when the findings first came into focus," Mozilla stated. The organization had earlier tested another Anthropic model that found 22 security-sensitive bugs in a prior Firefox version. Despite these advancements, Mozilla acknowledged that the cybersecurity industry recognizes the inherent challenges in completely eliminating software exploits. "Until now, the industry has largely fought security to a draw," the company wrote, emphasizing their commitment to user safety. Mozilla noted that the new AI system effectively located vulnerabilities previously detectable only by expert human researchers. Moreover, the company expressed skepticism over predictions that future AI models might uncover new types of vulnerabilities that exceed current understanding. "Software like Firefox is designed in a modular way for humans to be able to reason about its correctness," Mozilla said. However, the latest AI tools could permit developers to detect numerous vulnerabilities ahead of potential exploitation. Launched in March, Anthropic's Mythos is designed for coding and cybersecurity tasks, indicating a significant advancement beyond previous models. Internal materials reportedly revealed that the system could identify thousands of previously unknown vulnerabilities across major operating systems and web browsers. Access to Mythos is restricted through Project Glasswing, allowing selected technology companies -- including Amazon, Apple, and Microsoft -- to leverage the model for scanning software for weaknesses. This initiative reflects an industry shift towards employing AI in preemptive vulnerability patching. However, security experts also warn that such technology may enable novel cyberattacks. The U.K.'s AI Security Institute found Mythos capable of autonomously executing complex cyber operations, including simulating multi-stage network attacks without human intervention. The model has drawn interest from government and intelligence agencies, including the National Security Agency (NSA), which reportedly runs Claude Mythos Preview on classified networks. Recent developments indicate that existing AI evaluation benchmarks may not suffice for assessing the capabilities of these new models. Mozilla posited that these advancements could allow defenders to challenge the longstanding advantages held by attackers. "We've turned the corner and can glimpse a future much better than just keeping up," Mozilla said, suggesting a decisive shift in cybersecurity dynamics.

How CISOs Need To Prepare For The Claude Mythos Era Of Cyberattacks: Experts

Gaining improved visibility and implementing compensating controls are the most important steps for many organizations alongside shifting to accelerated patching cycles, cybersecurity experts tell CRN. As CISOs rethink their approaches to exposure management and cyber defense following recent revelations about AI-powered vulnerability discovery, gaining improved visibility and implementing compensating controls are the most important steps for many organizations alongside shifting to accelerated patching cycles, cybersecurity experts told CRN. Following Anthropic's announcement about its unreleased Claude Mythos Preview earlier this month, the security industry has signaled that a massive push is needed around vulnerability management and hardening environments against a potentially massive spike in cyberattacks from the use of similar capabilities. [Related: How CrowdStrike Is Helping The Industry To Withstand AI-Driven Vulnerability Deluge: Exec] However, the real risk is not the zero-day vulnerability itself, per se, according to Adam Meyers, senior vice president for counter adversary operations at CrowdStrike. "A zero day is the beginning of the story for us, not the end of the story," Meyers told CRN. "The adversary still has to move laterally. They still have to escalate privilege. They still have to do [a series of] things to have a successful attack." What that means is that there are numerous steps along the way where organizations will have an opportunity to shut down a cyberattack -- provided they have the necessary visibility to do so, he said. "The concern that you need to have is, do you have the visibility across your enterprise?" Meyers said. "Can you see when they jump or when they move or when they do something? That should be the No. 1 concern." To enable a strong security posture in a threat environment that may see as much as a 20-fold spike in software vulnerabilities, containing the attack surface through implementing zero-trust controls will prove to be especially pivotal, Zscaler founder and CEO Jay Chaudhry told CRN. "Containing the attack surface really means doing zero trust -- where everything is an island of its own, and [you can] only talk to certain parties, and you can't just move left or right on the network," Chaudhry said. "To keep [relying] on these firewalls, to create segments and rules, will be almost impossible." Anthropic disclosed on April 7 that Claude Mythos Preview points to the fact that "AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities." Chaudhry said the emergence of AI-accelerated vulnerability discovery -- paired with long‑running challenges such as insufficient patching -- has created a level of anxiety in the cyber field that he has never seen before. The overall reaction in cybersecurity right now is, "'Man, this is so scary,'" he said. "I don't recall a moment like this in cybersecurity in the past 30 years." Indeed, the advancement of AI-powered vulnerability discovery likely upends existing vulnerability management practices, according to experts. The result is that organizations must "plan for surge" when it comes to responding to vulnerabilities, according to Presidio's Dan Lohrmann. That is, in addition to developing a process for faster patching, organizations should have a plan for what happens if they can't keep up, said Lohrmann, field CISO for public sector at Presidio, No. 24 on CRN's Solution Provider 500 for 2025. "What if we just get overwhelmed?" he said. "Are we ready for the tsunami?" Without a doubt, the revelations around Claude Mythos and OpenAI's GPT-5.4 Cyber raise the stakes by demonstrating the potential to automate vulnerability chaining and discovery work, which in the past had required substantial manual effort, according to security experts. The AI models are "really good at chaining vulnerabilities and getting a foothold and working their way in," said Jason Rader, global CISO at Insight Enterprises, No. 20 on CRN's Solution Provider 500 for 2025. "What used to take individuals a lot of [manual effort], this can do it all almost instantaneously." The result, according to experts, is that CISOs most definitely should not be treating AI-driven vulnerability discovery as a distant possibility. Even if Anthropic succeeds at keeping Mythos tightly controlled, similar capabilities will inevitably emerge elsewhere, the experts said. "Every additional frontier model that's going to come out after this is going to be probably equal, if not better, at doing those kinds of things," Rader said. For CISOs, the focus should not merely be on accelerating their patching practices, according to Presidio's Lohrmann. Rather, CISOs will need to rethink vulnerability management altogether, starting with shifting from periodic scanning to continuous exposure management, he said. CISOs should also make compensating controls such as segmentation "first-class," since many organizations will face challenges in trying to patch as quickly as necessary, Lohrmann said. "Tighter controls buy you time when [your] patch speed loses the race," he said.

Zscaler CEO On Vulnerability Surge From AI: 'We All Need To Be Paranoid'

In an interview with CRN, Zscaler CEO Jay Chaudhry says there's no question that Anthropic's Claude Mythos model is 'very powerful' for vulnerability discovery -- and other AI models that could be available to attackers 'aren't too far behind.' In the wake of Anthropic's initiative to make its Claude Mythos vulnerability discovery tool available to select IT and security vendors, there's no question that the "very powerful" AI capabilities are a sign of massively heightened cyber risk to come, according to Zscaler founder and CEO Jay Chaudhry. In an interview with CRN, Chaudhry said it's clear that while Anthropic is being "responsible" in its handling of the capabilities with the initiative, known as Project Glasswing, other AI models that could be more easily available to attackers "aren't too far behind." [Related: Anthropic-OpenAI Race Obscures The Real Cybersecurity Breakdown: Analysis] These could include models used by nation-state adversaries such as China, for instance, or open-source models that won't have the same controls as Claude Mythos, he said. As a result, "we all need to be paranoid and do [the right] things about it," Chaudhry told CRN. "The good thing is customers are actually all looking at doing something about it." In addition to improving vulnerability management practices, the biggest recommendation Zscaler has for partners and customers is to focus on containing the attack surface through implementing zero-trust controls, he said. To enable a strong security posture in a threat environment that may see as much as a 20-fold spike in software vulnerabilities, "our view is that the best security is what we have been talking about from the start of Zscaler with zero trust," Chaudhry said. At the same time, the pitches being made by legacy network security technologies such as firewalls and VPNs -- which themselves are frequently the source of exploited vulnerabilities -- will be increasingly recognized as dubious, according to Chaudhry. "To keep [relying] on these firewalls, to create segments and rules, will be almost impossible," he said. In addition to Anthropic, rival AI platform OpenAI has likewise made available its GPT‑5.4‑Cyber model for vulnerability discovery to select vendors. Zero-trust security powerhouse Zscaler is one of just two pure-play cybersecurity vendors that have so far announced participation in both Anthropic's Project Glasswing and the parallel initiative at OpenAI, known as Trusted Access for Cyber. "I applaud [Anthropic CEO] Dario [Amodei], who actually has taken the high ground all along. He has been pushing for responsible use of AI. And he took a stand on Mythos," Chaudhry said. According to Chaudhry, following the announcement of Project Glasswing and the private Claude Mythos Preview earlier this month, many have asked if he thought Mythos' capabilities were being overly hyped. By and large, Chaudhry said he doesn't believe that to be the case because "the risk is real." OpenAI, meanwhile, has "similar capabilities" with GPT‑5.4‑Cyber, he noted. Ultimately, Chaudhry said the emergence of AI-accelerated vulnerability discovery -- paired with long‑running challenges such as insufficient patching -- has created a level of anxiety in the cyber field that he has never seen before. The overall reaction in cybersecurity right now is, "'Man, this is so scary,'" Chaudhry said. "I don't recall a moment like this in cybersecurity in the past 30 years." What follows is more of CRN's interview with Chaudhry. What can you say about Zscaler joining Anthropic's Project Glasswing and the importance of that initiative? I think Anthropic has done a very responsible thing. Now it's not new [as a concept]. Microsoft has been finding vulnerabilities for about 20 years [and] has a program where they make some of these vulnerabilities available to providers like us -- to make sure we build the protection for it before it gets generally released. Here [with Anthropic] this is a much bigger deal than just one or two or five software vulnerabilities. This is a very powerful model. It is uncovering things that have been hidden there for 20 years. Some of this information is not made public for the right reasons because if you're being too specific, then the bad guys can start exploiting it. That's why you're not hearing exactly about what's being found [in] detail. But some of the stuff is coming out -- like Mozilla talked about -- [where] this model has found [hundreds] of vulnerabilities. Now, the sheer count of vulnerabilities doesn't matter. It's the degree of risk that matters. You could have 50 low-risk vulnerabilities versus one very high-risk vulnerability. That one is far more dangerous. We are seeing that, so I think it's a good thing they picked up a few dozen vendors. And that's not just security. This is security, infrastructure, the hyperscalers. About 10 or so got announced in the first batch. That announcement came together very quickly, with CEOs saying, 'Let's do it.' But we have been part of the program. And then we talked to them about being able to talk to our customers because our customers are asking us, 'Hey, what are you doing about it? I didn't see your name.' Well, it's there. It's just that it [fell] under the program. So that's why they said, 'Let's go ahead and you can discuss it. You can talk to your customers.' Because we are getting scores of calls from our customers and partners. And they're saying, 'What do we do? How do we protect ourselves?' I had three calls this morning, and all three of them brought Mythos into the discussion -- while the calls were not scheduled for Mythos. So I think it's important. How effective do you think organizations will realistically be when it comes to dealing with an increase in exploitable vulnerabilities like this? It's an interesting challenge. There are already tons of vulnerabilities that every company has a list of -- that they know they have, but they haven't been able to patch them because they don't have resources to patch them. And even if they patch them, sometimes applications break, so they can't even patch them. Now, imagine the problem of vulnerabilities when it became 20-fold more. You can't keep on hiring people. First of all, you can't find them. And even if you find them, can you even patch? So our view is that the best security is what we have been talking about from the start of Zscaler with zero trust. You hide your applications behind us. The biggest risk is everything starts by finding your attack surface [and then targeting it] as they find vulnerabilities, and that's why they go after it. So that's the biggest discussion we're having with our customers [around] working hard to hide them. Because many times, they can hide [their attack surface] behind Zscaler, but they haven't done so -- even Zscaler customers -- because nobody except Zscaler talks about hiding your attack surface. So now we are doubling down to help the customer by saying, 'You already have the technology. You just need to work on configuring things right.' So you feel like zero trust is the technology that's going to do the most for helping partners and customers with the increased vulnerability exploitation? Everything in security is multiple steps. If you think about the four steps of a breach, they find your attack surface, No. 1. No. 2, they compromise you somehow. No. 3, the compromised entity -- maybe an endpoint, maybe an application that's part of your network -- the [attacker] moves laterally, finds high-value assets and brings them down or encrypts it for ransomware. And step four, they exfiltrate your data. All four steps need to be looked at [where] if they're able to get in, what do you do? No. 1 is hiding your attack surface. No. 2 is preventing compromises. This is where we sit inline. We're inspecting all the stuff, so bad stuff doesn't come in because almost all bad things come from the internet. Step No. 3, if they're able to breach [a system], they get on the network, they move laterally. The lateral movement is the biggest issue. And this is where the second aspect of zero trust comes in. And that basically says, if I have zero trust -- where only a certain entity can talk to a certain entity -- the lateral movement goes away, and you're not on the network. That becomes very important. Then related [to] that is -- if they got on your network, we have this honeypot decoy technology. They try to go after something, we set up a decoy and they fall for it, and they get picked up. And then you need to make sure you have a proper DLP solution in place so they can't exfiltrate your data. So [you need a] holistic approach. But the No. 1 thing is the attack surface. So AI then is not necessarily the full solution on the security side? It's going to help and be important, but the more crucial defense is everything we already have, such as zero- trust technologies? Absolutely. The scary part is when the tool knows how to write code, then the tool also knows how to find vulnerabilities. Then the same tool who knows how to write vulnerabilities also knows how to exploit them. It's a fascinating thing that's going on out there. And so Mythos started it. And I applaud [Anthropic CEO] Dario [Amodei], who actually has taken the high ground all along. He has been pushing for responsible use of AI. And he took a stand on Mythos. Now, people talk to me and say, 'Hey, was it to create marketing hype, or was it real?' Perhaps there was some element of marketing hype. But the risk is real. And now OpenAI has its own model [GPT‑5.4‑Cyber] that has similar capabilities as well. We are part of that program as well. So they follow a similar [approach]. They have two security vendors in the program, and we're one of the two. Now my big worry is that other models aren't too far behind -- Chinese models or other models. And some of these open-source models, they can be trained to do something similar. And they're not going to put controls, like Mythos is trying to put controls on it. So we all need to be paranoid and do [the right] things about it. The good thing is customers are actually all looking at doing something about it. The question is how quickly will they move? Hackers have no inertia. The larger the enterprise, the more inertia. So perhaps we have a bit of a time window before attackers have similar capabilities, but is there any sense about how long that could be? The scary part is things keep on getting discovered. Are we ever going to say we really discovered all the hard stuff? The more sophisticated [the models] are, the more they find. For example, Firefox browsers are everywhere -- [and] if these models can discover vulnerabilities in these tools that have been hidden there for 20 years-plus, it gets hard. That's why minimizing exposure is probably the No. 1 thing we all need to do. And then if something happens, then the other steps are [to] fall back to make sure they don't happen. That's where, assuming that something gets infected, then zero trust -- to make sure it doesn't allow them to move laterally -- becomes a second piece. Some of these honeypots become the third piece. Those are the additional measures we need to take. I don't recall a moment like this in cybersecurity in the past 30 years of my [career], where somebody said, 'Man, this is so scary.' First of all, I think every software provider and critical infrastructure provider needs to take care of [these risks]. It's not just security companies. How about routers and switches and all those devices? What makes it more scary is you do not need source code to find vulnerabilities. Typically, you will look at a source code and find, 'They haven't taken care of this condition.' So you look, you guess, you experiment, you find. [With AI tools] you can go from a binary. Binaries are very easily accessible. Source code is not easily accessible. Binaries are because these binaries are sitting everywhere. So I think, with knowing that somebody will exploit [these systems], just containing the attack surface becomes very important. And containing the attack surface really means doing zero trust -- where everything is an island of its own, and [you can] only talk to certain parties, and you can't just move left or right on the network. To keep [relying] on these firewalls, to create segments and rules, will be almost impossible. Threat actors have extensively targeted network devices, such as firewalls, VPNs, for exploitation in the past -- so is AI-powered vulnerability discovery going to be a major problem for those devices? Yes, exactly. And even routers and switches too. They need to step up and do some more work. The challenge ends up being these devices sit out there with customers. A cloud-based service can be patched and updated a lot more easily because you centrally control it. [Huge amounts of] boxes have been sold and deployed somewhere out there, and no one knows where they are. And then patching becomes hard because even these enterprises don't know where they are. An enterprise may have 800 firewalls. They know the [main] ones in the data center. But a lot of them are sitting in the branch offices and warehouses. Networks were designed to connect things, so they form a mesh. The goal is you should be able to get on the network in one of the 800 branch offices. Once you're on the network, you're like on a highway system. You move left, you right, you find an application, you connect and do your job. The bad guys are exploiting the same design feature of the network. I will get on the network. I'll move left, I'll move right, and I find things and compromise things. So containing the blast radius -- by really doing zero trust, where each entity becomes a segment of its own -- is a powerful story. One business which has done this thing very well is the telcos for their mobile networks. They created a network segment [where] each device is its own segment. The blast radius is just this [device] -- nothing more than that. In the case of traditional IT, the network was designed so that everything connects to the same network -- so they can find each other, connect with each other. And that causes problems. That's why, in the office, [if] one machine got infected somewhere, the malware is going around. That's why we are so passionate about bringing zero trust everywhere. So you do believe we are going to see a lot more exploitation of those traditional network security devices? Unfortunately, the answer is yes because there are no easy answers [about fixing them]. If you look at how many security vulnerabilities have been discovered in firewalls and VPNs over the past two years, the number has been pretty high. But if you ask someone, how many of those firewalls have been patched? No one knows. They're sitting out there somewhere. What makes it more dangerous is you take the vulnerabilities discovered by these sophisticated models. Then you've got agentic technology, which is getting very smart. These AI agents are not simple automation. These are smart things. You can vibe code and create these things. And say, 'Go and look for A, B and C, and make sure you remain hidden.' They're building agents, which try to evade decoys. They're smart. What is your message to channel partners about what they should be focusing on and what Zscaler is going to do to enable them around this issue? There are two things. No. 1, obviously, is deploying zero trust. But I think there's an opportunity for them to work with customers in the short term to help hide their attack surface and take some proactive measures. In fact, we are creating some material for our partners and customers [on] how do you, step by step, find your attack surface? How do you go about blocking? Because a lot of them don't know the basics. And the customer often says, 'Why do I have a big attack surface? I'm not sure.' We run the attack surface report, and it says [there is an] employee portal that has not been used for the last five years. There used to be a portal that was created, so employees could come over the internet and log in. It's still sitting there. They moved it to a new system. The old one is still sitting there. No one has patched it. And some of those things essentially end up being the beachhead for bad guys to go in. So we're educating our partners, so they can go and work with their customers. Every CISO and every CIO is saying, 'What can I do tomorrow?' The good thing is boards and CEOs are paying attention. The key is having a pragmatic approach to take care of these things because security can get geeky. I think that's one of the things people need to keep in mind. They say, 'Gee, I already have 1,000 vulnerabilities.' The issue is not just having the sheer number. The issue is to prioritize them. And that's the second area we are trying to help. A typical CISO in a large enterprise will tell you that they have 2,000 vulnerabilities with [severity scores] that are very high. There's so many that they can't fix them. But the problem is to only look at [the score] alone is not enough. If a software [application] has a very high [severity] vulnerability, but it's sitting deep inside your data center, it's not that high risk. If a vulnerability has only the score of 7.0 [out of 10.0], but it's facing the internet, it's a much bigger risk. So one solution we have is what we call 'unified vulnerability management.' We take the vulnerabilities, we take many other contexts -- internet-facing, non-internet-facing. Is it accessed by outside people or only employees? If it's employees, is it a smaller group of employees or a larger group of employees? Are these applications requiring two-factor authentication or not? So you look at all of that stuff, and then you create a real business risk score, rather than just a CVE score. And with that, customers can prioritize and say, 'OK, I will patch these things first, or I'll hide these things first, and then others.' So prioritization of risk is probably one of the most important things.