Mozilla hardens Firefox by fixing 271 latent security bugs with Claude Mythos Preview
Firefox contained latent security bugs that were notoriously difficult to find with traditional fuzzing, particularly sandbox escapes in the multiprocess browser engine that required complex reasoning to discover.
Early LLM code audit experiments using GPT 4 and Sonnet 3.5 for static analysis of high-risk code showed some promise but produced a high rate of false positives that made scaling impractical, and AI-generated security reports to open source projects broadly were regarded as unwanted noise.
Mozilla identified and fixed 271 previously-unknown vulnerabilities using Claude Mythos Preview in Firefox 150, including 180 sec-high and 80 sec-moderate bugs, with 423 total security bugs fixed in April releases.
Show all 8 reported metrics
Frequently asked questions
What did this team achieve with this AI workflow?
Mozilla identified and fixed 271 previously-unknown vulnerabilities using Claude Mythos Preview in Firefox 150, including 180 sec-high and 80 sec-moderate bugs, with 423 total security bugs fixed in April releases.
What tools did this team use?
Claude Mythos Preview, Claude Opus 4.6, GPT 4, Sonnet 3.5, AddressSanitizer.
What results were reported?
bugs identified by Claude Mythos Preview in Firefox 150: 271; total security bugs fixed in April releases: 423; Externally reported bugs: 41; Sec-high bugs (of 271): 180 (source-reported, not independently verified).
What failed first in this deployment?
Early LLM code audit experiments using GPT 4 and Sonnet 3.5 for static analysis of high-risk code showed some promise but produced a high rate of false positives that made scaling impractical, and AI-generated securit…
How is this quality assurance AI workflow structured?
Prompt harness to find bug → AI creates dynamic test cases → Validate real bugs vs noise → Parallelize across ephemeral VMs → Deduplicate, track, and triage → Human review and patch → Ship fixes in Firefox releases.