Mozilla has released new details on how it used Anthropic's Mythos AI model to uncover 271 security vulnerabilities in Firefox over two months-with what it describes as "almost no false positives."
Earlier claims by Mozilla's CTO that AI-assisted detection meant "zero-days are numbered" were met with skepticism. But in a Thursday blog post, Mozilla engineers explained two key factors behind the breakthrough: improvements in the AI models themselves, and Mozilla's development of a custom "agent harness."
Mozilla Distinguished Engineer Brian Grinstead said prior AI vulnerability detection efforts often produced "unwanted slop"-including hallucinated bug reports that required extensive human review. The difference with Mythos, he noted, was the harness. This piece of code wraps around the large language model, providing instructions, tools, and a loop for executing tasks. It gave Mythos access to the same testing tools and Firefox build that human developers use.
Grinstead said the harness is essential for reducing false positives and making AI-driven security analysis viable at scale. The results, he added, show defenders "finally have a chance to win, decisively."