• Mozilla discovered 271 security vulnerabilities in Firefox using Anthropic’s Mythos AI model, with almost no false positives.
  • The key breakthrough was a custom ‘harness’ that guides the LLM through code analysis and uses existing testing tools.
  • Of the 271 bugs, 180 were rated ‘sec-high’, Mozilla’s highest designation for internally reported vulnerabilities.
  • Mozilla disclosed details of 12 vulnerabilities, including test cases, to demonstrate the method’s reliability.
  • Despite skepticism, Mozilla claims AI-assisted vulnerability discovery is a game-changer for software security.

Sources & Links