Early this month, Anthropic revealed its new model, Claude Mythos, and went ahead to release “Mythos Preview.”
Anthropic claimed Claude Mythos has the capability to outperform humans in several cybersecurity tasks and hacking. Yesterday, Mozilla, the company behind the Firefox browser, justified the claims and hype surrounding these impressive capabilities.
βWe had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This weekβs release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation,β Mozilla revealed in a blog post.
To show just how effective Claude Mythos is at identifying vulnerabilities, Mozilla used Anthropicβs Opus 4.6 model just last month and discovered only 22 security-sensitive bugs when analyzing Firefox 148.
Firefox CTO Bobby Holley was greatly impressed with the efficiency and sees this as a new beginning in cybersecurity, stating, “Defenders finally have a chance to win decisively.”
AI taking human jobs is a hot topic, and Holley added wood to this fire. The CTO believes that the flaws in the unreleased Firefox version would have taken human experts much longer to uncover.
βEncouragingly, we also havenβt seen any bugs thatΒ couldnβtΒ have been found by an elite human researcher,β Holley wrote.
The difference with Claude Mythos is that there is less need to βconcentrate many months of costly human effort to find a single bugβ in many cases, Holley added.
READ: Report: Glaring Expertise Gap as Sub-Saharan Africa Contributes Just 0.8% of Global AI Publications
For now, he does not believe that future AI models will unearth entirely new forms of vulnerabilities beyond what is currently known to humans. What AI models bring in favor of the defenders is speed in identifying flaws.
Humans’ slow nature has always favored attackers. Closing this gap erodes the attackerβs long-term advantage by making all discoveries cheap and quick.
Open source software stands to benefit greatly as open codebases frequently rely on overstretched volunteers, often leaving security gaps wide open, which can be exploited by attackers who take advantage of the slow response times in addressing these vulnerabilities.
