Claude Mythos helped Firefox identify 271 security vulnerabilities; how does Mozilla view this "AI vs. Human" result?

📄Full Article· Automatically extracted by trafilaturaGemini 翻譯1393 words

Anthropic's Claude Mythos helped Mozilla in a security assessment, identifying 271 zero-day vulnerabilities in Firefox, all of which have been patched in Firefox 150, including a legacy vulnerability that had existed for 27 years; what does Mozilla have to say? (Previous coverage: Anthropic announces Project Glasswing: Joining forces with 12 giants including Apple and Microsoft, the most powerful model Claude Mythos uncovers thousands of vulnerabilities) (Background supplement: The end of antivirus software? Claude AI uncovers 500 zero-day vulnerabilities, shocking Wall Street; CrowdStrike plunges 18%) ... A vulnerability appeared within 20 minutes. After Claude Mythos began scanning the Firefox JavaScript engine, it found a "Use After Free" memory vulnerability. Project Glasswing is a defensive security initiative announced by Anthropic in April 2026. Its core logic is to provide Mythos Preview to organizations most capable of patching vulnerabilities, completing defenses before malicious attackers can acquire the same tools. Partners include 12 tech giants such as Apple, Microsoft, Google, and AWS. Anthropic has pledged $100 million in support and donated $4 million to open-source security organizations. Mozilla is among the first partners to publicly share results. According to Firefox's patch notes, this update addresses the 271 vulnerabilities discovered during the Mythos Preview assessment. In fact, this is not the first collaboration between Anthropic and Mozilla. Before the advent of Mythos Preview, the two parties had already completed an assessment using Claude Opus 4.6: the model submitted 112 reports in two weeks, confirming 22 vulnerabilities, 14 of which were high-severity, accounting for nearly one-fifth of all high-severity patches for Firefox in 2025. The number of vulnerabilities found by Mythos Preview this time is 12 times that amount. The most notable part of Mozilla's assessment is two contrasting conclusions: The first sentence: "So far, we have not found any type or complexity of vulnerability that a human can find but this model cannot." The second sentence: "We also have not found any vulnerability that cannot be discovered by elite researchers." Taken together, the two sentences mean that AI and top-tier human security researchers are actually still standing at the same capability boundary. Some commentators predict that future AI models will uncover entirely new types of vulnerabilities, even beyond our current understanding, but we do not think so. Software like Firefox is inherently designed in a modular way, with the goal of allowing humans to reason about and verify its correctness. It is indeed complex, but it is not the kind of boundless, incomprehensible complexity. Overall, Mozilla's comments are optimistic, but for the defense side, this is a limited window of opportunity: Mythos Preview is currently still in the hands of organizations with defensive purposes, and attackers have not yet obtained the same tools. However, Anthropic itself has warned that no one knows how long this gap can be maintained. "AI and human capabilities are equivalent" sounds like a mediocre conclusion, but what cannot be ignored is a fundamental calculation: time cost. The Firefox codebase has approximately 6,000 C++ files. Even if human security researchers focus all their efforts, it would take a long time to systematically cover all legacy code; Mythos completed a full scan in a few weeks, increasing execution speed by dozens of times. It is not that humans cannot find them, but that there has never been time to address them in the long to-do list.

Data Status✓ Full text extractedRead Original (動區 BlockTempo)

🔍Historical Similar Events· Keyword + Asset Matching6 items

2026-04-22

Claude Mythos Identifies 271 Vulnerabilities in Mozilla’s Firefox

2026-04-22

Anthropic's Claude Mythos AI Finds 271 Vulnerabilities in Firefox—Yes, It's Seriously Powerful

2026-04-23

OpenAI CEO Sam Altman slams Anthropic: Fear-mongering Claude Mythos is just to monopolize AI

Similarity 170%關鍵字 claude/mythos同分類 zh

2026-04-22

Bloomberg reveals Claude Mythos has been subject to unauthorized access! The hardest vulnerability for Anthropic to defend against will always be "people."

Similarity 170%關鍵字 claude/mythos同分類 zh