Anthropic’s Mythos Finds Critical Firefox Bugs, Driving 423 April 2026 Fixes

Mozilla security researchers said Anthropic’s Mythos, presented in April 2026, discovered multiple critical errors in Firefox, including bugs that had been dormant in the code for more than a decade.

Cadena 3 reported that in April 2026 Firefox launched 423 bug corrections, compared with only 31 a year earlier, and that Mozilla published details on 12 of the errors.

Ars Technica

The Asian outlet 디지털투데이 said Mozilla told readers that Mythos found large numbers of high-risk bugs, including some dormant in code for more than 10 years, and that Firefox distributed patches for 423 bugs in April 2026.

TechCrunch said Mozilla’s researchers described a shift as agentic systems can assess their own work and filter out poor results, and it quoted Brian Grinstead saying, “It is difficult to overstate how much this dynamic changed for us over a few short months.”

Brian Grinstead, a Mozilla senior engineer, said Mythos is “Es útil tanto para atacantes como para defensores, pero tener la herramienta disponible inclina un poco la ventaja hacia la defensa,” while also adding that “Realmente, nadie sabe la respuesta a esto todavía”.

디지털투데이 reported that Mozilla senior engineer Brian Grinstead said, “Mythos is finding far more sandbox vulnerabilities than human researchers,” and it described how finding sandbox vulnerabilities requires a complex multi-step process.

Cadena 3 Argentina

TechCrunch said Mozilla’s Firefox team still does not use AI to fix bugs directly, noting that “every single one is one engineer writing a patch and one engineer reviewing it,” and that “We have not found it to be automatable.”

CNBC quoted Anthropic CEO Dario Amodei warning that AI creates “a narrow window for the world's tech firms, governments and banks to fix tens of thousands of software vulnerabilities,” and it added that “the bad guys will exploit” unpatched issues.

Mozilla said Mythos helped reveal vulnerabilities tied to Firefox’s “sandbox” system, and TechCrunch described that the model must write a compromised patch and then attack the most secure part with the new code implemented.

“Anthropic CEO Dario Amodei warned Tuesday that artificial intelligence has created a narrow window for the world's tech firms, governments and banks to fix tens of thousands of software vulnerabilities found by his company's latest model”

CNBC

Cadena 3 said Mozilla’s bug bounty program pays up to $20,000 for sandbox bugs, and it reported Grinstead saying Mythos is finding more sandbox problems than human researchers did in the past.

CNBC reported that Amodei said AI oversight should resemble what’s done in the automotive industry, including the analogy “You can't just start a car company without 'Are there brakes on this thing?'”.

In the same CNBC account, Amodei said, “If we respond to it correctly, and I think we started to take the first steps,” then “we can have a better world on the other side,” while also noting Anthropic limited Mythos to a few partner companies.