Anthropic AI finds 271 Firefox bugs in two months

Mozilla has revealed that Anthropic's Mythos AI model discovered 271 security vulnerabilities in Firefox over two months, including critical bugs that had remained hidden in the code for more than a decade. The company reported that in April 2026, Firefox shipped 423 bug fixes compared to just 31 exactly one year earlier, marking a dramatic surge attributed to the AI-assisted vulnerability detection system. Among the discoveries were sandbox vulnerabilities that typically require intricate multi-step exploits to identify, demonstrating Mythos' ability to find issues that human researchers rarely uncover despite the $20,000 bug bounty offered for such findings. However, Mozilla's team is not yet deploying AI to fix the bugs it finds; instead, the AI-generated patches serve as templates for human engineers, as the automated code cannot be deployed directly. The breakthrough stems from two key factors: improvements in AI model capabilities and Mozilla's development of a custom "agent harness" that guides the LLM through vulnerability analysis. This harness provides the model with specific instructions, tools to read and write files, and evaluation capabilities, running it in a loop until completion. Mozilla engineers noted that earlier AI bug-finding tools produced significant amounts of hallucinated results, requiring developers toinvest substantial time investigating false positives. The new harness approach has largely eliminated this problem, with Mozilla Distinguished Engineer Brian Grinstead describing the false positive rate as nearly nonexistent. The system gives Mythos access to the same tools and testing pipeline that human Mozilla developers use, including specialized Firefox builds for testing. In a separate security disclosure, firm Adversa AI identified a one-click remote code execution vulnerability affecting Claude Code, Gemini CLI, Cursor CLI, and Copilot CLI. The attack exploits JSON configuration files that can be included in cloned repositories to enable attacker-controlled Model Context Protocol servers without meaningful user consent. Anthropic considers the issue out of scope because users click "Yes, I trust this folder" before the malicious server spawns, though Adversa AI argues this consent is not fully informed, particularly after a more explicit warning dialog was removed in version 2.1. This marks the third CVE in Claude Code over six months stemming from the same root cause. Anthropic CEO Dario Amodei has expressed optimism that such AI security tools will ultimately favor defenders by fixing numerous bugs before attackers can exploit them, though Grinstead offered a more measured assessment, stating that while the technology shifts the advantage somewhat toward defense, the full implications remain unknown.