Mozilla Uses Claude Mythos To Find Hundreds Of Bugs In Firefox Browser (ETV Bharat via Mozilla and Anthropic)
Hyderabad: While the cybersecurity world went into a frenzy over the report of Anthropic’s Claude Mythos falling into the hands of unauthorised users, the AI model continues to perform its intended function at mandated parties. One such player is Mozilla, which claims to have utilised an early version of Claude Mythos Preview to scan their Firefox internet browser and found hundreds of flaws.
The Firefox team shipped fixes for 423 security bugs in the April release, which included 271 issues found by Mythos. According to the company’s post on hacks.mozilla.org, one of the 12 sampled bugs was a 15-year-old bug in the
“We have many years of experience picking apart the work of the world’s best security researchers, and Mythos Preview is every bit as capable. So far, we’ve found no category or complexity of vulnerability that humans can find that this model can’t,” the Mozilla team said.
Acknowledging that the capability of the AI model can feel terrifying in the immediate term, the team believes that it is ultimately great news for defenders. Explaining the reasoning behind it, they said that a gap between machine-discoverable and human-discoverable bugs favours the attacker, since the bad actors can concentrate many months of costly human effort to find a single bug.
“Closing this gap erodes the attacker’s long-term advantage by making all discoveries cheap,” it added.
Adding further, the team highlighted that there were no bugs that could not have been found by an elite human researcher. They also refuted the notion that future AI models would unearth entirely new forms of vulnerabilities that surpass current comprehension. The team argued that software like Firefox is designed in a modular way for humans to be able to reason about its correctness, and while it is complex, it is not arbitrarily complex.
The team, however, warns that human-comprehensibility is an essential property to maintain, especially in critical software like browsers and operating systems. Otherwise, there will be a risk when codebases begin to surpass human comprehension as a result of more AI in the development process, scaling bug complexity along with discovery capability.
