Mozilla researchers have drawn attention by sharing what changes Anthropic's AI model Mythos brought to Firefox security.

Mozilla said on May 7 (local time) that Mythos found large numbers of high-risk bugs, including some that had been dormant in the code for more than 10 years. Firefox distributed patches for 423 bugs in April 2026. That is a sharp increase from 31 in the same period last year.

Until now, AI security tools had the drawback of producing low-quality reports and false positives. Mozilla researchers said newer-generation tools have reached a turning point as agentic systems can evaluate outputs and filter out poor results. The researchers said, "It is hard to explain how much things have changed in just a few months."

Mythos also played a major role in finding vulnerabilities related to Firefox's sandbox system, it said.

A sandbox is a security mechanism that runs web content in an isolated space to protect a user's computer from malicious websites. Finding sandbox vulnerabilities requires a complex multi-step process, including writing a tampered patch for the browser and then attacking what appears to be the safest part with new code. That is why Mozilla pays up to $20,000 to researchers who find sandbox bugs through its bug bounty program. Mozilla senior engineer Brian Grinstead (브라이언 그린스테드) said, "Mythos is finding far more sandbox vulnerabilities than human researchers."

The Firefox team does not yet use AI to fix bugs. It has AI write patch code for each bug, but it does not ship the output directly and engineers use it only as a reference. Grinstead said, "Bug fixes are still done with one engineer writing a patch and another reviewing it. I do not see it as something that can be automated."