How Mozilla Uses Claude Mythos to find Firefox bugs before hackers do

TL;DR

• 1

  Mozilla's spike to almost 500 security fixes came from model plus harness, not model alone: Brian Ginstead says the breakthrough was roughly 50-50 between stronger models like Claude Mythos and an internal pipeline that could score files, generate exploits, verify crashes, and route fixes into Firefox's existing bug workflow.

• 2

  The key innovation was forcing the agent to produce proof, not prose: Instead of accepting polished but wrong bug reports, Mozilla required the system to generate HTML test cases that triggered real memory safety crashes in fuzzing builds, which pushed false positives close to zero.

• 3

  Firefox bugs can be ancient and brutally hard to find by hand: One highlighted issue had roots going back roughly 20 years, and Ginstead says agents excel at the tedious code archaeology, even using obscure git commands to trace when a bug was semantically introduced across file renames and refactors.

• 4

  The harness is simpler than it looks: At heart it is an analyzer loop pointed at a high-priority file, a verifier sub-agent to reject bad exploits like test-only prefs or self-introduced vulnerabilities, and a patching agent that proposes fixes and checks whether the crash disappears.

• 5

  Prioritization mattered because Firefox is too large to scan in one shot: With tens of thousands of files and tens of millions of lines of code, Mozilla used an LLM judge to score files by likelihood of memory safety issues and accessibility from a web page, then batched runs where the odds were highest.

• 6

  Humans are still essential, especially for broad fixes: The patching agent could suggest a valid local fix like changing one assertion, but expert Firefox engineers still had to spot adjacent cases, apply architecture-level judgment, and land production-ready patches across similar code paths.