With the April launch of the Mythos model, Anthropic sent a clear signal to the technology industry: artificial intelligence is entering the era of automated and highly effective security auditing. The scale of its capabilities has just been verified in practice by Mozilla. The makers of the Firefox browser have reported that the new AI model has helped them track down hundreds of serious vulnerabilities, including vulnerabilities that have escaped the attention of developers for more than a decade.
The difference in effectiveness is unprecedented. In April 2026 alone, Firefox received as many as 423 security patches. In comparison, only 31 were implemented in the same period a year earlier. Among the most serious published incidents by Mozilla was a bug in the way HTML elements were processed, which had remained unnoticed in the browser’s code for fifteen years.
From a business and technical point of view, however, Mythos’ real triumph is its ability to breach process isolation mechanisms (known as sandboxing). These are highly complex attacks, requiring the model to develop a modified version of the browser’s code and then precisely strike at its most closely guarded areas. It’s a process that requires creativity that, until now, has only been the domain of the most talented engineers.
In the traditional market model, Mozilla pays researchers up to $20,000 as part of a bug bounty programme for finding such vulnerabilities. This is the highest possible rate in the company’s entire price list. Despite such strong financial incentives, human experts have rarely delivered such spectacular results. Mozilla engineer Brian Grinstead outright admits that while submissions of similar severity have always come to the company, their frequency has never matched the current pace imposed by the algorithms.
The success of the Mythos model heralds a profound transformation in software engineering and the economics of cyber security. For technology giants, it means a dramatic decrease in the time it takes to patch holes in systems before their commercial debut. At the same time, the speed at which Anthropic’s AI disassembles years-old code proves that traditional manual security testing is about to become a song of the past.
