Content Fans

Mozilla's AI finds 271 Firefox bugs, some 15 years old

Serge Bulaev

Serge Bulaev

Mozilla engineers report that an AI harness using Anthropic's model found 271 old Firefox bugs, some dating back 15 years. The system may have sped up finding and fixing issues that survived previous testing methods. The process uses two separate AI agents: one to find crashes and another to verify them before humans check the results. Mozilla suggests this method keeps false positives low. The findings suggest that using advanced AI models could make fixing browser bugs much faster.

Mozilla's AI finds 271 Firefox bugs, some 15 years old

Mozilla's AI is revolutionizing its security workflow, finding 271 Firefox bugs - some buried for years - that traditional methods missed. Engineers are using a custom AI harness with Anthropic's Claude model to surface and validate browser vulnerabilities that survived years of regular fuzzing. The Claude Mythos sweep generated 271 fixes, while Mozilla's total security improvements include multiple sources including fuzzing, external researchers, and other AI tools.

Senior engineer Brian Grinstead explained the tightly controlled workflow designed to manage the large language model's output. The process involves a two-stage verification system: first, a discovery agent proposes a reproducible crash in a secure fuzzing environment. Then, a separate verifier agent must independently replicate that crash and create a minimal test case. Only after this second validation does a human engineer review the findings. Mozilla attributes the system's minimal false positive rate to this dual-agent approach.

Key Statistics

A technical write-up on the Mozilla Hacks site confirms the AI harness located 271 unresolved vulnerabilities, which were subsequently patched in the Firefox 150 development branch. A public post on the Mozilla Blog highlights this achievement as proof that "frontier AI models can sharply compress the time between discovery and remediation," accelerating the entire security process.

How Claude Mythos found legacy bugs in Mozilla Firefox

Mozilla's team developed a specialized AI harness using Anthropic's Claude Mythos Preview model. This system operates under strict procedural constraints, using one sandboxed agent to discover a potential crash and a second, independent agent to verify it before any human review, ensuring high accuracy and minimal false positives.

While Grinstead's team selected Claude Mythos Preview for its strong performance in memory-safety reasoning and its supported Agent SDK, he emphasizes that the procedural framework - not the specific model - was the key innovation. The custom harness enforces four critical constraints to ensure reliable and secure operation:

  • Each agent run is sandboxed in a stripped-down container with no write access to production repositories.
  • The discovery agent must trigger a deterministic crash inside five minutes or abandon the attempt.
  • A verifier agent built on a different prompt set must reproduce the finding before escalation.
  • All artefacts - prompt, crash log, stack trace, proof-of-concept - are stored for manual audit.

Early performance metrics show promising results. Sources state the model had almost no false positives and used a second LLM for verification, achieving confidence levels close to traditional methods. Sources compare Mythos to Claude Opus 4.6, which found 22 bugs, demonstrating the advancement in AI-powered security tools.

This two-stage design aligns with a broader industry trend toward separating the generation and validation phases in AI-powered security tools. Sources state Mozilla used another LLM to verify AI output, achieving confidence close to traditional methods. Mozilla effectively avoided potential pitfalls by requiring confirmation from a distinct agent.

Scaling from initial tests to release integration

The tangible impact of this approach is already visible in Firefox's nightly builds. According to an Axios report, an earlier scan with Anthropic's Claude Opus 4.6 model uncovered 22 vulnerabilities that were fixed in Firefox 148 link. Just three months later, the more advanced Mythos Preview model identified the larger set of 271 latent bugs. Mozilla notes that the identified issues included legacy bugs such as long-standing flaws in components like and XSLT that survived years of fuzzing.

Based on this success, Grinstead advises other development teams to pilot multiple AI models in parallel, implement strict reproducibility requirements, and limit human review to only those findings that pass automated verification. He notes that this methodology keeps the team focused on resolving tangible crashes instead of getting sidetracked by potential LLM inaccuracies or "hallucinations."

How did Mozilla identify a significant number of Firefox security bugs efficiently?

Mozilla deployed AI agents powered by Claude Mythos Preview inside a custom harness that Bryan Grinstead nicknamed "the judge".
- 271 fixes came from bugs discovered by this AI-powered loop during the Firefox 150 cycle (April 2026).
- The same approach had already helped ship 22 security fixes in Firefox 148 after an earlier run with Claude Opus 4.6.
- Together, the two runs closed vulnerabilities that had lived in Firefox for many years.

What is the two-stage verification that kept false positives minimal?

Every candidate bug has to survive two gates before a human even sees it:

  1. Trigger gate - an agent must crash a hardened fuzzing build with a reproducible input.
  2. Verifier gate - a second, independent sub-agent re-analyzes the crash, re-runs the exploit, and checks the patch still passes all tests.

If either step fails, the report is discarded. This process significantly reduced false-positive noise compared with earlier LLM-only scans, Mozilla says.

How does the custom harness turn Claude into a security tool?

Mozilla glued open-source parts together with Anthropic's Claude agent SDK:

  • ReAct-style agents can call clang, rr, Valgrind, and libFuzzer.
  • A scoreboard micro-service ranks each file by "likely exploitable" probability.
  • All prompts, traces, and crash artifacts are stored in an append-only log so humans can replay any step.

The entire harness is <3 000 lines of Python and runs on spot instances; Bryan argues the harness, not the raw model, is the real innovation.

What kinds of long-forgotten bugs did the AI surface?

Findings from Mozilla's analysis:

  • The AI surfaced legacy bugs that had survived years of traditional fuzzing.
  • One use-after-free in the SVG parser had survived multiple releases untouched.
  • Memory-safety issues dominated the findings, followed by type-confusion flaws.
  • An agent needed multiple attempts to craft the exact input that triggered some of the oldest bugs.

Mozilla's write-up shows that older, rarely-used code paths were the ripest targets.

Can other organizations replicate this workflow?

Yes, but Mozilla's engineers offer three caveats:

  • Keep humans in the loop - even advanced models can mis-flag some reports regarding severity.
  • Budget for patch triage - the April run produced a significant volume of patches that required dedicated senior reviewer time.
  • Never run agents with write access to prod - the harness only writes to disposable containers and opens GitHub PRs that still require CI + human sign-off.

Mozilla discusses the AI security collaboration in 'The zero-days are numbered' blog post, encouraging other organizations to explore similar approaches while maintaining proper security controls.