Anthropic’s new cybersecurity-focused AI model, Claude Mythos, recently uncovered 271 vulnerabilities in Firefox, with the findings prompting Mozilla to release patches in Firefox version 150 this week. While over 40 CVEs were addressed, only three were officially credited to Claude – suggesting most of the bugs were lower-severity issues that don’t clear the bar for a public CVE. Mozilla’s Firefox CTO offered a grounded take on the achievement, noting that none of the bugs were beyond what “an elite human researcher” could have found, pushing back on predictions that AI will soon discover entirely novel vulnerability classes. Because of Mythos’s remarkable capabilities – Palo Alto Networks said it completed the equivalent of a year’s worth of pen testing in under three weeks – Anthropic has kept the model out of public hands, offering it only to a select group of major organizations like Microsoft, Google, Apple, and AWS through a program called Project Glasswing. Palo Alto’s chief product officer warned that within six months, similarly powerful AI security tools will likely be widespread, and organizations that haven’t prepared “will face an entirely new class of risk.”.
Read more about it here.