Mozilla Says AI Tool Mythos Found 271 Vulnerabilities With "Almost No False Positives" Mozilla engineers revealed on Thursday that their use of Anthropic’s Mythos AI model uncovered 271 security flaws in Firefox over two months, with the results showing "almost no false positives." The findings, detailed in a behind-the-scenes post, mark a significant step in leveraging AI for vulnerability detection, though the claims have drawn skepticism from critics who question the reliability of such tools. The project, led by Mozilla’s Distinguished Engineer Brian Grinstead, focused on improving AI-assisted security testing by developing a custom "harness" to guide Mythos through Firefox’s source code. Unlike earlier attempts where AI-generated bug reports often contained hallucinations, the harness allowed the model to interact with the same tools and processes used by human developers. This included access to Firefox’s specialized build systems and testing frameworks, enabling Mythos to identify memory safety issues by triggering crashes in a sanitizer build. The harness worked by instructing Mythos to "find a bug in this file," then providing it with tools to generate test cases and evaluate results. If the AI identified a potential issue, the system would run the test case through existing fuzzing tools. A second LLM was used to grade the output, ensuring high confidence in the findings. Grinstead emphasized that this process eliminated the need for manual verification of most reports, allowing engineers to quickly confirm vulnerabilities and iterate on fixes. Mozilla’s analysis revealed that 180 of the 271 vulnerabilities were classified as "sec-high," the highest priority for internally reported bugs. These flaws could be exploited through normal user actions, such as visiting a malicious website.#anthropic #mozilla #firefox #mythos #brian_grinstead
Trump Administration Considering Safety Review for New AI Models Amid Post-Mythos Concerns The Trump administration is exploring a new initiative that would mandate the Pentagon to conduct safety assessments for AI models deployed by federal, state, and local governments, according to Axios. This development comes as the White House grapples with the security implications of advanced AI systems, particularly following the release of Anthropic’s Mythos Preview. The plan aims to address vulnerabilities in AI models before they are integrated into public sector operations, marking a shift from the administration’s previous stance of minimal oversight. The Office of the National Cyber Director (ONCD) has convened two key meetings in recent weeks, engaging with technology companies and industry trade groups to discuss broader security risks posed by advanced AI models. These discussions have centered on the need for a structured framework to evaluate the safety and security of AI deployments. Sources indicate that the ONCD is considering a proposal that would place the Pentagon in charge of leading safety testing for AI systems used by government entities. This would add an additional layer of scrutiny to ensure that models are secure before they are implemented in critical infrastructure and public services. The proposed framework is reportedly well advanced, with one source noting that it was under development prior to the release of Mythos, which has intensified concerns about AI’s potential for cyber threats. While the administration is considering an executive order to assign multiple agencies with the responsibility of safety testing, it remains unclear whether the plan will incorporate updates to address advancements in models like Mythos and OpenAI’s GPT 5.5.#pentagon #trump_administration #anthropic #office_of_the_national_cyber_director #mythos
