Amidst ongoing discussions about the transformative potential of AI in cybersecurity, **Mozilla** announced on Tuesday that **Firefox** 150 includes mitigations for 271 vulnerabilities. These flaws were identified using early access to **Anthropic's Mythos Preview**, showcasing the power of AI-driven vulnerability detection. The **Firefox** team acknowledges the significant effort required to handle the influx of bugs uncovered by AI, emphasizing its necessity for user security given the inevitable weaponization of these capabilities by malicious actors. ### AI's Impact on Vulnerability Hunting Both **Anthropic** and **OpenAI** have recently unveiled AI models boasting advanced cybersecurity capabilities. These models promise a paradigm shift in how vulnerabilities and misconfigurations are identified in software systems. Due to the potential impact, access to these models has been limited, with industry working groups formed to assess their implications. **Mozilla**'s experience demonstrates the profound impact of AI tools like **Mythos Preview** on vulnerability discovery. According to Bobby Holley, **Firefox**'s chief technology officer, "Our belief is that the tools have changed things dramatically, because now we have automated techniques that can cover, as far as we can tell, the full space of vulnerability-inducing bugs." Traditionally, **Firefox** and other organizations have relied on a combination of automated techniques, such as software fuzzing, and manual vulnerability hunting by internal and external researchers. Now, AI is changing the game. ### A "Bootcamp" for Software Security Holley suggests that emerging AI capabilities will force all software to undergo a rigorous security assessment, uncovering and fixing latent vulnerabilities. Companies like **Anthropic** and **OpenAI** are seemingly encouraging major players to undergo this overhaul before wider availability. "Every piece of software is going to have to make this transition, because every piece of software has a lot of bugs buried underneath the surface that are now discoverable," says Holley. "This is a transitory moment that is difficult and requires coordinated focus and a lot of grit to get through." **Mozilla** gained access to **Mythos Preview** through direct collaboration with **Anthropic**, and is not formally part of its larger consortium, **Project Glasswing**. ### Open Source Implications Given their widespread use and often limited maintenance resources, open-source projects are particularly vulnerable to AI-driven bug hunting. The impact could be especially significant for abandonware, which is no longer actively maintained. Raising awareness about the urgency and resource requirements of securing software in the age of AI is critical for open-source projects, says Holley. "I've talked to engineering leaders at very large companies who are saying that they're going to be pulling thousands of engineers off of everything to be working on this for the next six months," he says. "So it is going to be a big challenge for industry, and the concern is for smaller projects and open source. It’s difficult for these maintainers to not only have the wherewithal and the access to be able to use these tools, but also to actually do anything with them." ### The Economics of Open Source Security In a recent New York Times Opinion essay, **Mozilla** CTO Raffi Krikorian argued that the arrival of AI cybersecurity capabilities risks exacerbating existing inequalities in software security. "The underlying economics haven’t changed," Krikorian wrote. "The most valuable software infrastructure in the world continues to be maintained by people working for free, while the companies building fortunes on top of it never had to pay for its upkeep. Now a powerful new capability has arrived—and as we’ve seen repeatedly in tech, there’s the risk that organizations with resources will receive it first and learn to protect themselves, while others are left vulnerable." **Firefox**'s Holley emphasizes collaboration within the open-source community to share knowledge and tools. "Ultimately the open source stuff is a human problem," Holley says. "There’s only so much that you can scale with technology—there’s a lot of the industry and everybody just needing to come together."