When Anthropic's Mythos model was unveiled last April, it came with a stark warning to software developers. The AI had discovered thousands of high-severity bugs, some dormant for over a decade.

Mozilla’s security researchers have now provided insights into how this has transformed the landscape of software security. They've found that the latest generation of AI tools, such as Mythos, are significantly more capable and can filter out false positives, leading to fewer low-quality reports. In April 2026, Firefox shipped 423 bug fixes, a substantial increase from just 31 in the same period last year.

One particularly impressive find was a sandbox vulnerability. To detect these, Mythos must write a compromised patch and then attack the most secure part of the software with new code. Despite this complexity, Grinstead notes that they are finding more sandbox issues than ever before from human researchers. However, AI is still not automating bug fixes, as every single fix requires a human engineer to review and deploy it.

The impact of these tools on cybersecurity remains unclear. While some argue that defenders will gain an upper hand by fixing bugs proactively, others are wary of the potential misuse by bad actors with similar technology. Anthropic's CEO, Dario Amodei, sees hope in this new era: ‘If we handle this right, we could be in a better position than we started, because we fixed all these bugs.'