Mozilla put Anthropic's Mythos AI to work scanning Firefox's codebase and uncovered 271 security vulnerabilities over two months. This wasn't another hype-driven demo—Mozilla says the results came with "almost no false positives," a rare claim in the AI security space where hallucinated findings have become the norm. The company had previously declared that AI-assisted vulnerability detection meant "zero-days are numbered," prompting skepticism from those accustomed to overblown AI claims.

The breakthrough came from building a custom "agent harness"—code that guides an LLM through specific tasks rather than just prompting it once. Mozilla Distinguished Engineer Brian Grinstead described it as "the code that drives the LLM in order to accomplish a goal." This harness gave Mythos access to the same tools and testing pipelines human Mozilla developers use, including the special Firefox build they use for testing.

Previous AI security tools produced plausible-sounding bug reports that fell apart under human scrutiny. Mozilla's approach of wrapping the model in a purpose-built framework, combined with improvements in Mythos itself, finally delivered usable results. The success validates the company's earlier claim that AI-assisted detection could shift the security equation—though it required significant engineering investment to make it work.