code-analysis

Mozilla's Firefox engineering team identified 271 vulnerabilities for version 150 using Anthropic's Claude Mythos Preview, following a prior collaboration that yielded 22 security-sensitive fixes in version 148 using Opus 4.6. The findings demonstrate that AI models can now match elite human security researchers at discovering code vulnerabilities.

Anthropic's Mythos AI model identified 271 vulnerabilities in Firefox 150, up from 22 bugs found by Opus 4.6 in Firefox 148. Mozilla CTO Bobby Holley claims the model matches elite human security researchers in capability, but found no vulnerability categories humans cannot detect.

Replit has introduced Security Agent, an AI-powered tool that performs comprehensive security reviews of codebases in under an hour. The agent uses a hybrid approach combining LLMs with Semgrep and HoundDog.ai, and according to recent research can identify up to 93.3% of false positives from traditional static analysis tools.

Anthropic unveiled a preview of Mythos, a frontier model it claims is the most powerful in its Claude lineup, for use in Project Glasswing—a cybersecurity initiative with 40+ partner organizations. According to Anthropic, Mythos identified thousands of zero-day vulnerabilities, many critical and up to two decades old, during early testing. The model will not be made generally available and is restricted to defensive security work by vetted partners.

OpenAI has released Codex Security as a research preview, an AI application security agent designed to detect and patch complex code vulnerabilities. The tool analyzes project context to reduce noise and increase confidence in vulnerability detection.