Mozilla used an agentic harness with Anthropic’s Claude Mythos Preview to test Firefox 150, and the setup found 271 vulnerabilities with fewer than 15 false positives by using AddressSanitizer crashes as the proof signal. The result shows that the harness and verification pipeline mattered more than the model alone, while Firefox’s prior hardening blocked some sandbox escape attempts through prototype pollution. #Mozilla #ClaudeMythosPreview #Firefox #AddressSanitizer
Keypoints
- Mozilla paired Claude Mythos Preview with an agentic harness to hunt bugs in Firefox.
- The harness used AddressSanitizer crashes as a deterministic success signal.
- The run surfaced 271 Firefox vulnerabilities with fewer than 15 false positives.
- Several findings included sandbox escape primitives and memory corruption issues.
- Mozilla’s earlier hardening, including frozen prototypes, blocked some attack paths.
Read More: https://www.toxsec.com/p/mozilla-mythos-harness-ai-bug-hunting