AI Security: Mozilla Mythos Finds 271 Real Firefox Bugs

Mozilla just deployed Anthropic's Mythos AI (an automated code-analysis and AI security system trained to find security flaws) against Firefox's entire codebase — and found 271 real, verified vulnerabilities in two months. That number matters not because of its size, but because every finding was genuine: no hallucinated bugs, no fictional CVEs (Common Vulnerabilities and Exposures — the official ID system for real security flaws) that send engineers chasing phantom problems for weeks.

The same week Mozilla published these results, attackers were running a 40-day supply chain attack (a hack that targets the software distribution pipeline rather than end users directly) through the popular Daemon Tools app — reaching machines in 100+ countries. AI tools are starting to win on defense. Attackers haven't slowed down.

271 Firefox Bugs Verified: AI Security Without Hallucinations

Mozilla's previous experiments with AI-assisted vulnerability detection produced reports with what engineers described as "large percentage hallucinated details" — plausible-sounding bug descriptions pointing to code that didn't actually have the described flaw. Each false alarm required a human engineer to investigate and discard. At scale, this burned more time than it saved.

Mythos changed that. Mozilla engineers reported the system produced "almost no false positives" in its two-month run against Firefox's full codebase. The output: 271 verified vulnerabilities, all real, all actionable. Mozilla's CTO framed the shift bluntly: "zero-days are numbered" — meaning unknown vulnerabilities that attackers exploit before a patch exists are running out of time.

The difference from earlier AI attempts, in concrete terms:

Metric	Mythos (2026)	Earlier AI Models
False positive rate	Almost zero	High hallucination rate
Verified bugs found	271 in 2 months	Low, unreliable output
Implementation	Custom Firefox harness	Generic AI prompting

AI Security Engineering: The Custom Harness Behind Mythos's Accuracy

Here is what most AI coverage skips: Mythos did not simply "work on Firefox." Mozilla built a custom harness (a purpose-built software adapter that translates Firefox's specific code structure, build system, and test framework into a format the AI can analyze). Without that infrastructure investment, Mythos would likely produce the same hallucinated output as earlier tools.

This distinction matters enormously for teams hoping to replicate Mozilla's results. AI-assisted vulnerability detection is not plug-and-play. It requires domain-specific tooling — the harness must understand how the target codebase is organized. It requires engineering time — Mozilla's team built and validated the harness before reliable results appeared. And it requires iterative refinement — false positive rates dropped as the harness improved, not just as Mythos improved.

The generalization caveat: teams hoping to run an AI model against their own codebase should expect to invest significantly in harness development before results are reliable. The 271-bug headline is real. The infrastructure behind it is the harder part to replicate — and the part that doesn't make the press release.

Supply Chain Attacks: 40-Day Daemon Tools Backdoor Reaches 100+ Countries

While Mozilla built AI defenses, attackers were systematically exploiting software supply chains (the network of third-party tools, libraries, and dependencies that developers use to build software). Three significant incidents surfaced in the same window:

Daemon Tools: 40 Days, 100+ Countries, 12 Selective Payloads

Daemon Tools (a popular Windows utility that lets you mount disk image files — like .ISO files — without needing a physical disc drive) was backdoored starting April 8, 2026. Affected versions: 12.5.0.2421 through 12.5.0.2434. The attack spread via the developer's official website using signed binaries (software cryptographically stamped as legitimate by the developer), making detection extremely difficult without detailed log review.

Reach: thousands of machines across 100+ countries were infected. But only approximately 12 machines received a follow-on payload (the actual malicious code that causes damage, as opposed to the initial backdoor that creates access). Targets included retail, scientific, government, and manufacturing sectors — suggesting a selective intelligence-gathering operation rather than opportunistic mass infection. The attacker chose carefully who to activate.

Checkmarx: Two Breaches, 40 Days Apart

Checkmarx (an enterprise code security scanning platform used by large development teams to find vulnerabilities before software ships) was hit twice within 40 days. The first breach came via Trivy (an open-source container security scanner — a tool that checks software containers for known vulnerabilities) on March 19. Four days later, attackers used that access to compromise Checkmarx's own GitHub organization on March 23 — turning a security firm into a delivery mechanism for attacking its own customers. A security tool became the attack surface.

element-data: 1 Million Monthly Downloads Compromised

element-data (an ML monitoring command-line tool — software used by data science teams to track the behavior and quality of machine learning models) had its signing keys (cryptographic credentials that prove software came from its legitimate developer) stolen after attackers exploited a vulnerability in the developer's build workflow. With 1 million+ monthly downloads at the time of compromise, the exposure window was significant. The full scope of affected users and credentials remains unknown.

CopyFail Linux Vulnerability (CVE-2026-31431) and the Kernel Patch Gap

Adding to the threat surface: a Linux local privilege escalation vulnerability (CVE-2026-31431, nicknamed CopyFail) was publicly disclosed with a working exploit that functions across every vulnerable Linux distribution with zero per-distro modification. Most privilege escalation exploits (attacks that let a regular user gain full system administrator access without permission) require some customization to work across different Linux versions. CopyFail does not — a single script runs everywhere.

Kernel patches were released across 8 versions: 7.0, 6.19.12, 6.18.12, 6.12.85, 6.6.137, 6.1.170, 5.15.204, and 5.10.254. The problem: at the time the public exploit appeared, few major Linux distributions had deployed the patch. The gap between patch availability and distribution rollout left millions of systems exposed during exactly the period attackers could leverage it.

Ubuntu's infrastructure went down for 24+ hours from a sustained DDoS attack (Distributed Denial of Service — flooding servers with so much traffic they become unavailable) claimed by a pro-Iran group using a platform called Beam. Ubuntu's primary communication channels were also taken offline, limiting the team's ability to coordinate a public response while the attack ran. Mirror servers remained operational throughout.

AI Security Checklist: 4 Critical Steps After These Supply Chain Attacks

If any of these events touch your environment, here is where to focus:

• Daemon Tools users: Check your installed version immediately. If it falls between 12.5.0.2421 and 12.5.0.2434, update and review system logs for unusual outbound connections starting April 8, 2026.
• Linux administrators: Verify your kernel version against the CopyFail patched list (CVE-2026-31431) and check whether your distribution has pushed the fix. Your distro's security advisory page shows rollout status.
• DevOps and ML teams: If element-data appears in any dependency tree your team uses, rotate credentials and tokens that may have been exposed. Review your AI automation and dependency security practices for signing key hygiene.
• Security scanning teams: Verify the integrity of pipeline configurations connected to Checkmarx or Trivy-based workflows. Audit any automated deployment steps that unconditionally trust these tools.

The Mozilla/Mythos result is the week's clearest signal: AI can genuinely contribute to security defense, but only with the right engineering infrastructure behind it. The 271 bugs were not found by running an AI on autopilot — they were found by a team that built a custom harness, defined clear scope, and validated every output. If you want to explore how AI automation fits into your own security or developer workflows, our getting-started guide is a solid starting point.

Related Content — Get Started | Guides | More News