Firefox: The zero-days are numbered

ThisFirefox blog post reports that the Firefox150 release includesfixes for 271 vulnerabilities found by the Claude Mythos preview.

Elite security researchers find bugs that fuzzers can't largely byreasoning through the source code. This is effective, buttime-consuming and bottlenecked on scarce humanexpertise. Computers were completely incapable of doing this a fewmonths ago, and now they excel at it. We have many years ofexperience picking apart the work of the world's best securityresearchers, and Mythos Preview is every bit as capable. So farwe've found no category or complexity of vulnerability that humanscan find that this model can't.

This can feel terrifying in the immediate term, but it's ultimatelygreat news for defenders. A gap between machine-discoverable andhuman-discoverable bugs favors the attacker, who can concentratemany months of costly human effort to find a single bug. Closingthis gap erodes the attacker's long-term advantage by making alldiscoveries cheap.