Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos.

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 19:21:27 GMT

michaelh@fosstodon.org — Thu, 07 May 2026 19:21:27 GMT

@passocacornio @dangoodin If some large precentage of those 271 reports is sandbox escapes and they all got patched there is a decent chance of breaking an in the wild exploit campaign.

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 19:15:09 GMT

passocacornio@tech.lgbt — Thu, 07 May 2026 19:15:09 GMT

@dangoodin @michaelh i... posted my actual impression of the reports on a companion toot its linked in this toot

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 19:13:36 GMT

dangoodin@infosec.exchange — Thu, 07 May 2026 19:13:36 GMT

@passocacornio @michaelh

OK, assuming that's true, what's the quality of them?

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 19:12:58 GMT

dangoodin@infosec.exchange — Thu, 07 May 2026 19:12:58 GMT

@michaelh @passocacornio

Yes, that's true. What I want to know is, what's the quality of the 12?

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 19:12:36 GMT

passocacornio@tech.lgbt — Thu, 07 May 2026 19:12:36 GMT

@michaelh @dangoodin since this one is more of an advertising piece than an actual post-morten... those are the best ones they could find

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 19:09:13 GMT

michaelh@fosstodon.org — Thu, 07 May 2026 19:09:13 GMT

@passocacornio @dangoodin
Its hard to judge without all of them. 12 is what was released.

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 18:43:17 GMT

mhitza@third-party.cyou — Thu, 07 May 2026 18:43:17 GMT

@dangoodin half of a continuation of a report, and half a tech blog discussing the internal security harnessing. Strange to read how it switched between the two and answering interesting questions in the FAQ.

I find confusing the fact that I couldn't find a list for all the invidually tracked bugs (?). Even though they are "rolled up"/grouped under a single CVE, they are tracked individually and that would be a more interesting thing to look at.

And I'm really surprised about the no. of fixed bugs graph, especially for April. How could they handle that jump in volume? More people working on Firefox? More focus on security than other work? "Looks good to me" merges?

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 18:40:13 GMT

passocacornio@tech.lgbt — Thu, 07 May 2026 18:40:13 GMT

@dangoodin if anyone wanna know what I feel about the reports I read

:ms_purple_potion: Passoca Witch :v_enby: :ms_purple_potion: (@passocacornio@tech.lgbt)

Content warning: mozila, antropic

LGBTQIA+ and Tech (tech.lgbt)

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 18:34:52 GMT

psysal@mastodon.social — Thu, 07 May 2026 18:34:52 GMT

@dangoodin I looked at the first one and although I don't know the codebase at all so am missing context, I think I understand it partly (I am a good c++ programmer ) and it certainly looks real to me. There is also discussion on the bugzilla where a developer acknowledges they introduced the bug when doing code cleanup.

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 18:10:51 GMT

viss@mastodon.social — Thu, 07 May 2026 18:10:51 GMT

@mattdm @dangoodin but its all written about the same effort. anthroipics writeup and now this one, as well as the flying penguin post. theyre all about the same thing, and they are very very starkly different

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 18:08:27 GMT

mattdm@hachyderm.io — Thu, 07 May 2026 18:08:27 GMT

@Viss @dangoodin

I'm not saying any of those things, and neither does the Mozilla post.

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 18:05:43 GMT

viss@mastodon.social — Thu, 07 May 2026 18:05:43 GMT

@mattdm @dangoodin and youre ok with anthropics approach here where they disable protections so their new flagship model can pump the numbers? and youre ok with how older models can find the same bug? and theres no gell-mann amnesia going on here?

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:57:16 GMT

mattdm@hachyderm.io — Thu, 07 May 2026 17:57:16 GMT

@Viss @dangoodin

Yes. And I also read the Mozilla post linked above.

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:56:54 GMT

nihilistic_capybara@layer8.space — Thu, 07 May 2026 17:56:54 GMT

@dangoodin second that. Sharing for visibility

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:42:46 GMT

viss@mastodon.social — Thu, 07 May 2026 17:42:46 GMT

@mattdm @dangoodin have you read this?

The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic | flyingpenguin

(www.flyingpenguin.com)

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:40:26 GMT

mattdm@hachyderm.io — Thu, 07 May 2026 17:40:26 GMT

@Viss @dangoodin

That's... not what the linked article says at all. They're making a few public early, but they did indeed find hundreds.

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:36:15 GMT

passocacornio@tech.lgbt — Thu, 07 May 2026 17:36:15 GMT

@dangoodin I... 12 is not a bad number but like...

Note that a number of these bugs are sandbox escapes, which would need to be combined with other exploits to achieve a full-chain Firefox compromise

if they had paid the 20k to a professional code auditor they would have found more... dangerous and relevant exploits

Anyone building software can start using a harness with a modern model to find bugs and harden their code today. We recommend getting started now. You will find bugs, and you will set yourself up to take advantage of new models as soon as they become available.

this sound straight up off of a entry-level "advertising 101" book...

also I looked at some of the bug repports and... meh

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:31:18 GMT

n_dimension@infosec.exchange — Thu, 07 May 2026 17:31:18 GMT

@dangoodin @Viss

No, not the folks waiting for the burn!

Zero days don't matter
AI is a fad
If we ignore the new attack surface and vector it will go away.

#imsosmart

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:29:13 GMT

viss@mastodon.social — Thu, 07 May 2026 17:29:13 GMT

@dangoodin at this point its pretty hard to trust anthropic at their word, and since it was mozilla that they were 'working for', and now mozilla has fallen into the ai deep end, i wager it'll be another one of these:

The Boy That Cried Mythos: Verification is Collapsing Trust in Anthropic | flyingpenguin

(www.flyingpenguin.com)

did you see this writeup?

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:24:33 GMT

dangoodin@infosec.exchange — Thu, 07 May 2026 17:24:33 GMT

@Viss

So, nobody is even going to take a look?

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:22:05 GMT

kn4ntu@mastodon.radio — Thu, 07 May 2026 17:22:05 GMT

@dangoodin I'd take the numbers with a grain of salt. Anything that helps find more is good imho.

Also I wonder what the average exploit/$ is across different projects as a whole.

Thank you

Reply to Mozilla has provided behind-the-scenes details on the 271 vulnerabilities it discovered with the help of Mythos. on Thu, 07 May 2026 17:14:49 GMT

viss@mastodon.social — Thu, 07 May 2026 17:14:49 GMT

@dangoodin considering the mythos papers that anthropic wrote which said they found hundreds, mozilla confirming less than 10% of those seems to me like a desperate grasping at straws by anthropic to somehow prove they werent lying through their teeth with their writeup