Holley says that by finding bugs so quickly, AI systems like Mythos shift the advantage toward defenders, since making vulnerability discovery cheaper helps both sides. “A few months ago computers couldn’t do this at all, and now they do it exceptionally well,” Holley writes. “We’ve spent years dissecting the work of the world’s top security researchers, and Mythos Preview is just as capable.”
In an interview with Wired, Holley warned that this type of AI-assisted vulnerability analysis is something “every piece of software is going to have to [engage with],” because most programs hide many bugs that can now be uncovered. While future models more advanced than Mythos might reveal flaws current systems miss, Holley said he was confident that “at least on the Firefox side, having had a bit of a head start here, that we’ve rounded the curve.”
Putting software through AI-driven security checks may be especially crucial for the open-source projects that form much of today’s Internet. Their public codebases are easier for AI to scan for weaknesses, and many projects depend on woefully thin volunteer maintenance for their security.
In a New York Times essay last week, Mozilla CTO Raffi Krikorian argued that the human difficulty of both finding vulnerabilities and writing intricate software created a balance in cyberthreat research that Mythos could shatter. “The programmer who gave 20 years of his life to maintain [open source] code that runs inside products used by billions of people? He doesn’t have access to Mythos yet. He should,” Krikorian wrote.
