Vesper
ENESFRTR
Log inSign up
Charts
Articles:SportsHealthHistoryTech
Markets
EUR/USD1.1775 0.12%GBP/USD1.3618 0.06%USD/JPY156.66 0.06%USD/CHF0.7772 0.17%AUD/USD0.7244 0.15%USD/CAD1.3672 0.10%USD/CNY6.8157 0.21%USD/INR94.50 0.01%USD/BRL4.9164 0.05%USD/ZAR16.38 0.23%USD/TRY45.36 0.01%Gold$4,715.70BTC$80,452 1.04%ETH$2,316 1.64%SOL$93.66 6.27%
Tech

Mozilla says 271 vulnerabilities found by Mythos have 'almost no false positives'

Ars Technica10 h ago
ShareXWhatsAppTelegramLinkedIn
Computer screen showing code with security analysis warnings highlighted
Photo: Tima Miroshnichenko / Pexels

Mozilla, the nonprofit foundation behind the Firefox browser, has expanded its security engineering pipeline with a new AI-assisted tool. The system, named Mythos, scans millions of lines of C++ and Rust code to surface memory-safety and input-validation flaws. The organization says nearly all of the 271 vulnerabilities it flagged were confirmed as real bugs after human review.

Mozilla argues that conventional static analyzers have long burned engineering time with high false-positive rates. Mythos pairs a large language model with data-flow analysis and symbolic execution to prioritize which reports actually represent an exploitable attack vector. The foundation said a significant share of the resulting patches addressed critical or high-severity issues, many closed before external researchers under bug-bounty programs found them.

Firefox is among the first large open-source projects to say it has 'completely bought in' on AI-assisted bug discovery. Google's Big Sleep and Microsoft's Copilot Security efforts pursue a similar approach, although their false-positive rates have not been publicly detailed in comparable terms. Mozilla said it would publish Mythos's methodology and bug taxonomy for outside researchers in the coming weeks.

This article is an AI-curated summary based on Ars Technica. The illustration is a stock photo by Tima Miroshnichenko from Pexels.