使用 Claude Mythos 预览版强化 Firefox 后台安全机制Behind the Scenes Hardening Firefox with Claude Mythos Preview
Mozilla 利用 Claude Mythos 预览版的访问权限,成功识别并修复了数百个 Firefox 浏览器中的安全漏洞。AI 生成的漏洞报告质量显著提升,从过去多为误报或低质量问题转变为精准、可操作的修复建议。该项目展示了大模型在开源软件安全审计中的巨大潜力,为大规模自动化漏洞检测提供了可行路径。
Simon Willison
7th May 2026 - Link Blog
Behind the Scenes Hardening Firefox with Claude Mythos Preview (via) Fascinating, in-depth details on how Mozilla used their access to the Claude Mythos preview to locate and then fix hundreds of vulnerabilities in Firefox:
Suddenly, the bugs are very good Just a few months ago, AI-generated security bug reports to open source projects were mostly known for being unwanted slop. Dealing with reports that look plausibly correct but are wrong imposes an asymmetric cost on project maintainers: it’s cheap and easy to prompt an LLM to find a “problem” in code, but slow and expensive to respond to it. It is difficult to overstate how much this dynamic changed for us over a few short months. This was due to a combination of two main factors. First, the models got a lot more capable. Second, we dramatically improved our techniques for harnessing these models — steering them, scaling them, and stacking them to generate large amounts of signal and filter out the noise.
They include some detailed bug descriptions too, including a 20-year old XSLT bug and a 15-year-old bug in the <legend> element.
A lot of the attempts made by the harness were blocked by Firefox's existing defense-in-depth measures, which is reassuring.
Mozilla were fixing around 20-30 security bugs in Firefox per month through 2025. That jumped to 423 in April.
需要完整排版与评论请前往来源站点阅读。