Holley writes that by identifying bugs so efficiently, AI tools like Mythos tip the balance of cybersecurity in favor of defenders, making it cheaper for both parties to benefit when vulnerabilities are discovered. “Computers were completely incapable of doing this a few months ago, and now they excel at it,” Holley writes. “We have years of experience curating the work of the world’s best security researchers, and Mythos Preview delivers.”
In Interview with WiredFrom here on out, this kind of AI-powered vulnerability analysis is “something that every piece of software (will be dealing with) because every piece of software has so many bugs buried under the surface that can now be discovered,” Holley said. While it’s possible that future models more advanced than Mythos will be able to find bugs that current models miss, Holley said he’s confident that “at least on the Firefox side, we’ve rounded the curve after making some progress here.”
Getting past AI-powered defensive gauntlets can be especially important for the open source projects that underpin much of the modern Internet. This is both because their public codebases are easier for AI systems to probe for vulnerabilities, and because many such projects use insufficient volunteer maintenance for their security.
In a New York Times essay last weekMozilla CTO Raffi Krikorian argued that the human difficulty in both finding bugs and writing complex software created a sort of balance in cyberthreat investigations where Mythos could be wide open. “A programmer who gave 20 years of his life to maintain (open source) code that works inside products used by billions of people? He doesn’t have access to Mythos yet. He should,” Krikorian wrote.
