The zero days are numbered

Since February, the Firefox team has been working around the clock using frontier AI models to detect and fix latent security vulnerabilities in the browser. We previously wrote about our collaboration with Anthropic to scan Firefox with Opus 4.6, which resulted in fixes for 22 security-sensitive bugs in Firefox 148.

As part of our ongoing collaboration with Anthropic, we had the opportunity to deploy an early version of Claude Mythos Preview on Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.

As these capabilities reach the hands of more defenders, many other teams are now experiencing the same vertigo we had when the findings first came into focus. For a hardened target, just one such mistake in 2025 would have been a red alert, and so many at once makes you wonder if it’s even possible to keep up.

Our experience is a hopeful one for teams shaking off the vertigo and getting to work. You may have to reprioritize everything else to bring relentless and single-minded focus to the task at hand, but there is light at the end of the tunnel. We are extremely proud of how our team rose to meet this challenge, and so will others. Our work is not done yet, but we have turned the corner and can see a future much better than just keeping up. Defenders finally have a chance to win, decisively.

Until now, the industry has largely fought against security. Vendors of critical Internet-exposed software like Firefox take security extremely seriously and have teams of people who get out of bed every morning thinking about how to keep users safe. However, we all quietly acknowledged for a long time that bringing exploits to zero was an unrealistic goal. Instead, we aimed to make it so expensive that only actors with functionally unlimited budgets could afford it, and that the cost of burning such an expensive asset would discourage those actors from casual use.

This is because security to date has been offensive-dominant: the attack surface is not infinite, but it is large enough to be difficult to comprehensively defend with the tools we have available. This gives attackers an asymmetric advantage, as they only have to find one chink in the armor.

We use defense-in-depth to apply multiple layers of overlapping defenses, but no layer is bulletproof. Firefox runs each website in a separate sandbox process, but attackers try to combine bugs in the rendering code with bugs in the sandbox to escape to a more privileged context. We’ve led the industry in building and adopting Rust, but we still can’t afford to stop everything to rewrite decades of C++ code, especially since Rust only mitigates certain (very common) classes of vulnerabilities.

We pair defense-in-depth engineering with an in-house networking team tasked with staying on the cutting edge of automated analysis techniques. Until recently, this was largely dynamic analysis techniques such as fuzzing. Fuzzing is quite fruitful in practice, but some parts of the code are harder to fuzz than others, resulting in uneven coverage.

Elite security researchers find bugs that fuzzers largely can’t by reasoning through the source code. It is effective, but time-consuming and bottlenecks on scarce human expertise. Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience dissecting the work of the world’s best security researchers, and Mythos Preview is just as capable. So far, we haven’t found any category or complexity of vulnerability that people can find that this model can’t.

This may feel scary in the immediate term, but it’s ultimately good news for defenders. A gap between machine-discoverable and human-discoverable bugs favors the attacker, who can concentrate many months of expensive human effort to find a single bug. Closing this gap erodes the attacker’s long-term advantage by making all discoveries cheap.

It’s encouraging that we haven’t seen any bugs either couldn’t was found by an elite human researcher. Some commentators predict that future AI models will detect entirely new forms of vulnerabilities that challenge our current understanding, but we don’t think so. Software like Firefox is designed in a modular way so that people can argue about its correctness. It is complex, but not arbitrarily complex¹.

The flaws are finite, and we enter a world where we can finally find them all.

¹ There is a risk that codebases begin to exceed human understanding due to more AI in the development process, scaling bug complexity along with (or perhaps faster than) discovery capability. Human intelligibility is an essential feature to maintain, especially in critical software such as browsers and operating systems.

The post The zero days are numbered first appeared on The Mozilla Blog.