As my coworker succinctly put it, "nobody uses Firefox anymore."
I don't know if hundreds of millions of people is exactly, "nobody" but I personally agree that open source software is just going to crush closed source for exactly the reasons we're seeing unfold in front of us; you can audit and correct incorrect behavior for the benefits of all.
For closed-source, I'd expect defenders to have a greater advantage because they can run Mythos on the source code, while attackers only get an opaque API/protocol to try messing with.
Last three CVEs are collections of bugs. CVE-2026-6784 is a collection of 55 bugs. CVE-2026-6785 is a collection of 154 bugs. CVE-2026-6786 is a collection of 107 bugs.
As for credits, I think bugs are ultimately credited to people, and this time Mozilla people used Mythos, as opposed to Anthropic people using Opus or Mythos.
Apropos of anything else, I do like that if one of the big bullet points of Mythos is security, that in their list of "preview users" Anthropic chose orgs like Firefox who might have the largest blast radii, and are the most tempting of targets.
Big news here, I think, is that they agree with Anthropic's prediction that it's a transitory issue, and expect to come out the other end more secure after fixing a finite number of bugs. Not looking forward to my turn at the firehose, but it could have been a lot worse.
As my coworker succinctly put it, "nobody uses Firefox anymore."
I don't know if hundreds of millions of people is exactly, "nobody" but I personally agree that open source software is just going to crush closed source for exactly the reasons we're seeing unfold in front of us; you can audit and correct incorrect behavior for the benefits of all.
For closed-source, I'd expect defenders to have a greater advantage because they can run Mythos on the source code, while attackers only get an opaque API/protocol to try messing with.
To some extent yes, but models are good at reverse engineering such that it isn't as great advantage as you might think.
I use Firefox + uBlock Origin because it give me complete control over what I see.
Same.
So where are they, then? Am I misunderstanding the process and this stuff is kept under wraps even after release?
There's three CVEs in today's security advisory that mention Anthropic.
https://www.mozilla.org/en-US/security/advisories/mfsa2026-3...
There's also no write-up I can see that distinguishes to what extent this is the work of the seven people credited alongside Mythos.
Last three CVEs are collections of bugs. CVE-2026-6784 is a collection of 55 bugs. CVE-2026-6785 is a collection of 154 bugs. CVE-2026-6786 is a collection of 107 bugs.
As for credits, I think bugs are ultimately credited to people, and this time Mozilla people used Mythos, as opposed to Anthropic people using Opus or Mythos.
What they did not say is how many of these vulnerabilities were addressed by LLM-created fixes, if any.
Apropos of anything else, I do like that if one of the big bullet points of Mythos is security, that in their list of "preview users" Anthropic chose orgs like Firefox who might have the largest blast radii, and are the most tempting of targets.
Big news here, I think, is that they agree with Anthropic's prediction that it's a transitory issue, and expect to come out the other end more secure after fixing a finite number of bugs. Not looking forward to my turn at the firehose, but it could have been a lot worse.