Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Amidst anger Debate about influence that new artificial intelligence models will be applied to cybersecurity, Mozilla It said Tuesday that its Firefox 150 browser will be released this week Protection included 271 vulnerabilities were identified using early access Preview Anthropic Myths. the Firefox The team says it requires resources and discipline to adapt to the range of bugs that the new AI tools can detect, but this significant uplift is necessary for the security of Mozilla users, given that the capabilities will inevitably be in the hands of attackers soon.
both of them Anthropic and OpenAI The company has announced new models of artificial intelligence in recent weeks, which the companies say have advanced cybersecurity capabilities, and which could represent a turning point in how defenders — and, more importantly, attackers — find vulnerabilities and misconfigurations in software systems. With this in mind, the two companies have so far only conducted limited special editions of their new models, and both companies have also convened industry working groups aimed at assessing progress and developing strategies. However, in practice, cybersecurity experts have a range of views on how important new capabilities are.
Mozilla’s experience shows that, at least in the short term, AI tools like Mythos Preview can have a profound impact on vulnerability hunters.
“Our belief is that tools have changed things dramatically, because we now have automated techniques that can cover, as far as we can tell, the full spectrum of bugs causing vulnerabilities,” says Bobby Holley, chief technology officer at Firefox. For years, he says, Firefox and other organizations have relied on a range of automated vulnerability scanning techniques, such as… Software obfuscationManual scanning of vulnerabilities by internal and external researchers to find and fix defects. The attackers had the same tools and methods at their disposal.
“There were classes of bugs that you could find through human analysis that you couldn’t find through automated analysis, and so, it was always possible if you were a threat actor and you were willing to spend several million dollars to find a bug — we tried to raise the price of that as high as possible,” Holley says.
Holley now says emerging AI capabilities will create a kind of boot camp that all software will have to go through in one way or another to find and fix a set of vulnerabilities lurking in their code. Companies like Anthropic and OpenAI appear to be trying to convince as many of the major players as possible to make this overhaul before the capabilities become more widely available.
“Every piece of software is going to have to make this shift, because every piece of software has a lot of bugs buried beneath the surface that can now be discovered,” says Firefox’s Holley. “This is a difficult transitional moment and it takes coordinated focus and a lot of persistence to get through it, but I think it’s a finite moment, even as the models become more advanced. Maybe the more advanced models will find some things here or there, but I think we, at least on the Firefox side, having had some head start here, have rounded the curve.”
Holley says the Firefox team gained access to Mythos Preview as part of a direct collaboration with Anthropic and that Mozilla is not officially part of its larger consortium, called Project Glasswing.
Firefox is open source software, a type of software that could be particularly affected by new AI bug-hunting capabilities since many open source projects are widely used and relied upon around the world, yet are often maintained by a very small group of volunteers or just one person. The effects can be particularly significant for “abandoned software” that is no longer maintained at all.