SAN FRANCISCO — Mozilla Corporation announced Thursday an expanded collaboration with Anthropic to deploy AI-assisted security scanning across the full Firefox codebase, building on the success of a pilot programme that used Anthropic's Mythos system to identify and remediate 151 distinct software vulnerabilities in the open-source browser.

The partnership, confirmed at a joint press briefing in San Francisco, moves beyond the initial bug-finding trial to establish a continuous integration pipeline in which Anthropic's large language model tooling analyses code commits in near-real time and flags potential security regressions before they reach Firefox's stable channel. Mozilla engineers said the system had already been integrated into the browser's Nightly build infrastructure on a limited basis, with Thursday's announcement formalising the arrangement and extending it to the Extended Support Release track used by enterprise and government clients.

Mozilla's Chief Security Officer noted that the 151 bugs identified during the pilot ranged from memory safety issues in legacy C++ components to logic errors in JavaScript engine optimisation paths — classes of vulnerability that traditional static analysis tools had repeatedly missed. 'This is not replacing our engineers,' she said. 'It is giving them a co-pilot that never gets tired and never skips the edge cases.'

Anthropic, which has been expanding Mythos as a commercial code-analysis product following its initial deployment in internal red-teaming workflows, said the Mozilla engagement represents the first publicly announced third-party integration of the system in a major open-source project. The company indicated pricing would be offered on a consumption basis, calibrated to repository size and commit volume, positioning it against established competitors such as GitHub Advanced Security and Synopsys Coverity.

Security researchers welcomed the announcement but raised questions about transparency. The Electronic Frontier Foundation and several independent Firefox contributors called on Mozilla to publish the full methodology and any false-positive rates from the pilot, arguing that independent verification was essential given that AI-generated code assessments can embed systematic blind spots. Mozilla said it planned to release an audit report to its public bug tracker within 30 days, consistent with its open-source governance commitments.