scripod.com
How Claude Mythos found a 15-year-old bug in Mozilla Firefox | Brian Grinstead

Overview

Shownote

Highlights

Transcript

Chapters

Pins

How Claude Mythos found a 15-year-old bug in Mozilla Firefox | Brian Grinstead

How I AI

4 DAYS AGO
How I AI

How I AI

4 DAYS AGO
OverviewShownoteHighlightsTranscriptChaptersPins

Shownote

Brian Grinstead is a distinguished engineer at Mozilla, where he’s worked on Firefox and the web platform since 2013 (he joined to help launch Firefox DevTools). Recently he and his team pointed an agentic bug-finding pipeline at Firefox—a codebase with te...

Highlights

Brian Grinstead, a distinguished engineer at Mozilla, details how his team leveraged an agentic AI pipeline to uncover nearly 500 security bugs in Firefox, including a 15-year-old vulnerability. He emphasizes that the custom harness and pipeline were as crucial as the AI model itself, and provides a step-by-step breakdown of how the system works.
00:00
AI agents excel at relentless, tedious code archaeology
02:43
The key was building a better bug-finding harness and pipeline.
08:23
A verifier agent catches false positives
10:23
Relentless tedium is a feature, not a bug.
16:55
Running multiple models is important for security
22:10
AI agent generates a test HTML file to reproduce the bug
23:01
Define crystal-clear verification signals for AI bug-finding.
29:11
Human engineers are still needed to identify patterns and architect global fixes.
35:40
A simple LLM judge scores files based on risk and accessibility.
40:18
AI found a 15-year-old Firefox bug.
42:33
AI helps defenders find long-standing bugs.

Chapters

Introduction to Brian Grinstead
00:00
The viral chart: Firefox Security Bug Fixes by Month
02:43
How the custom harness works
05:32
Goal loops and guardrails
10:22
How they built it
14:45
Real bugs, including a 15-year-old one
16:55
Open-sourcing it
23:00
Why humans still review every fix
26:26
Live demo and prioritizing files
32:30
Mobilizing the team and recap
40:18
Lightning round
42:33

Transcript

Brian Grinstead: Firefox has tens of thousands of source code files and tens of millions of lines of code. It's not possible to say one shot. Go find all the potential bugs in this project. It's way too much context for the model. Claire Vo: I think peopl...