Just one month ago, Anthropic's best model found 22 security bugs in Firefox. This month, its newest model found 271. That is not a typo, and it is not a minor improvement — it is a signal that something genuinely different is happening in AI-assisted cybersecurity.
The model in question is called Mythos Preview, and Anthropic initially released it only to a small group of industry partners, citing its unusual capability in finding security vulnerabilities. Skeptics rolled their eyes, assuming the company was spinning a routine capability jump into a marketing moment. Then Mozilla showed up with receipts.
Firefox CTO Bobby Holley confirmed this week that Mythos Preview analyzed the unreleased source code for Firefox 150 and surfaced 271 security vulnerabilities before the browser ever shipped. Those are bugs that, left unpatched, could have become weapons. Finding them before release is exactly the kind of asymmetric advantage defenders have been chasing for decades.
For context, Holley noted that the previous Anthropic model used for a similar exercise on Firefox 148 found 22 bugs. The jump to 271 is not just a bigger number — it represents a qualitative shift in what these systems can do when pointed at complex, real-world codebases.
Holley was careful to note that the vulnerabilities Mythos found were theoretically discoverable through other means — either automated fuzzing techniques or a highly skilled human security researcher working methodically through the code. The difference is cost and time. What once required months of concentrated expert effort can now happen in a fraction of the time, at a fraction of the price.
That economics shift is the real story here. Cybersecurity has always been an asymmetric fight where attackers only need to find one hole and defenders need to find all of them. If AI dramatically lowers the cost of finding bugs, it helps both sides — but defenders benefit more, because they have legitimate access to the source code they are trying to protect.
Holley put it plainly: computers were simply incapable of this kind of reasoning a few months ago. Now they are performing at the level of elite human researchers. That is a remarkable sentence to say out loud in 2025, and the fact that it is backed by 271 real, documented vulnerabilities makes it hard to dismiss.
The implications stretch well beyond Firefox. Holley told Wired that every piece of software is going to need to engage with this kind of AI-assisted analysis going forward, because every codebase is sitting on a backlog of undiscovered bugs that are now suddenly findable. That is a profound statement about the nature of software security as we have known it.
The stakes are especially high for open source projects. Their codebases are publicly accessible, which makes them easier for AI to analyze — but it also means attackers have the same access. Many open source projects that power critical internet infrastructure run on skeleton-crew volunteer maintenance. AI-assisted vulnerability scanning could be a lifeline for projects that cannot afford dedicated security teams, closing gaps that have quietly existed for years.
POLICY
Gas-Powered Data Centers Linked to OpenAI and Meta Could Rival Nations' Emissions
Eleven data center campuses. More greenhouse gas emissions than the entire country of Morocco. That is the math sitting inside a set of state air permit applications that most people will never read — and it covers only the projects we currently know about.
Wired reviewed permit documents tied to natural gas infrastructure being built specifically to power data centers operated by or connected to some of the biggest names in AI: OpenAI, Meta, Microsoft, and Elon Musk's xAI. The combined potential emissions from just these 11 projects clock in at over 129 million tons of greenhouse gases per year. To put that in perspective, Morocco — a country of 37 million people — emitted less than that in all of 2024.
What makes this particularly striking is how these projects are structured. Rather than connecting to the public grid, the companies are building their own dedicated natural gas power generation on-site — a setup called behind-the-meter power. It lets them bypass the queue for utility connections, sidestep public pushback over rising energy bills, and get their facilities running faster. It also means their emissions sit outside the normal utility accounting frameworks most people use to track the energy sector's climate impact.
The most contentious example is xAI's Colossus campus in Memphis, Tennessee, where gas turbines were quietly installed and running before regulators had formally approved them. The community surrounding the campus — a predominantly low-income Black neighborhood — organized protests over air quality concerns. The EPA eventually signed off on the turbines, and last month regulators approved a second xAI campus in Southaven, Mississippi, over similar community objections. The NAACP filed a lawsuit against xAI last week alleging illegal operation of the turbines.
The emissions numbers from just the two xAI campuses alone are staggering. Permit applications for both Colossus sites show potential output exceeding 6.4 million tons of CO2-equivalent each, per year. Together, that is roughly what 30 average natural gas plants produce — or enough energy to power 1.5 million homes, entirely dedicated to one company's AI ambitions.
Clean energy researcher Michael Thomas, who has been tracking these permits across the country, describes the trend as a jarring reversal of the trajectory the energy sector had been on. For years, the story was coal plants retiring, gas plants winding down, renewables ramping up. AI infrastructure is now punching a new hump into that curve.
The uncomfortable tension here is hard to ignore. The same AI systems being celebrated for finding security vulnerabilities, accelerating drug discovery, and boosting productivity are also quietly justifying the construction of fossil fuel infrastructure that will run for decades. The industry has made serious pledges around clean energy procurement, but permits are being filed and turbines are being installed right now, not in some future clean energy scenario.
This is not a hypothetical climate risk. The concrete is being poured.
Source: WIRED
Wired reviewed permit documents tied to natural gas infrastructure being built specifically to power data centers operated by or connected to some of the biggest names in AI: OpenAI, Meta, Microsoft, and Elon Musk's xAI. The combined potential emissions from just these 11 projects clock in at over 129 million tons of greenhouse gases per year. To put that in perspective, Morocco — a country of 37 million people — emitted less than that in all of 2024.
What makes this particularly striking is how these projects are structured. Rather than connecting to the public grid, the companies are building their own dedicated natural gas power generation on-site — a setup called behind-the-meter power. It lets them bypass the queue for utility connections, sidestep public pushback over rising energy bills, and get their facilities running faster. It also means their emissions sit outside the normal utility accounting frameworks most people use to track the energy sector's climate impact.
The most contentious example is xAI's Colossus campus in Memphis, Tennessee, where gas turbines were quietly installed and running before regulators had formally approved them. The community surrounding the campus — a predominantly low-income Black neighborhood — organized protests over air quality concerns. The EPA eventually signed off on the turbines, and last month regulators approved a second xAI campus in Southaven, Mississippi, over similar community objections. The NAACP filed a lawsuit against xAI last week alleging illegal operation of the turbines.
The emissions numbers from just the two xAI campuses alone are staggering. Permit applications for both Colossus sites show potential output exceeding 6.4 million tons of CO2-equivalent each, per year. Together, that is roughly what 30 average natural gas plants produce — or enough energy to power 1.5 million homes, entirely dedicated to one company's AI ambitions.
Clean energy researcher Michael Thomas, who has been tracking these permits across the country, describes the trend as a jarring reversal of the trajectory the energy sector had been on. For years, the story was coal plants retiring, gas plants winding down, renewables ramping up. AI infrastructure is now punching a new hump into that curve.
The uncomfortable tension here is hard to ignore. The same AI systems being celebrated for finding security vulnerabilities, accelerating drug discovery, and boosting productivity are also quietly justifying the construction of fossil fuel infrastructure that will run for decades. The industry has made serious pledges around clean energy procurement, but permits are being filed and turbines are being installed right now, not in some future clean energy scenario.
This is not a hypothetical climate risk. The concrete is being poured.
Enjoyed this?
Get stories like this delivered every Tuesday — free.