Start using agents to harden your code NOW

If you build software for a living, go read Brian Grinstead, Christian Holler, Frederik Braun’s article “Behind the Scenes Hardening Firefox with Claude Mythos Preview” right now.

Suddenly, the bugs are very good

Just a few months ago, AI-generated security bug reports to open source projects were mostly known for being unwanted slop. Dealing with reports that look plausibly correct but are wrong imposes an asymmetric cost on project maintainers: it’s cheap and easy to prompt an LLM to find a “problem” in code, but slow and expensive to respond to it.

It is difficult to overstate how much this dynamic changed for us over a few short months. This was due to a combination of two main factors. First, the models got a lot more capable. Second, we dramatically improved our techniques for harnessing these models — steering them, scaling them, and stacking them to generate large amounts of signal and filter out the noise.

This is Firefox — a team not exactly known for showeing commercial entities with praise — shouting about going from 20 security fixes a month to 423!

This is what your attackers are about to be exploiting.

As the authors continue:

Anyone building software can start using a harness with a modern model to find bugs and harden their code today. We recommend getting started now. You will find bugs, and you will set yourself up to take advantage of new models as soon as they become available.

Seriously. Right. Fucking. Now.