Skip to content
How I AIHow I AI

How Mozilla Uses Claude Mythos to find Firefox bugs before hackers do

Brian Grinstead is a distinguished engineer at Mozilla, where he’s worked on Firefox and the web platform since 2013 (he joined to help launch Firefox DevTools). Recently he and his team pointed an agentic bug-finding pipeline at Firefox—a codebase with tens of thousands of files and tens of millions of lines of code—and shipped a record month of security fixes. The viral chart everyone saw gave the credit to Anthropic’s new Mythos model. Brian’s take is that the harness and pipeline did just as much of the work, and he walks through exactly how it runs and how anyone can build a starter version. *What you’ll learn:* 1. How to build a basic bug-finding harness by running Claude Code or Codex with one prompt and the -p flag, no SDK required 2. Why pointing an agent at a whole codebase fails, and how an LLM judge can score and rank files before you spend any compute 3. How a verifier subagent kills false positives by catching the agent when it cheats 4. The goal-loop pattern: give an agent a tightly scoped problem, a clear pass/fail signal, and let it retry far past the point a human would quit 5. Why teams that already invested in fuzzing, CI, and dev tooling are so far ahead 6. How to weigh model versus harness, and why Brian splits the credit close to 50-50 7. How a non-engineer can reuse the same score, verify, and fix the loop for design quality, conversion rate, or tech debt 8. Why AI-generated patches still can’t ship on their own, and where humans stay in the loop *Brought to you by:* WorkOS—Make your app enterprise-ready today Metaview—The agentic recruiting platform for winning teams *In this episode, we cover:* (00:00) Introduction to Brian Grinstead (02:43) The viral chart: Firefox Security Bug Fixes by Month (05:32) How the custom harness works (10:22) Goal loops and guardrails (14:45) How they built it (16:55) Real bugs, including a 15-year-old one (23:00) Open-sourcing it (26:26) Why humans still review every fix (32:30) Live demo and prioritizing files (40:18) Mobilizing the team and recap (42:33) Lightning round *Tools referenced:* • Claude Code: https://claude.ai/code • Claude Agent SDK: https://code.claude.com/docs/en/agent-sdk/overview • Codex: https://openai.com/index/openai-codex/ • OpenAI Agent SDK: https://developers.openai.com/api/docs/guides/agents • VS Code: https://code.visualstudio.com/ • Docker: https://www.docker.com/ • Firefox: https://www.mozilla.org/firefox/ • Address Sanitizer: https://github.com/google/sanitizers • RLBox: https://rlbox.dev/ *Other references:* • Mozilla Bug Bounty Program: https://www.mozilla.org/security/bug-bounty/ • Mozilla GitHub: https://github.com/mozilla *Where to find Brian Grinstead:* LinkedIn: https://www.linkedin.com/in/bgrins/ GitHub: https://github.com/bgrins *Where to find Claire Vo:* ChatPRD: https://www.chatprd.ai/ Website: https://clairevo.com/ LinkedIn: https://www.linkedin.com/in/clairevo/ X: https://x.com/clairevo _Production and marketing by https://penname.co/._ _For inquiries about sponsoring the podcast, email jordan@penname.co._

Brian GrinsteadguestClaire Vohost
Jun 22, 202648mWatch on YouTube ↗

CHAPTERS

  1. Why Firefox bug-finding can’t be “one shot”: scale, context, and tedium

    Brian Grinstead frames the core challenge: Firefox’s massive codebase makes it impossible to ask an LLM to find all bugs in one pass. The conversation highlights why agents excel at tedious, exhaustive exploration that humans struggle to sustain.

  2. The viral spike chart—and the real story behind it (Mythos vs. system design)

    Claire and Brian unpack the “Firefox security fixes by month” spike and challenge the simplistic narrative that a single model (Mythos) caused it. Brian argues the harness and pipeline improvements were at least as important as model advances.

  3. What a “harness” is: turning an LLM into a tool-using bug hunter

    Brian defines the harness as the orchestration layer that gives an LLM tools (shell, build, browser, fuzzing infra) and a goal. This moves from “brain in a jar” chat to an agent that can measure outcomes and iterate.

  4. Inside Mozilla’s agentic loop: file targeting → exploit attempts → fuzzing signal → structured output

    They walk through the flow: prioritize files, run an analyzer agent with a target file, generate HTML test cases, and validate via existing fuzzing/ASan infrastructure. A verifier agent filters out “wonky” agent behavior to drive false positives near zero.

  5. Goal loops and guardrails: making relentless iteration safe and useful

    Claire connects Mozilla’s approach to goal/outcome loops and emphasizes guardrails to prevent shortcut solutions. Brian explains how prompt tuning and verifier feedback evolved from log review and engineer feedback.

  6. Building it in practice: Claude Agent SDK, Codex options, and why vendor harnesses matter

    Brian details implementation choices: starting with the Claude Agent SDK (Claude Code JSON streaming mode), exploring Codex integrations, and considering model-agnostic frameworks. He argues vendor harnesses are often best-tuned but defenders should test across models to mirror attacker diversity.

  7. From detection to fixes: patching agent, verification, and why humans still review

    They describe extending the system to generate patches, rebuild, and confirm the crash is gone. Despite automation, expert engineers review because agents can be overly narrow and miss related fixes across the codebase.

  8. Real-world wins: reproducible HTML exploits and a 15-year-old bug archeology

    Brian showcases the kind of reports that now matter: not just analysis, but a working repro HTML file that triggers a real crash. He also highlights an “archeology” win—using agents to trace when an old vulnerability was introduced despite file renames and history complexity.

  9. Open-sourcing the tooling and the importance of a crisp verification signal

    Mozilla open-sources parts of the tooling so researchers and defenders can test and adapt it. Brian stresses that many teams lack a binary verification signal like ASan crashes, so defining measurable success/failure criteria becomes essential.

  10. Live demo: from “just a prompt” to a full harness run with structured outputs

    Brian demonstrates a minimal V1 approach—running Claude Code with a prompt and JSON streaming—and a more capable V2 harness with tool access and verifier output. The demo illustrates how approachable the first step is, then why richer tooling is needed for non-trivial bugs.

  11. How Mozilla prioritizes where agents look: LLM scoring + simple heuristics

    They explain the practical constraint: you must choose targets. Mozilla uses a lightweight LLM “judge” to score files on likelihood of memory safety issues and web reachability, then combines it with operational heuristics (duplicates, prior runs) to allocate compute effectively.

  12. Mobilizing Mozilla: incident-response intensity and high-actionability reports

    Brian describes a rapid, high-volume push resembling incident response: many engineers coordinated to land fixes quickly. The key enabler was not just quantity but the high actionability of verified, reproducible reports.

  13. Lightning round: model vs harness, security optimism, and prompting style

    In closing, Brian estimates the impact as roughly “both” (a pragmatic 50/50) and expresses cautious optimism: AI improves bug discovery for defenders too. He shares pragmatic prompting habits—hands-on control for writing, tone-shifting for creative vs. ops tasks, and simple corrective nudges for bad code.

Get more out of YouTube videos.

High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.

iOSAndroidClaudeChrome