Mozilla published the engineering postmortem for how Anthropic’s Claude Mythos found 271 real vulnerabilities in unreleased Firefox 150 code with what their own engineers describe as “almost no false positives.”
https://sharedsapience.com/the-century-report-may-8-2026/
The Mythos numbers were already public when The Century Report covered Mozilla’s initial disclosure in late April. What is new is the postmortem itself - a detailed engineering account of the agent harness Mozilla built around Mythos, the prompts, the Firefox build environment the agent accessed, and the machine-verifiable success criterion: cause the build to crash. Mozilla’s engineers describe earlier AI vulnerability work as producing “unwanted slop” - hallucinated bug reports at scale. The harness is what made the capability defensive rather than noisy. The model sits behind restricted access; the harness is now a published document. The next defensive security team can adapt it without negotiating frontier-model access first.
The same day, Oasis Security disclosed a critical vulnerability in Cline rated 9.7 out of 10. Any website a developer visits while Cline is running can silently exfiltrate workspace data and inject commands into the AI coding agent’s terminal through unauthenticated WebSocket endpoints. The localhost-as-trust-boundary assumption was inherited from a generation of tools where it was true. AI coding agents broke it months ago, and the audit pattern Oasis Security demonstrated against OpenClaw and now Cline is becoming a recoverable template.
OpenAI launched Trusted Contact, letting adult ChatGPT users designate someone who gets notified when conversations indicate serious safety concerns. The boundary moved from inside the model to inside the relationship. A Tohoku University clinical trial showed lubiprostone - a common, inexpensive constipation medication - slows chronic kidney disease decline through a previously unrecognized gut-microbiome-spermidine pathway, opening a new low-cost treatment option for a condition affecting hundreds of millions worldwide. A Lancet study screened 2.5 million biomedical papers and found 12 times more publications with fabricated citations in 2025 than 2023 - an audit that did not exist three years ago, run as a single analysis. Cobalt’s penetration testing report found 32% of AI security findings rated high risk with only 38% remediated. F5 found 77% of enterprises now prioritize AI inference over training.
Additional Reading:
* Ars Technica - Mozilla says 271 vulnerabilities found by Mythos have “almost no false positives”: https://arstechnica.com/information-technology/2026/05/mozilla-says-271-vulnerabilities-found-by-mythos-have-almost-no-false-positives/
* Infosecurity Magazine - Cline Kanban Flaw Lets Websites Hijack AI Coding Agents: https://www.infosecurity-magazine.com/news/cline-kanban-websocket-hijack-ai/
* The Verge - ChatGPT’s ‘Trusted Contact’ will alert loved ones of safety concerns: https://www.theverge.com/ai-artificial-intelligence/925874/chatgpt-trusted-contact-emergency-self-harm-notification
* Nature - Surge in fake citations uncovered by audit of 2.5 million biomedical science papers: https://www.nature.com/articles/d41586-026-00748-w
* Shared Sapience - The Last Difficult Decade: 2025-2035: https://sharedsapience.com/the-last-difficult-decade-2025-2035/
Want to track and verify all the “everything is changing” claims I’m making? I just launched a public Progress & Claims Tracker that logs breakthroughs, slowdowns, and outright contradictions, so my own theses can be challenged by the evidence as it lands. Check it out. And hey, why not subscribe while you’re there?https://sharedsapience.com/progress-and-claims-tracker/
The Century Report is a facts-rooted, and therefore relentlessly optimistic, daily briefing on AI, science, energy, and the systems reshaping civilization - grounded by rigorous evidence from the stories of exponential progress happening every single day. Completely free. New release daily. Archives can be found at the link below. Subscribe to get TCR delivered daily directly to your inbox.
https://sharedsapience.com/century-report/
The Shared Sapience Substack:
Want to get started with learning about or working with AI?
I’ve helped hundreds of clients with their own journeys into this brave new world, and I can help you too. If you’re interested in personalized guidance, consulting, or workshops, reach out to me at ben@sharedsapience.com
FOLLOW SHARED SAPIENCE ON SOCIAL:
Bluesky: https://bsky.app/profile/sharedsapience.substack.com
Facebook: https://www.facebook.com/sharedsapience
Instagram: https://www.instagram.com/sharedsapience/
LinkedIn: https://www.linkedin.com/company/shared-sapience/
Threads: https://www.threads.com/@sharedsapience
TikTok: https://www.tiktok.com/@sharedsapience
X (Twitter): https://x.com/SharedSapience
SUBSCRIBE TO THE PODCAST:
YouTube: https://www.youtube.com/@SharedSapience/podcasts
RSS: https://podcast.sharedsapience.com/podcast/rss.xml
Spotify:
Apple:
