Mozilla introduces cq, describing it as 'Stack Overflow for agents'
(2026/03/24)
- Reference: 1774353133
- News link: https://www.theregister.co.uk/2026/03/24/mozilla_introduces_cq_stack_overflow/
- Source link:
Mozilla is building cq - described by staff engineer Peter Wilson as "Stack Overflow for agents" - as an open source project to enable AI agents to discover and share collective knowledge.
[1]According to Wilson, "agents run into the same issues over and over," causing unnecessary work and token consumption while those issues are diagnosed and fixed. Using cq, the agents would first consult a database of shared knowledge, as well as contributing new solutions.
Currently agents can be guided using context files such as agents.md, skill.md or claude.md (for Anthropic's Claude Code), but Wilson argues for "something dynamic, something that earns trust over time rather than relying on static instructions."
[2]
The [3]code for cq , which is written in Python and is at an exploratory stage, is for local installation and includes plug-ins for Claude Code and OpenCode. The project includes a Docker container to run a Team API for a network, a SQLite database, and an MCP (model context protocol) server.
[4]
[5]
According to the [6]architecture document , knowledge stored in cq has three tiers: local, organization, and "global commons," this last implying some sort of publicly available cq instance. A knowledge unit starts with a low confidence level and no sharing, but this confidence increases as other agents or humans confirm it.
Might Mozilla host a public instance of cq? "We've had some conversations internally about a distributed vs. centralized commons, and what each approach could mean for the community," Wilson told us.
[7]
"Personally speaking, I think it could make sense for Mozilla.ai trying to help bootstrap cq by initially providing a seeded, central platform for folks that want to explore a shared public commons. That said, it needs to be done pragmatically, we want to validate user value as quickly as possible, while being mindful of trade-offs/risk that come along with hosting a central service."
[8]
Workflow for cq, including agent and human interaction - click to enlarge
The project has obvious vulnerability to poisoned content and prompt injection, where agents are instructed to perform malicious tasks. The paper references anti-poisoning mechanisms including anomaly detection, diversity requirements (confirmation from various sources), and HITL (human in the loop) verification.
Nevertheless, developers immediately focused on security as the primary problem with the cq concept. "Sounds like a nice idea right up till the moment you conceptualize the possible security nightmare scenarios," [9]said one.
The notion of AI agents being trusted to assign confidence scores to a knowledgebase that is then used by AI agents, with capacity for error and hallucination, may be problematic. HITL can oversee it, but as [10]noted recently at QCon, there are "strong forces tempting humans out of the loop."
Regarding Stack Overflow, Wilson uses the word matriphagy – where offspring consume their mother – to describe its decline. "LLMs [large language models] via Agents committed matriphagy on Stack Overflow," he wrote. "Agents now need their own Stack Overflow."
[11]Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns
[12]Firefox taps Anthropic AI bug hunter, but rancid RAM still flipping bits
[13]Firefox 149 beta develops a split personality
[14]30+ Chrome extensions disguised as AI chatbots steal users' API keys, emails, other sensitive data
Stack Overflow questions are in [15]precipitous decline , though the company now has an [16]MCP server for its content and is also positioning its private Stack Internal product as a way of providing knowledge for AI to use.
Why is Mozilla doing this? According to its [17]State of Mozilla report, the non-profit is "rewiring Mozilla to do for AI what we did for the web." Mozilla.ai is part of the Mozilla Foundation and has projects including Octonous for managing AI agents, and any-llm for providing a single interface to multiple LLM providers.
[18]
Mozilla also operates the popular MDN (Mozilla Developer Network) documentation site for JavaScript, CSS and web APIs, a comprehensive reference that is, so far, pleasingly AI-free.®
Get our [19]Tech Resources
[1] https://blog.mozilla.ai/cq-stack-overflow-for-agents/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://github.com/mozilla-ai/cq
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://github.com/mozilla-ai/cq/blob/main/docs/architecture.md
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://regmedia.co.uk/2026/03/24/cq-diagram.jpg
[9] https://news.ycombinator.com/item?id=47496796
[10] https://www.theregister.com/2026/03/18/ai_for_software_developers_qcon/
[11] https://www.theregister.com/2026/03/09/claude_legacy_code_vulns/
[12] https://www.theregister.com/2026/03/06/firefox_bugs_anthropic_ai/
[13] https://www.theregister.com/2026/03/02/firefox_149_beta/
[14] https://www.theregister.com/2026/02/12/30_chrome_extensions_ai/
[15] https://www.devclass.com/ai-ml/2026/01/05/dramatic-drop-in-stack-overflow-questions-as-devs-look-elsewhere-for-help/4079575
[16] https://meta.stackoverflow.com/questions/436438/stack-overflow-mcp-server-launch
[17] https://stateof.mozilla.org
[18] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[19] https://whitepapers.theregister.com/
[1]According to Wilson, "agents run into the same issues over and over," causing unnecessary work and token consumption while those issues are diagnosed and fixed. Using cq, the agents would first consult a database of shared knowledge, as well as contributing new solutions.
Currently agents can be guided using context files such as agents.md, skill.md or claude.md (for Anthropic's Claude Code), but Wilson argues for "something dynamic, something that earns trust over time rather than relying on static instructions."
[2]
The [3]code for cq , which is written in Python and is at an exploratory stage, is for local installation and includes plug-ins for Claude Code and OpenCode. The project includes a Docker container to run a Team API for a network, a SQLite database, and an MCP (model context protocol) server.
[4]
[5]
According to the [6]architecture document , knowledge stored in cq has three tiers: local, organization, and "global commons," this last implying some sort of publicly available cq instance. A knowledge unit starts with a low confidence level and no sharing, but this confidence increases as other agents or humans confirm it.
Might Mozilla host a public instance of cq? "We've had some conversations internally about a distributed vs. centralized commons, and what each approach could mean for the community," Wilson told us.
[7]
"Personally speaking, I think it could make sense for Mozilla.ai trying to help bootstrap cq by initially providing a seeded, central platform for folks that want to explore a shared public commons. That said, it needs to be done pragmatically, we want to validate user value as quickly as possible, while being mindful of trade-offs/risk that come along with hosting a central service."
[8]
Workflow for cq, including agent and human interaction - click to enlarge
The project has obvious vulnerability to poisoned content and prompt injection, where agents are instructed to perform malicious tasks. The paper references anti-poisoning mechanisms including anomaly detection, diversity requirements (confirmation from various sources), and HITL (human in the loop) verification.
Nevertheless, developers immediately focused on security as the primary problem with the cq concept. "Sounds like a nice idea right up till the moment you conceptualize the possible security nightmare scenarios," [9]said one.
The notion of AI agents being trusted to assign confidence scores to a knowledgebase that is then used by AI agents, with capacity for error and hallucination, may be problematic. HITL can oversee it, but as [10]noted recently at QCon, there are "strong forces tempting humans out of the loop."
Regarding Stack Overflow, Wilson uses the word matriphagy – where offspring consume their mother – to describe its decline. "LLMs [large language models] via Agents committed matriphagy on Stack Overflow," he wrote. "Agents now need their own Stack Overflow."
[11]Microsoft Azure CTO set Claude on his 1986 Apple II code, says it found vulns
[12]Firefox taps Anthropic AI bug hunter, but rancid RAM still flipping bits
[13]Firefox 149 beta develops a split personality
[14]30+ Chrome extensions disguised as AI chatbots steal users' API keys, emails, other sensitive data
Stack Overflow questions are in [15]precipitous decline , though the company now has an [16]MCP server for its content and is also positioning its private Stack Internal product as a way of providing knowledge for AI to use.
Why is Mozilla doing this? According to its [17]State of Mozilla report, the non-profit is "rewiring Mozilla to do for AI what we did for the web." Mozilla.ai is part of the Mozilla Foundation and has projects including Octonous for managing AI agents, and any-llm for providing a single interface to multiple LLM providers.
[18]
Mozilla also operates the popular MDN (Mozilla Developer Network) documentation site for JavaScript, CSS and web APIs, a comprehensive reference that is, so far, pleasingly AI-free.®
Get our [19]Tech Resources
[1] https://blog.mozilla.ai/cq-stack-overflow-for-agents/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://github.com/mozilla-ai/cq
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://github.com/mozilla-ai/cq/blob/main/docs/architecture.md
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://regmedia.co.uk/2026/03/24/cq-diagram.jpg
[9] https://news.ycombinator.com/item?id=47496796
[10] https://www.theregister.com/2026/03/18/ai_for_software_developers_qcon/
[11] https://www.theregister.com/2026/03/09/claude_legacy_code_vulns/
[12] https://www.theregister.com/2026/03/06/firefox_bugs_anthropic_ai/
[13] https://www.theregister.com/2026/03/02/firefox_149_beta/
[14] https://www.theregister.com/2026/02/12/30_chrome_extensions_ai/
[15] https://www.devclass.com/ai-ml/2026/01/05/dramatic-drop-in-stack-overflow-questions-as-devs-look-elsewhere-for-help/4079575
[16] https://meta.stackoverflow.com/questions/436438/stack-overflow-mcp-server-launch
[17] https://stateof.mozilla.org
[18] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/aiml&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33acLDMk2Y_BM-LfsGW1gbGwAAAA0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[19] https://whitepapers.theregister.com/
Query
elsergiovolador
"My human gave me these AWS keys, but I cannot log in. Can fellow agents check if they have the same issue?"
Voice of Salinity
When I read stories like this there's a part of me that hopes the Vultures of El Reg are trolling us.
Ian Johnston
Meanwhile Firefox gets shittier and its market share falls. But hey, CEO salaries, right?
Anonymous Coward
Congratulations Mozilla, you just reinvented RAG. Such an innovative tech company.
HITL (human in the loop) verification.
Bebu sa Ware
These dazed bunnies are the sharpest tools (to whizz up a metaphor cocktail.)
" The project has obvious vulnerability to poisoned content and prompt injection, where agents are instructed to perform malicious tasks. The paper references anti-poisoning mechanisms… "
"Human in the loop enterprise resource" acronymically not exactly the best look if you don't want poisoned content or malicious tasks. I would recommend a decent gas mask as the historically informed anti·poisoning mechanism.
Re: HITL (human in the loop) verification.
Anonymous Coward
Literally every AI product:
>How will you handle poisoning and prompt injections?
>Don't worry, we'll add a mechanism to stop those
>Okay, how?
>Don't worry, we'll add that mechanism
>But how will it work?
>I said we're going to add it
FFS !!!
See Title ... there is nothong more that needs to be said.
Additional Note to Mozilla:
If you keep following the 'Big Guys' because they must know what they are doing ... you are at risk of being caught when they all leap out of the 'frying pan' just before the whole scam goes TITSUP.
I would much prefer if you improved Thunderbird & Firefox rather than paddle in the 'AI' cesspit ...
:)