Mozilla released Firefox 150 on April 21, 2026, with fixes for 271 security vulnerabilities identified by Anthropic's Claude Mythos Preview. Every single one of those vulnerabilities was found in a single evaluation pass by an AI model. Mozilla's Firefox CTO Bobby Holley described the moment his team saw that number as giving them vertigo.
How It Happened
Mozilla's collaboration with Anthropic started earlier this year with a more modest scope. Beginning in February, the Firefox security team used Claude Opus 4.6 to scan nearly 6,000 C++ files across the browser's codebase. That pass produced 22 confirmed security-sensitive bugs, shipped as fixes in Firefox 148. Fourteen were classified as high severity, representing almost a fifth of all high-severity Firefox vulnerabilities fixed across all of 2025.
The Mythos evaluation followed as part of the continued partnership. It produced more than twelve times as many confirmed vulnerabilities in a single pass. Firefox 150 patched all 271 of them.
What the 271 Number Actually Means
The figure requires some context. Mozilla's official security advisory for Firefox 150 lists 41 CVE entries. Only three of those are directly credited to Claude in the official advisory. The remaining vulnerabilities from the 271 total are lower-severity issues, defence-in-depth improvements, hardening changes, or bugs in code paths that are not directly exploitable. They do not each represent a critical zero-day that could compromise a user's machine.
SecurityWeek, which reviewed the advisory, noted that many of these are likely bugs that do not meet the threshold for a public CVE. Mozilla has not publicly detailed the type or nature of the individual vulnerabilities.
David Shipley of Beauceron Security put it plainly: "Nothing Mythos found couldn't have been found by a skilled human. The AI is not finding a new class of AI-exclusive super bugs. It's just finding a lot of stuff that was missed."
Mozilla's own statement confirms this. "Encouragingly, we also haven't seen any bugs that couldn't have been found by an elite human researcher." The significance is not that Mythos found a new category of vulnerability. It is that no human team could have found 271 of them this quickly.
Why This Matters for Browser Security
Firefox is a mature, hardened codebase. Mozilla runs an internal red team, applies multiple overlapping defensive layers, runs automated fuzzing continuously, and maintains a dedicated security engineering function. For a codebase this well-protected, a conventional security audit finding a handful of serious bugs in a month's work would be considered exceptional.
Mythos found 271 in one pass.
Holley framed this as the security balance shifting in favour of defenders for the first time. His argument is straightforward. Attackers can afford to concentrate months of human effort to find a single exploitable bug. A gap between what machines can find and what humans can find has always favoured the attacker in that equation. If machines can now find everything a skilled human researcher can find, only faster, that gap closes on the defender's side instead.
"Computers were completely incapable of doing this a few months ago, and now they excel at it," Holley wrote. "We have many years of experience picking apart the work of the world's best security researchers, and Mythos Preview is every bit as capable. So far we've found no category or complexity of vulnerability that humans can find that this model can't."
Mozilla's blog post on the findings was titled The zero-days are numbered. Holley's conclusion: "The defects are finite, and we are entering a world where we can finally find them all."
The Context Around Mythos
Claude Mythos Preview is not publicly available. Anthropic released it only to a restricted group of organisations through Project Glasswing, a controlled programme designed to use the model for defensive security purposes. Project Glasswing members include AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Palo Alto Networks reported that Mythos accomplished the equivalent of a year's worth of penetration testing in under three weeks.
The restricted release itself faced a security incident. On the same day Anthropic announced Project Glasswing, a group of unauthorised users gained access to Mythos Preview by guessing the model's URL through a third-party vendor environment. Anthropic confirmed it is investigating the incident and said its own systems were not compromised.
Anthropic committed up to $100 million in usage credits for Glasswing partners and $4 million in direct donations to open-source security organisations, including $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation.
What Security Teams Should Take From This
The practical implication for organisations running software at scale is that the economics of vulnerability discovery have changed. Continuous AI-assisted code analysis rather than periodic manual audits is becoming the baseline expectation rather than an advanced practice. Ensar Seker, CISO at SOCRadar, described the shift as requiring security teams to integrate AI-assisted analysis into continuous integration pipelines, prioritising patch velocity over perfection, and assuming that any externally reachable code path will eventually be discovered.
The 271 Firefox vulnerabilities were all fixed before Firefox 150 shipped. That is the intended outcome of the model's restricted deployment. Whether that pace of defensive discovery can be maintained as codebases grow and AI models continue to improve is the central question the security industry is now working through.
Frequently Asked Questions
Are all 271 vulnerabilities serious security risks?
No. The 271 figure includes the full range from critical exploitable bugs down to lower-severity issues, hardening improvements, and bugs in code paths that are not directly reachable by attackers. Only three vulnerabilities from the evaluation are formally credited to Claude in Mozilla's official security advisory. Many of the rest represent bugs that strengthen Firefox's defence-in-depth posture without being individually exploitable.
Is Firefox now fully secure after these fixes?
No software can be described as fully secure. Mozilla fixed 271 vulnerabilities found in one evaluation pass, but the codebase continues to evolve and new vulnerabilities will emerge as code changes. The significance of this event is the speed and scale of discovery rather than an implication that Firefox has been comprehensively audited once and for all.
Why is Mythos not publicly available if it can find security vulnerabilities?
The same capability that finds vulnerabilities defensively can be used offensively to discover and exploit them. Anthropic determined that public release carried unacceptable risk and restricted access to a small group of organisations with defensive security missions. The restricted deployment through Project Glasswing allows the defensive benefits to be captured while limiting offensive misuse.
Discussion (0)
Be the first to comment.