Mozilla and Anthropic's Claude Mythos Uncover 271 Firefox Security Vulnerabilities Before Release

Mozilla revealed that Anthropic's new cybersecurity-focused Claude Mythos AI model discovered 271 vulnerabilities in Firefox — all patched this week with the release of Firefox 150. The scale is staggering. The collaboration began earlier this year, when Firefox's security team used Claude Opus 4.6 to scan nearly 6,000 C++ files — producing just 22 confirmed security-sensitive bugs in Firefox 148. The Mythos evaluation produced more than twelve times as many confirmed vulnerabilities. Mozilla's access came through a direct collaboration with Anthropic, separate from the formal Project Glasswing consortium, Firefox CTO Bobby Holley confirmed. Holley said the Firefox organization had to reprioritize everything to focus on the flood of findings — warning that engineering leaders at very large companies are already pulling thousands of engineers off other work to address similar issues. Anthropic has withheld Mythos from public release, offering it only through Project Glasswing to select organizations including AWS, Apple, Broadcom, Microsoft, Google, and Nvidia. Testing by the U.K.'s AI Security Institute found the model can autonomously execute complex cyber operations, including completing a multi-stage corporate network attack simulation without human assistance.