Anthropic's Claude Mythos Identified 271 Security Vulnerabilities in Firefox Ahead of Version 150 Release

Mozilla's Firefox team has incorporated fixes for 271 security vulnerabilities into Firefox 150, a haul discovered through collaboration with Anthropic using an early evaluation version of the Claude Mythos Preview model. The disclosure marks a significant escalation in the use of frontier AI systems for proactive security testing and raises pointed questions about the vulnerability density lurking in widely-deployed software—even in browsers assumed to be well-hardened through years of scrutiny.

The findings emerged from an ongoing partnership between Anthropic and Mozilla that began in February, when the teams first scanned Firefox using the Opus 4.6 model. That initial effort yielded fixes for 22 security-sensitive bugs in Firefox 148. The jump to 271 vulnerabilities with Claude Mythos Preview suggests a substantial leap in the model’s capacity to identify latent code-level weaknesses, surfacing issues that conventional testing pipelines may have overlooked or deprioritized. For a target as frequently audited as Firefox, the volume of discoveries is striking.

Security practitioners report a sense of vertigo as AI-assisted vulnerability discovery accelerates across the industry. One unreviewed bug of the kind now being found in bulk would have warranted red-alert escalation in 2025, observers note. The rapid incorporation of these fixes into a stable release channel signals that Mozilla has validated and prioritized the findings. The episode underscores a broader dynamic: as AI models become more capable at finding flaws, the pressure on development teams to patch faster—and on threat actors to exploit the same discovery methods—intensifies. Whether defender tooling is outpacing attacker capability in this new paradigm remains an open and consequential question.