Quick Facts
- Category: Cybersecurity
- Published: 2026-04-30 21:23:28
- How to Transform Your Organization for AI Success: A Culture-First Guide
- Framework Unveils Wireless TouchPad Keyboard Aimed at Living Room Computing
- How Ann Arbor's Solar + Battery Pilot Could Slash Energy Bills for 150 Homes
- Supreme Court Ruling in Louisiana v. Callais Threatens Voting Rights and Environmental Justice, Sierra Club Warns
- 10 Key Facts About the AI-Driven Memory Shortage: Samsung and SK hynix Warn of Extended Scarcity
February 2025 – Mozilla has announced that an early version of Anthropic's Claude Mythos AI discovered and helped fix 271 zero-day vulnerabilities in Firefox, the highest single sweep of critical bugs in the browser's history. The flaws, all classified as latent security holes, have been patched in the Firefox 150 update released this week.
The findings stem from a collaboration between Mozilla and Anthropic that began in late 2024. In a previous phase, the Frontier AI model Opus 4.6 identified 22 security-sensitive bugs that were fixed in Firefox 148. The new results from the Claude Mythos preview represent a dramatic escalation in both scale and severity.
“For a hardened target like Firefox, even one such bug would have been a red-alert in 2025,” said a Mozilla security spokesperson. “Seeing 271 at once makes you question whether it’s even possible to keep up – but our team did.”
Background
Claude Mythos is the latest iteration of Anthropic’s large language model, fine-tuned specifically for cybersecurity tasks. It can analyze millions of lines of source code and identify subtle, previously unknown vulnerabilities that traditional scanners miss.
The AI was given early access to Firefox’s codebase as part of a defensive trial. Mozilla engineers then validated and categorized each finding, prioritizing the most severe issues for immediate patching. The process took less than three months from discovery to release.
What This Means
This breakthrough signals a fundamental shift in the balance between attackers and defenders. Until now, zero-day vulnerabilities were typically found and exploited by malicious actors. With AI-powered tools like Claude Mythos, defenders can proactively scan their own software at unprecedented speed and depth.
“Speed of patching is everything,” the Mozilla spokesperson added. “If defenders can find and fix bugs before attackers weaponize them, we finally have a chance to win decisively.”
The results also raise questions about the broader software industry. Mozilla’s experience suggests that similar scans on other major browsers, operating systems, or critical infrastructure could reveal thousands of hidden flaws. Teams that embrace this technology will need to reprioritize and maintain relentless focus to realize the benefits.
Mozilla plans to continue using Claude Mythos and share its methodology with the open-source community. The company hopes other developers will replicate the approach, turning the vertigo of discovery into a systematic advantage.
For more details on the previous Opus 4.6 findings, see the Background section.