Anthropic's Mythos discovered 271 security vulnerabilities in Firefox 150, Mozilla says it's 'good news for defenders.'
Anthropic, the developer of Claude, has created ' Mythos ,' an AI that excels at discovering software vulnerabilities. Because Mythos can be extremely dangerous if misused, it is being provided to only a select few companies as '
The zero days are numbered
https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/
Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150 - Ars Technica
https://arstechnica.com/ai/2026/04/mozilla-anthropics-mythos-found-271-zero-day-vulnerabilities-in-firefox-150/
Since February 2026, Mozilla's Firefox team has been using cutting-edge AI models to discover and fix security vulnerabilities in Firefox. In collaboration with Anthropic, Mozilla scanned Firefox using Opus 4.6 and discovered 22 security vulnerabilities in Firefox 148 , which was released in February 2026.
As part of its ongoing collaboration with Anthropic, Mozilla had the opportunity to use an early version of Claude Mythos Previe. They then used Claude Mythos Previe to scan for security vulnerabilities in Firefox 150, which was officially released on April 22, 2026. They reported successfully discovering 271 vulnerabilities during this initial assessment.
Regarding the discovery of numerous security vulnerabilities in Claude Mythos Previe, Mozilla stated, 'As more and more defenses get their hands on features like this (Mythos), many teams are feeling the same anxiety they did when this discovery first came to light. In 2025, even one of these vulnerabilities would have been enough to raise concerns, but with so many vulnerabilities existing simultaneously, it's questionable whether we'll be able to cope.'
Furthermore, he stated, 'Our experience will be a beacon of hope for teams to shake off their anxieties and get to work. We may need to re-evaluate all other priorities in order to fully focus on this challenge, but we can see the light at the end of the tunnel. I am very proud of our team for facing this challenge, and I believe other teams will be just as proud. Our work is not yet finished, but we have reached a turning point and can glimpse a much brighter future that will not remain the same. The defenders finally have a chance to seize a decisive victory,' suggesting the potential of Mythos to be extremely useful in cybersecurity.
Up until now, attackers and defenders in the technology industry have been engaged in a nearly evenly matched battle when it comes to security measures. Vendors of critical software released to the internet, such as Firefox, place a high priority on security and have teams that think about ensuring user safety every morning.
Mozilla explains its cybersecurity measures to date by saying, 'For many years, everyone has quietly acknowledged that eliminating vulnerabilities to zero is an unrealistic goal. Instead, we have aimed to make the cost of exploiting vulnerabilities extremely high, so that only attackers with virtually unlimited budgets can use them, and the cost of wasting such expensive assets should deter attackers from easily exploiting them.'
Skilled security researchers uncover bugs that fuzzing tools can't find by thoroughly analyzing source code. While this is an effective method, it's time-consuming and labor-intensive, and only a limited number of people can perform it. Until a few months ago, computers couldn't perform this kind of analysis, but Claude Mythos Preview has comparable capabilities. As of the time of writing, no vulnerabilities of the type or complexity that humans can find have been found that Claude Mythos Preview cannot.
Mozilla explains, 'This may seem frightening in the short term, but ultimately it will be good news for the defenders. Attackers can invest months of time, money, and human resources to find a single bug, but defenders cannot afford that and have no choice but to rely on machines. Until now, machines have low bug-finding capabilities, creating a gap between them and human capabilities, which has been advantageous for attackers. By closing this gap, the cost of finding any bug will be reduced, and the long-term advantage of attackers will be undermined.'
Fortunately, no bugs have been found that even highly skilled human researchers would be unable to discover. While some critics predict that future AI models will uncover entirely new forms of vulnerabilities beyond current understanding, Mozilla explained, 'We don't think so. Software like Firefox is designed to be modular so that humans can reason about its correctness. It is complex, but that complexity is not limitless.'
Related Posts:
