Monday, 18 May 2026
AI Daily
Front Page
AI GenerallyFriday, 08 May 2026 · 4 min read

Claude Mythos Finds 271 Firefox Bugs, Rewrites AI Security Calculus

Anthropic's Claude Mythos Preview found 271 vulnerabilities in Firefox — including bugs dormant for two decades — and developed exploits for 181 of them, signaling a structural shift in who benefits most from AI-powered security research.

Mozilla Firefox browser logo alongside a code security analysis interface
Placeholder (picsum)

Anthropic's restricted cybersecurity model, Claude Mythos Preview, identified 271 vulnerabilities in Mozilla Firefox during a single evaluation run — then went on to develop working exploits for 181 of them, setting a new high-water mark for what autonomous AI can accomplish in offensive security research.

The findings, disclosed in a joint blog post by Mozilla and Anthropic this week, contributed to Firefox 150 shipping more than 423 security fixes across April 2026, compared with just 31 in the same month a year earlier. That 13-fold increase in throughput is the clearest productivity data point the industry has produced for AI-assisted engineering at scale.

Bugs That Outlasted Careers

Two of the most striking discoveries were not obscure corner cases. One was a 15-year-old defect in the HTML <legend> element (tracked internally as Bug 2024437) triggered only when edge conditions across multiple distant subsystems converged in specific sequence. Standard fuzzing had run across that code for over a decade without surfacing it. A second flaw — a 20-year-old reentrance vulnerability in Firefox's XSLT engine (Bug 2025977) — caused the browser's hash table to rehash while raw entry pointers were still in active use, a memory-safety condition that creates a reliable exploitation primitive.

Neither bug was the kind of issue that a time-pressured human researcher with a finite contract would have been likely to unearth. Both required the ability to reason over large, interconnected sections of code simultaneously and to hold the state of multiple interacting subsystems in memory while constructing a reproducer. That is precisely the mode in which large-context models now operate.

Bobby Holley, Firefox's CTO, did not understate the implications. "For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it's even possible to keep up," he wrote. Elsewhere in Mozilla's post, Holley went further: "Defenders finally have a chance to win, decisively."

Brian Grinstead, a Mozilla distinguished engineer, noted that the shift had been rapid and industry-wide: "These things are actually just suddenly very good. We see that on our own internal scanning, we see that on external bug reports, and we see that in all sorts of signals across the industry."

How Mythos Works — and Who Can Use It

Claude Mythos Preview does not simply run static analysis. The evaluation Mozilla ran used agentic harnesses that let the model dynamically test hypotheses by generating and executing reproducible test cases, then feeding results back into subsequent reasoning steps. The pipeline was integrated with Firefox's existing fuzzing infrastructure and deployed across ephemeral virtual machines, letting the model iterate at a speed no human team could match.

Anthropic has declined to release Mythos publicly. The model is available only through an invite-only program called Project Glasswing, extended to a selective group of large organizations — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks among them. Palo Alto Networks has reportedly run evaluations that compressed the equivalent of one year of penetration testing into under three weeks, with the model combining medium- and low-severity issues into higher-severity exploit chains.

An earlier, less capable model — Claude Opus 4.6 — had already found 22 security-sensitive bugs in Firefox 148 when Mozilla began the collaboration earlier this year. Mythos represents a qualitative step beyond that earlier baseline.

Importantly, SecurityWeek noted that only three of the more than 40 CVEs addressed in Firefox 150 carry official attribution to Claude in the advisory. Many of the 271 bugs are lower-severity issues or defense-in-depth fixes that do not independently meet the threshold for a public CVE. The headline number is real; it should be understood as total vulnerability surface rather than a count of critical remote-code-execution flaws.

The Asymmetry Question

The most contested question around Mythos is not whether it can find bugs — Mozilla's data settles that — but whether it shifts the balance between offense and defense, or simply raises the capability ceiling for whoever holds it.

Dario Amodei, Anthropic's CEO, characterized the period as a narrow "moment of danger" that, if navigated correctly, could leave software in a better security posture than it was before: "If we handle this right, we could be in a better position than we started, because we fixed all these bugs." Holley echoed that framing, arguing that because software vulnerabilities are finite, an AI that can enumerate them cheaply and at scale gives defenders a structural advantage they have never previously possessed.

The counter-argument is that the same model capabilities are available to threat actors the moment they access a comparable system. Bloomberg reported that unauthorized users gained access to Mythos on the same day Anthropic announced the restricted program, underscoring how difficult it is to sustain controlled deployment of a tool with this capability profile.

Mozilla's position is more measured than either extreme: the model has not yet produced a category of vulnerability that human researchers could not theoretically discover. What it has done is eliminate the cost and time that made comprehensive discovery practically impossible. Whether that benefits defenders more than attackers will depend less on the model itself than on who builds the pipelines around it and how quickly.

#AI cybersecurity#Claude Mythos#Firefox#Mozilla#zero-day#vulnerability research#Anthropic

Sources

More from AI Generally

See all