Claude Mythos AI Finds 271 Zero-Days in Firefox, Marking a Turning Point for Defenders
Mozilla's Firefox 150 release patches 271 zero-day vulnerabilities discovered by Anthropic's Claude Mythos Preview AI model, signaling a paradigm shift in defensive cybersecurity capabilities.
Mozilla has released Firefox 150, a landmark update that fixes 271 zero-day vulnerabilities discovered by Anthropic's Claude Mythos Preview AI model during an initial evaluation of the browser. The findings, disclosed by Mozilla on Tuesday, represent an extraordinary leap in vulnerability discovery capabilities and suggest that AI-powered defensive tools may finally give defenders a decisive advantage over attackers.
The collaboration between Mozilla and Anthropic began earlier this year with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148. The scale of findings from Claude Mythos Preview, however, dwarfs that earlier effort. According to Mozilla, the 271 vulnerabilities were identified during an initial evaluation of the browser, and the team has been working around the clock since February to patch them. 'For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it's even possible to keep up,' Mozilla wrote in a blog post.
The vulnerabilities span a wide range of severity levels, though Mozilla has not yet disclosed specific CVE identifiers for all 271 bugs. The company emphasized that the rapid identification and patching of these flaws demonstrates a new defensive paradigm. 'Defenders finally have a chance to win, decisively,' Mozilla stated, though it cautioned that the advantage depends on the ability to patch and push updates to users quickly.
The implications of this discovery extend far beyond Firefox. The ability of frontier AI models to systematically identify latent vulnerabilities in complex software could fundamentally alter the cybersecurity landscape. Traditional security-through-obscurity strategies, which rely on the difficulty of finding bugs, are rendered obsolete when AI can scan codebases at scale. The challenge now shifts to the speed of patch deployment and user adoption.
Mozilla's experience mirrors broader industry trends. Linux creator Linus Torvalds recently declared the kernel's security mailing list 'almost entirely unmanageable' due to a flood of AI-generated vulnerability reports. While Torvalds highlighted the problem of duplicate and low-quality reports, Mozilla's collaboration with Anthropic demonstrates that when AI tools are applied systematically and in partnership with developers, they can produce high-impact results.
The Firefox 150 release is available now, and users are strongly encouraged to update immediately. Mozilla has indicated that its work with Anthropic is ongoing, and that more vulnerabilities are likely to be found and fixed in future releases. As AI-powered vulnerability discovery tools become more widely available, the cybersecurity community faces both an unprecedented opportunity and a significant operational challenge: how to process and patch vulnerabilities faster than ever before.