In an unprecedented milestone, Anthropic's new "Mythos" model managed to identify in weeks what would have taken a human team years, forcing Mozilla to a massive patch before the release of its latest version.
By: MSB
The era when human security researchers were the only ones capable of reasoning about complex code has ended. Mozilla revealed that Firefox 150, launched this week, includes patches for 271 vulnerabilities discovered by Claude Mythos, Anthropic's most advanced AI model oriented towards cybersecurity.
The figure is devastating when compared to current standards: in a previous test conducted earlier this year with the Claude 4.6 model, only 22 errors were found. The jump to 271 demonstrates that AI has reached a level of reasoning that Mozilla qualifies as equivalent to that of "elite security researchers".
A Technological "Dizzying" Experience for MozillaBobby Holley, Firefox Director of Technology, described the experience of working with Mythos as something that produces "dizziness". According to Holley, the model not only found logical flaws that traditional automated tools (fuzzers) often miss, but it did so on a scale that initially overwhelmed the company's engineers.
"We have not seen an error that could not have been found by an expert human," Mozilla stated in its official blog. "The point is that no human team could have found 271 of them so quickly".
The End of the Attacker's AdvantageTraditionally, security has been an asymmetry game: an attacker with millions of dollars and months of time could afford to search for a single critical "buried" error in millions of lines of code. With Mythos, that search becomes "cheap" and almost instantaneous for defenders.
However, the finding has a dark side. If this tool falls into the hands of threat actors before companies can integrate similar defenses, the global software ecosystem could face a wave of manually uncontrollable attacks. In fact, the Mythos model remains under restricted access through the Project Glasswing program due to its potential danger.
Technical Details: Fewer CVEs, More SecurityAlthough 271 vulnerabilities were identified, the official Firefox 150 security bulletin only explicitly mentions three CVEs (Common Vulnerabilities and Exposures) attributed to AI (CVE-2026-6746, 6757, and 6758). This is because the vast majority of Mythos's findings were:
Hardening Flaws: Weaknesses that are not exploitable by themselves but facilitate an attack.
Code Hygiene: Logical errors in code paths that are not currently accessible but could be in the future.
Exploit Chains: Mythos proved capable of combining multiple low-priority errors to create a critical security breach.
For Mozilla, this discovery is not a sign that Firefox is insecure, but that the software finally has a real chance to "clean house". The company believes we are at the beginning of the end of zero-days, predicting a near future where AI will find all possible flaws before the code even reaches the end user.
For now, Firefox 150 is positioned as one of the most secure and deeply analyzed versions in browser history, thanks to an artificial, ceaseless "eye" that appears to miss nothing.