Mozilla has addressed 271 Firefox vulnerabilities identified by Anthropic's Claude Mythos during a single assessment.

      Summary: Mozilla launched Firefox 150, addressing 271 security vulnerabilities uncovered by Anthropic’s Claude Mythos Preview, an unreleased advanced AI model available only to select organizations under Project Glasswing. This partnership began earlier in the year with Claude Opus 4.6, which identified 22 flaws in Firefox 148; Mythos detected over twelve times that amount. Bobby Holley, Firefox’s CTO, remarked that the vulnerabilities are “finite” and asserted that defenders can “finally find them all.” The UK AI Security Institute noted that Mythos is also capable of executing autonomous multi-stage network attacks, highlighting the dual-use tension in AI policy.

      Mozilla rolled out Firefox 150 on Monday, correcting 271 security vulnerabilities revealed by Anthropic’s Claude Mythos Preview, an unreleased AI model restricted to a select group of organizations through Project Glasswing. The significance of this figure lies not in the uniqueness of the bugs but in their sheer number. Mozilla stated in a blog post titled “The zero-days are numbered” that no human team could have discovered 271 vulnerabilities in such a short timeframe.

      The collaboration between Mozilla and Anthropic started earlier this year with a smaller-scale initiative. Beginning in February, Firefox’s security team employed Claude Opus 4.6 to scan nearly 6,000 C++ files within the browser's code. This effort yielded 112 unique reports, with 22 identified as security-sensitive bugs that were fixed in Firefox 148. Fourteen of these were classified as high severity, constituting nearly 20% of all high-severity vulnerabilities addressed in Firefox in 2025. The subsequent Mythos assessment revealed over twelve times the amount of confirmed vulnerabilities. Holley described the experience as inducing “vertigo” for the team.

      What Mythos is, and who can access it

      Claude Mythos Preview is the focal point of Anthropic's restricted Mythos model program, Project Glasswing, which was announced on April 7. It is a general-purpose frontier model, not designed specifically for security, but its coding capabilities have reached a level that Anthropic deems significant enough to merit controlled release. The UK’s AI Security Institute assessed the model and found it capable of executing multi-stage network attacks autonomously, successfully completing a complex corporate network attack simulation dubbed “The Last Ones” in three out of ten attempts. It can combine several minor vulnerabilities into a significant attack, reconstruct source code from deployed software to find exploitable weaknesses, and create custom tools for lateral movement and data extraction once inside a network.

      Access to Mythos is restricted to 12 identified launch partners, which include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks, alongside approximately 40 other organizations engaged in defensive security efforts. Anthropic has allocated up to $100 million in usage credits and $4 million in direct donations to open-source security entities, including $2.5 million to Alpha-Omega and OpenSSF via the Linux Foundation and $1.5 million to the Apache Software Foundation. The model is made available to Glasswing participants at a cost of $25 per million input tokens and $125 per million output tokens through the Claude API, Amazon Bedrock, Google Cloud’s Vertex AI, and Microsoft Foundry.

      The controlled rollout has already faced challenges. On the same day that Anthropic announced Glasswing, a group of unauthorized users accessed Mythos Preview by guessing the model's URL through a third-party vendor environment, an incident that Anthropic is currently investigating.

      The defender’s perspective

      Holley presented the 271 vulnerabilities not as a critique of Firefox's code quality but as a sign that the security landscape is evolving in favor of defenders for the first time. “A gap between machine-discoverable and human-discoverable bugs favors the attacker, who can invest significant time and resources to find a single bug,” he wrote. “Closing this gap diminishes the attacker’s long-term advantage by making all discoveries inexpensive.”

      The rationale is clear. A zero-day vulnerability holds significant value for an attacker simply because it remains unknown. If a defender can identify and patch the same flaw before an attacker does, the vulnerability loses its offensive potential. Historically, this cost disparity has favored attackers: a browser like Firefox comprises millions of lines of code, and a single undiscovered flaw could lead to exploitation. An elite human security researcher might spend weeks or months uncovering one such flaw, whereas Mythos can scan the entire codebase in a fraction of that time. Mozilla argues that this paradigm shift alters the economics of security. “Software like Firefox is modularly designed to allow humans to reason about its correctness,” the blog post stated. “It is complex but not arbitrarily so. The defects are finite, and we are moving into a world where we can finally uncover them all.”

      This claim is assertive and intentionally so. Mozilla posits that the era of zero-day vulnerabilities