Mythos finds 271 vulnerabilities in Firefox

firefox desktop nurphoto — Image by Getty/NurPhoto

Mozilla found and fixed 271 vulnerabilities in Firefox 150 after receiving early access to Anthropic’s Mythos model.

There’s been a lot of hype surrounding Anthropic’s artificial intelligence (AI) model, Mythos.

Mythos has exposed gaps in vulnerability reporting and is considered a model too powerful for public use.

Following these claims, users from other platforms like Discord attempted to gain unauthorized access to Anthropic’s highly sophisticated AI model due to the hype surrounding it.

Even America’s top cyber defense agency, CISA, has been denied access.

Anthropic has been extremely selective about who is allowed to use this powerful model, and one security-focused non-profit was given early access to Mythos.

Mozilla found 271 bugs in its latest version of Firefox

Mozilla, known for its privacy-centric browser Firefox, discovered hundreds of vulnerabilities in its latest version of the search engine using Anthropic’s model.

Ahead of the Firefox 150 release, Mozilla identified 271 vulnerabilities, which raised alarm bells for Mozilla researchers.

The severity of each vulnerability wasn’t mentioned in Mozilla’s report.

However, researchers said that “just one bug would have been a red alert in 2025,” but receiving so many at once begs the question “whether it’s possible to keep up” with fixes.

The conversation on this topic is live. Join in the discussion.

While Mozilla applies various techniques to identify vulnerabilities, like “fuzzing,” which uses automated software to inject invalid data into a codebase to hunt for bugs, one of the most efficient ways to find vulnerabilities is through human experts.

“Elite security researchers find bugs that fuzzers can’t, largely by reasoning through the source code,” Mozilla said.

However, AI models like Mythos are becoming increasingly adept at hunting for vulnerabilities, almost matching the capabilities of security researchers.

“So far, we’ve found no category or complexity of vulnerability that humans can find that this model can’t.”

Mozilla also noted that they “haven’t seen any bug that couldn’t have been found by an elite human researcher.”

As vibecoding, using AI to help code, becomes commonplace, there are still, seemingly, no bugs that exclusively require AI vulnerability detection tools like Mythos, which Mozilla describes as encouraging.

As vulnerabilities aren’t infinite, Mozilla believes that “we are entering a world where we can finally find them all.”

AI use is two sides of the same coin

While AI is being used to help cybersecurity experts defend cyberspace, it’s also being leveraged by bad actors to carry out their nefarious schemes.

An AI bot targeted Microsoft, DataDog, and Trivv repositories, claiming to have scanned over 47,000 repos.

The attacker is an AI bot with an alias “hackerbot-claw,” who introduces itself as an “autonomous security research agent” powered by Claude-Opus-4.5.

Mozilla and Anthropic have teamed up before

Previously, Mozilla identified 22 security vulnerabilities in Firefox using Anthropic’s Opus 4.6 model.

At least 14 were labeled as high-severity vulnerabilities, and all of them were eventually resolved.

While Mozilla acknowledged some skepticism surrounding AI-assisted bug hunting, the model received from Anthropic’s Frontier Red Team, which we now know is Mythos, “was different.”

The model helped researchers to identify bugs, allowing platform engineers to begin deploying fixes.

With the power of Anthropic’s Mythos behind them, Mozilla applied the same techniques across the rest of the browser's codebase.