Mozilla: Anthropic's Mythos found 271 security vulnerabilities in Firefox 150

Mozilla has provided crucial real-world validation for Anthropic's secretive Mythos Preview model, revealing it pre-identified 271 security vulnerabilities in the upcoming Firefox 150 browser by analyzing its unreleased source code. The results, detailed in a Mozilla blog post, show a dramatic leap in capability compared to Anthropic's previous Opus 4.6 model, which found only 22 bugs in Firefox 148 last month—a 12x improvement. Firefox CTO Bobby Holley declared this shift means "defenders finally have a chance to win, decisively," as AI eliminates the need to "concentrate many months of costly human effort to find a single bug."

Holley emphasized that while these vulnerabilities could have been found by elite human researchers or automated fuzzing, Mythos makes discovery radically more efficient and affordable, tilting the economic balance toward defenders. He stated, "Computers were completely incapable of doing this a few months ago, and now they excel at it." This capability is particularly transformative for open-source projects, whose public codebases are easily scanned by AI but often rely on under-resourced volunteer maintenance. Mozilla CTO Raffi Krikorian argued that Mythos breaks the old balance in cyberthreat research, where human difficulty in finding bugs created a natural equilibrium, and that such tools should be accessible to all maintainers of critical infrastructure.