Three weeks ago, Mozilla used Anthropic’s Opus 4.6 to hunt for vulnerabilities in Firefox 148 and found 22 bugs worth fixing. This week Firefox 150 shipped with 271 vulnerabilities patched. The difference comes down to Claude Mythos Preview, an early version of Anthropic’s latest model, built as part of the Glasswing project with a specific focus on code analysis for security.
Bobby Holley, Mozilla’s CTO, doesn’t hide the shock in his blog post: Firefox is a browser where dedicated security teams have worked for years, and finding even a single serious flaw was cause for concern. Finding 271 in a single analysis forces you to rethink some basic assumptions.
Not fuzzing, it’s reasoning
Automated tools for finding browser bugs, fuzzing chief among them, work well on certain areas of code and leave others exposed. The hardest vulnerabilities to find require reading source code and reasoning through how things could go wrong, work that until now belonged to highly specialized researchers who are slow by necessity and expensive. Mythos Preview does the same thing, without time limits. Holley makes clear that none of the 271 flaws would have been beyond reach for a skilled human expert: the difference isn’t qualitative, it’s scale and speed.
The playing field is leveling, for better and worse
Security has always favored the attacker: you just need to find one weak point, while defenders have to cover everything. Firefox responded with sandboxing, isolated processes, Rust, but none of these measures solve the problem at its root. Mythos promises something structurally different: finding flaws at industrial scale before someone else does. Holley believes the defects in code are finite in number and that for the first time there are tools to find them all.
The catch is the same model works just as well on the other side. The UK government’s AI Security Institute verified that Mythos can independently execute multi-stage simulated attacks on corporate networks. Mozilla doesn’t hide this: AI lowers the cost of vulnerability discovery for everyone.


Mastodon
Telegram
Bluesky