YOOTA

🇮🇹

Anthropic’s Claude Mythos Found 271 Security Flaws in Firefox, All Already Patched

sakurambo
in ,

Mozilla used Claude Mythos Preview to scan Firefox’s codebase and uncovered 271 security vulnerabilities, all patched in Firefox 150. Three weeks earlier, the previous model had found just 22.

No login, no IP stored.

Three weeks ago, Mozilla used Anthropic’s Opus 4.6 to hunt for vulnerabilities in Firefox 148 and found 22 bugs worth fixing. This week Firefox 150 shipped with 271 vulnerabilities patched. The difference comes down to Claude Mythos Preview, an early version of Anthropic’s latest model, built as part of the Glasswing project with a specific focus on code analysis for security.

Bobby Holley, Mozilla’s CTO, doesn’t hide the shock in his blog post: Firefox is a browser where dedicated security teams have worked for years, and finding even a single serious flaw was cause for concern. Finding 271 in a single analysis forces you to rethink some basic assumptions.

Not fuzzing, it’s reasoning

Automated tools for finding browser bugs, fuzzing chief among them, work well on certain areas of code and leave others exposed. The hardest vulnerabilities to find require reading source code and reasoning through how things could go wrong, work that until now belonged to highly specialized researchers who are slow by necessity and expensive. Mythos Preview does the same thing, without time limits. Holley makes clear that none of the 271 flaws would have been beyond reach for a skilled human expert: the difference isn’t qualitative, it’s scale and speed.

The playing field is leveling, for better and worse

Security has always favored the attacker: you just need to find one weak point, while defenders have to cover everything. Firefox responded with sandboxing, isolated processes, Rust, but none of these measures solve the problem at its root. Mythos promises something structurally different: finding flaws at industrial scale before someone else does. Holley believes the defects in code are finite in number and that for the first time there are tools to find them all.

The catch is the same model works just as well on the other side. The UK government’s AI Security Institute verified that Mythos can independently execute multi-stage simulated attacks on corporate networks. Mozilla doesn’t hide this: AI lowers the cost of vulnerability discovery for everyone.

SOURCE:// blog.mozilla.org
SOURCE:// theregister.com

Support Yoota · affiliate link
Spread the word

Sniff out what’s new (follow me 🐾)
Mastodon Telegram Bluesky RSS
YOOTA
YOOTA
@en@yoota.it

Sniffing out tech news

514 posts
8 followers

Continua a fiutare

Loading top paws…

Cookies! We don't use tracking cookies or collect personal data, but since this site is federated via ActivityPub ⁂, your visit may connect to Mastodon or other federated servers.Affiliations: Some articles include affiliate links. When you buy through them, we may earn a small commission.