Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla announced Tuesday that this week’s release of Firefox 150 ships with patches for 271 security vulnerabilities uncovered using early access to Anthropic’s Claude Mythos Preview, a powerful AI model the company has so far kept out of public hands.
Firefox Chief Technology Officer Bobby Holley, writing on the Mozilla blog, said, “Defenders finally have a chance to win, decisively.”
Anthropic’s Mythos Preview isn’t available to the general public. Although the company has released it to a small circle of technology partners through a program called Project Glasswing, which includes the likes of Amazon, Apple, and Microsoft, all tasked with scanning their own software for weaknesses before the model reaches broader audiences.
Mozilla’s access came through a direct collaboration with Anthropic, separate from the formal Project Glasswing consortium, Holley confirmed to WIRED.
What makes Mythos notable isn’t just that it finds bugs; it’s how it finds them. Traditional automated security tools like “fuzzers” essentially throw random bad data at software and watch what breaks. Effective, but uneven. Some parts of a codebase are harder to fuzz than others, leaving blind spots that only a human expert could reliably uncover.
Mythos, according to Mozilla, doesn’t have those blind spots. “Elite security researchers find bugs that fuzzers can’t largely by reasoning through the source code,” Holley wrote on the Mozilla blog. “Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world’s best security researchers, and Mythos Preview is every bit as capable.”
Shock then relief
Inside Mozilla, the initial wave of findings didn’t feel like a victory. It felt like a gut punch. “For a hardened target, just one such bug would have been red alert in 2025, and so many at once makes you stop to wonder whether it’s even possible to keep up,” Holley noted.
The team pushed through it. Holley told WIRED the Firefox organization had to essentially reprioritize everything to focus on the deluge of findings, a warning he says other software teams should take seriously.
“I’ve talked to engineering leaders at very large companies who are saying that they’re going to be pulling thousands of engineers off of everything to be working on this for the next six months,” Holley told WIRED.
The reassuring part, he says, is that there appears to be a finish line. Mythos didn’t surface any entirely new category of vulnerability, nothing that a sufficiently skilled human researcher couldn’t also have found in theory.
Holley sees this as evidence that the problem is large but bounded. “The defects are finite, and we are entering a world where we can finally find them all,” he wrote.
Also read: Anthropic’s Opus 4.7 launch offered another look at how the company is advancing security-focused AI while keeping Mythos under tighter restrictions.
About Author
