Anthropic’s frontier model Claude Mythos Preview has identified 271 zero-day vulnerabilities in Mozilla Firefox, with all issues addressed in the Firefox 150 release. The discovery marks one of the largest single batches of security fixes in the browser’s history.
The breakthrough comes from an ongoing collaboration between Mozilla and Anthropic, which began in February 2026. The Firefox security team has been using advanced AI models to scan the browser’s codebase for vulnerabilities.
An earlier phase of the partnership used Claude Opus 4.6, which uncovered 22 vulnerabilities in a 2-week period, including 14 classified as high severity. These were resolved in Firefox 148, demonstrating how AI can detect critical issues at speeds beyond traditional human-led approaches.
Building on this, Mozilla deployed Claude Mythos Preview for deeper analysis. The result was unprecedented, with 271 vulnerabilities identified in a single evaluation cycle and all patched in Firefox 150.
For comparison, Mozilla addressed around 73 high-severity Firefox vulnerabilities across 2025, making this AI-driven discovery nearly 4 times that number in one sweep.
Claude Mythos represents a significant leap in capability. It can autonomously identify and exploit zero-day vulnerabilities across major operating systems and browsers with minimal human input. Benchmark results show 93.9% on SWE-bench and 97.6% on USAMO. Within Firefox’s JavaScript shell, it converted 72.4% of identified vulnerabilities into working exploits and achieved register control in an additional 11.6% of cases.
The implications for cybersecurity are substantial. Traditionally, attackers have had an advantage by only needing to find a single weakness, while defenders had to secure entire systems. AI models like Mythos are shifting this balance by enabling faster, more systematic, and scalable vulnerability detection.
The model has also uncovered long-standing issues in other systems, including a 27-year-old flaw in OpenBSD, a 16-year-old issue in FFmpeg, and a 17-year-old vulnerability in FreeBSD, highlighting its ability to surface deeply embedded risks.
Mozilla engineers note that while work is ongoing, this collaboration marks a turning point. As AI-powered vulnerability research becomes more accessible, reducing vulnerabilities to near zero may move from aspiration to reality.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
