Anthropic’s Mythos Finds 271 Firefox Security Flaws
Anthropic’s Claude Mythos flagged 271 Firefox vulnerabilities during Mozilla’s internal tests; Mozilla patched the bugs this week and published a blog post.
An early version of Anthropic’s Claude Mythos AI identified 271 security vulnerabilities in Firefox source code during Mozilla’s internal security review. Mozilla patched the reported bugs this week and published a blog post outlining the findings.
Mythos, released in March, is a next-generation model designed to assist with reasoning, coding and cybersecurity. Mozilla ran the model against the Firefox codebase as part of a scheduled review. The company noted an earlier Anthropic model had found 22 security-sensitive bugs in a prior Firefox release.
Mozilla wrote that while the model surfaced a large number of issues, the team found no evidence that the bugs could not have been discovered by an “elite human researcher.” The company added that “for a hardened target, just one such bug would have been a red-alert in 2025,” and that finding so many at once forced a reassessment of how to keep pace with threats.
Anthropic limits access to Mythos through a program called Project Glasswing. The firm allows selected technology partners, including major cloud and software companies, to run large-scale scans with the model. Anthropic’s internal testing has presented results indicating Mythos can locate thousands of previously unknown vulnerabilities across major operating systems and browsers.
Security researchers tested a Mythos preview and found the model could autonomously perform complex simulated cyber operations, including multi-stage corporate network attacks without human intervention. Those findings have attracted attention from governments and security agencies.
People familiar with deployments confirmed some U.S. agencies have run Mythos previews on classified networks. Those people said the National Security Agency has used a preview on classified systems.
Mozilla described Project Glasswing as part of an industry effort to use AI to find and fix vulnerabilities before they are exploited. In its blog post the company wrote: “We are extremely proud of how our team rose to meet this challenge, and others will too.”
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
