Claude Mythos AI Uncovers 271 Zero-Days in Firefox
Key Takeaways Anthropic’s Claude Mythos Preview AI model identified 271 zero-day vulnerabilities in Mozilla Firefox. These critical flaws were addressed in Firefox version 150, representing the...
Key Takeaways
- Anthropic’s Claude Mythos Preview AI model identified 271 zero-day vulnerabilities in Mozilla Firefox.
- These critical flaws were addressed in Firefox version 150, representing the largest single security patch in the browser’s history.
- The discovery highlights a significant advancement in AI-driven cybersecurity defense capabilities, enabling rapid and comprehensive vulnerability detection.
- The collaboration between Mozilla and Anthropic began in February 2026, with earlier models also successfully identifying vulnerabilities.
Anthropic’s cutting-edge AI model, Claude Mythos Preview, has uncovered an astounding 271 zero-day vulnerabilities within Mozilla Firefox. This unprecedented discovery underscores a pivotal shift in the landscape of AI-powered cybersecurity, demonstrating its capacity for proactive defense at an unparalleled scale. All identified vulnerabilities have since been remediated with the release of Firefox 150, marking the most extensive single security update in the browser’s operational history.
Table Of Content
This groundbreaking achievement is the culmination of an ongoing partnership between Mozilla’s Firefox security team and Anthropic, initiated in February 2026. The collaboration focuses on leveraging advanced AI models to systematically scan and analyze the browser’s complex codebase.
A Phased Approach to AI-Driven Security
The journey towards this significant discovery began with an earlier phase of the collaboration. During a two-week engagement, Claude Opus 4.6, a predecessor model, successfully identified 22 vulnerabilities, 14 of which were categorized as high-severity. These findings were addressed in Firefox 148. This initial effort served as a crucial proof of concept, illustrating the AI’s ability to detect critical security flaws with a speed and efficiency unmatched by traditional human red teaming efforts.
Claude Mythos Preview: A Generational Leap in Vulnerability Detection
Building upon the successes of the earlier phase, Mozilla deployed an early iteration of Claude Mythos Preview against the Firefox codebase. The results were extraordinary: 271 vulnerabilities were pinpointed during a single evaluation cycle, all of which were subsequently patched in the Firefox 150 release this week.
To contextualize the magnitude of this achievement, Mozilla addressed approximately 73 high-severity Firefox vulnerabilities throughout the entirety of 2025. The current discovery by Claude Mythos Preview therefore represents roughly four times that annual figure, identified in a single, AI-driven sweep.
Claude Mythos stands apart from conventional AI models. It possesses the autonomous capability to identify and exploit zero-day vulnerabilities across major operating systems and web browsers. This process requires no human intervention beyond the initial prompt, demonstrating a remarkable level of self-sufficiency.
Performance benchmarks highlight a significant leap forward for Mythos, achieving 93.9% on SWE-bench and 97.6% on USAMO. Specifically within Firefox’s JavaScript shell, Mythos successfully converted 72.4% of detected vulnerabilities into functional exploits and achieved register control in an additional 11.6% of attempts, showcasing its deep understanding of exploit development.
The implications for the cybersecurity industry are profound. Historically, offensive security has maintained an advantage; attackers needed only a single flaw, while defenders had to secure an expansive and intricate attack surface. AI tools like Mythos are now poised to rebalance this dynamic, empowering defenders to uncover vulnerabilities with unprecedented speed, systematic rigor, and cost-effectiveness.
Beyond Firefox, Mythos has also demonstrated its prowess by unearthing long-dormant flaws in other critical infrastructure components, including a 27-year-old bug in OpenBSD, a 16-year-old vulnerability in FFmpeg, and a 17-year-old flaw in FreeBSD. This illustrates the AI’s exceptional ability to surface latent risks that have eluded decades of both human and automated analysis.
Mozilla engineers have stated that while the work is ongoing, this collaboration marks a critical turning point. As AI-powered vulnerability research becomes more widely accessible to defense teams, the long-held notion that bringing exploits to zero is an unrealistic goal may finally become an achievable reality.
What You Should Do
- Ensure all instances of Mozilla Firefox are updated to version 150 or later immediately to apply the latest security patches.
- Enable automatic updates for your browser to ensure you receive future security fixes promptly.
- Regularly review and apply security updates for all software, operating systems, and web browsers to mitigate known vulnerabilities.
- Consider adopting advanced security solutions that leverage AI for threat detection and vulnerability management within your organization.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.