Claude Mythos Finds 271 Firefox Vulnerabilities
Claude Mythos Finds 271 Firefox Vulnerabilities
https://www.securityweek.com/claude-mythos-finds-271-firefox-vulnerabilities/
Publish Date: 2026-04-22 07:27:00
Source Domain: www.securityweek.com
Mozilla says Anthropic’s new cybersecurity-focused Claude Mythos AI model has discovered 271 vulnerabilities in Firefox.
The vulnerabilities, identified with an early version of Claude Mythos Preview, were patched in the popular web browser this week with the release of version 150.
More than 40 CVEs have been addressed in Firefox 150, but only three are credited to Claude in the official advisory: CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.
This indicates that many of the 271 bugs are likely lower-severity issues or flaws that don’t meet the threshold for a public CVE. This can include defense-in-depth issues, hardening, or bugs in non-exploitable code paths.
Mozilla has not shared any information on the type or nature of the vulnerabilities, but has made an important clarification.
“Encouragingly, we also haven’t seen any bugs that couldn’t have been found by an elite human researcher. Some commentators predict that future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension, but we don’t think so,” Firefox CTO Bobby Holley noted.
The fact that Claude Mythos found so many Firefox vulnerabilities is not surprising. When Anthropic released Mythos, the AI giant said the new frontier model can autonomously discover thousands of zero-day vulnerabilities.
That is why the company decided to withhold its public release and instead offer it only to a relatively small number of major organizations through a program called Project Glasswing.
The list of companies in Project Glasswing includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.
[ Read: OpenAI Widens Access to Cybersecurity Model After Mythos Reveal ]
Palo Alto Networks has also shared some preliminary data from testing Mythos, saying that in terms of vulnerability discovery it…
