Mozilla said Firefox 150 shipped with fixes for 271 security vulnerabilities identified during an early evaluation of Anthropic’s restricted Claude Mythos Preview model, a sharp increase from the 22 bugs previously found with Anthropic’s Opus 4.6 in Firefox 148. Mozilla CTO Bobby Holley said the findings created a major engineering burden and forced reprioritization, but argued the work was necessary because AI-assisted vulnerability discovery is rapidly improving and can now reason about source code at a level Mozilla compared to elite human researchers. Mozilla said the model did not uncover wholly new classes of flaws beyond human capability, but it found known types of bugs at much greater speed and scale, including issues traditional fuzzing might miss.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Bloomberg reported on April 22 that a small group of users obtained unauthorized access to Mythos through several methods, including via a third-party vendor connected to Anthropic. The model remained restricted to 40 organizations in Project Glasswing and was not publicly released.
An earlier Mozilla evaluation using Anthropic's Opus 4.6 identified 22 security-sensitive Firefox vulnerabilities, including 14 high-severity issues according to one report. Those flaws were patched in Firefox 148.
Mozilla said Firefox 150 includes protections or patches for 271 vulnerabilities identified during an early evaluation of Anthropic's Claude Mythos Preview. Mozilla described the volume of findings as a major operational burden and evidence of rapid progress in AI-assisted vulnerability discovery.
Mozilla and Anthropic reportedly began collaborating in February 2026 to use Anthropic frontier AI models to scan the Firefox codebase for security vulnerabilities.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
7 references tracked. Mallory keeps watching after this page renders.
scworld.com
Open sourcetechrepublic.com
Open sourcecybersecuritynews.com
Open sourcethecyberthrone.in
Open sourcego.theregister.com
Open sourcearstechnica.com
Open sourcewired.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.