Claude Mythos AI Model Uncovers 271 Zero-Day Vulnerabilities in Firefox

Anthropic’s latest frontier AI model, Claude Mythos Preview, has identified a staggering 271 zero-day vulnerabilities in Mozilla Firefox marking a seismic shift in AI-powered cybersecurity defense. The findings, addressed in Firefox 150, represent the most significant single batch of security fixes in the browser’s history.

The discovery didn’t happen in isolation. Since February 2026, Mozilla’s Firefox security team has been collaborating with Anthropic to scan the browser’s codebase using frontier AI models.

An earlier phase of this partnership leveraged Claude Opus 4.6, which identified 22 vulnerabilities, 14 of them classified as high-severity, during a two-week engagement, with fixes shipped in Firefox 148. That initial effort demonstrated that AI could detect severe vulnerabilities at speeds no human red team could match.

Claude Mythos Uncovered 0-Days

Building on that foundation, Mozilla applied an early version of Claude Mythos Preview to Firefox’s codebase as part of the continued collaboration. The results were unprecedented: 271 vulnerabilities identified in a single evaluation, all patched in this week’s Firefox 150 release.

For context, in 2025, Mozilla addressed approximately 73 high-severity Firefox vulnerabilities for the entire year, making this discovery roughly four times that figure in a single AI-driven sweep.

Claude Mythos is no ordinary model. It autonomously finds and exploits zero-day vulnerabilities across every major operating system and browser with no human intervention after the initial prompt.

Benchmarks confirm a generational leap: 93.9% on SWE-bench and 97.6% on USAMO. Within Firefox’s JavaScript shell alone, Mythos turned 72.4% of identified vulnerabilities into successful exploits and achieved register control in a further 11.6% of attempts.

The implications for the cybersecurity industry are profound. For decades, offense has held the upper hand; attackers only needed to find a single flaw, while defenders had to guard every inch of a large and complex attack surface. AI tools like Mythos are now closing that gap by enabling defenders to discover vulnerabilities quickly, systematically, and affordably.

Notably, Mythos has also uncovered ancient buried flaws across other critical infrastructure, including a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and a 17-year-old vulnerability in FreeBSD, demonstrating AI’s ability to surface latent risks that evaded decades of human and automated analysis.

Mozilla engineers emphasize that while the work is not finished, the collaboration has turned a critical corner. As AI-powered vulnerability research becomes widely accessible to defenders, the long-accepted status quo where bringing exploits to zero was considered an unrealistic goal may finally be within reach.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.