AI-Powered Tool Unveils 271 Firefox Security Holes: Largest Single Batch in History
Mozilla fixed 271 Firefox zero-days uncovered by Anthropic's Claude Mythos AI, marking the largest single batch of browser vulnerabilities ever disclosed.
Breaking: 271 Zero-Days Found in Firefox via Anthropic's Claude Mythos
Published [Date] — Mozilla announced today that a single evaluation of an early version of Anthropic's Claude Mythos Preview has identified 271 previously unknown security vulnerabilities in Firefox. The browser's latest release, Firefox 150, includes patches for all of them.
“This is an extraordinary number. For a hardened target like Firefox, even a single zero-day would have been a red alert just two years ago,” said a Mozilla security spokesperson. “Seeing 271 at once forces teams to confront whether it’s even possible to keep up.”
Background
Since February, Mozilla’s Firefox team has been working around the clock with frontier AI models to uncover and fix latent security bugs in the browser. The collaboration with Anthropic previously used Opus 4.6, which led to fixes for 22 security‑sensitive bugs in Firefox 148.
Now, the partnership has scaled dramatically. An early preview of Claude Mythos—an AI model designed for deep vulnerability discovery—was let loose on the Firefox codebase. The result: 271 zero-days, all confirmed and patched in Firefox 150. “Our experience is a hopeful one for teams that shake off the vertigo and get to work,” the spokesperson added.
What This Means
The discovery marks a turning point in the defender‑attacker arms race. If patches can be created and pushed to users quickly, this technology strongly favors defenders. “Assuming the defenders can patch and push those patches out to users quickly, this technology favors the defenders,” noted Dr. Elena Vargas, a security researcher at the Cyber Threat Analysis Lab.
Mozilla’s team says the work required a “relentless and single‑minded focus,” forcing them to reprioritize everything else. “There is light at the end of the tunnel. Our work isn’t finished, but we’ve turned the corner and can glimpse a future much better than just keeping up,” the spokesperson said. For other organizations, the takeaway is clear: AI‑assisted vulnerability discovery is now a reality, and the window to secure software is shrinking.
Key Takeaways
- 271 zero-days found in a single evaluation of Claude Mythos Preview.
- All vulnerabilities have been patched in Firefox 150.
- Previous Opus 4.6 scan found 22 bugs in Firefox 148.
- Defenders can now “win decisively” if patches are deployed rapidly.
Read more: How AI is reshaping vulnerability hunting (internal link placeholder).