Anthropic’s Claude Mythos AI Discovers 271 Firefox Weaknesses — Yes, They’re Very Powerful

For decades, attackers have had the advantage in cybersecurity. And artificial intelligence may be about to change that.

In a Blog post Published on Tuesday, Firefox developer Mozilla said an early release of Anthropic’s Claude Mythos AI — which has drawn attention in recent weeks for its alleged cybersecurity prowess — helped identify 271 vulnerabilities in the browser during internal testing. Those errors were corrected this week.

The findings highlight how advanced AI systems can analyze large code bases and identify vulnerabilities that previously required extensive manual review by human cybersecurity researchers.

“As these capabilities reach the hands of more defenders, many other teams are now experiencing the same vertigo we experienced when they first came into focus,” Mozilla wrote. “For a hardcore target, just one mistake would have been a red flag in 2025, and many of them make you stop to wonder if it’s possible to keep up.”

Mozilla had previously tested another human model that identified 22 security-sensitive bugs in an earlier version of Firefox. Despite these successes, Mozilla acknowledged that the cybersecurity industry has long treated the complete elimination of software exploits as an “unrealistic goal.”

“To date, the industry has largely fought security to break even,” the company wrote. “Vendors of critical Internet-exposed software like Firefox take security very seriously and have teams of people who get out of bed every morning and think about how to keep users safe.”

Mozilla said the new artificial intelligence system can analyze source code and identify vulnerabilities in ways that previously relied on scarce human expertise. However, Mozilla said the company was encouraged to see that no bugs were found that could not have been detected by an “elite human researcher.”

“Some commentators predict that future AI models will reveal completely new forms of vulnerabilities that challenge our current understanding, but we don’t think so,” they said. “Software like Firefox is designed in a modular way so that humans can think about its validity. It’s complex, but not arbitrarily complex.”

However, the results suggest that AI tools can allow developers to uncover a large number of vulnerabilities before attackers exploit them – although conversely, if they fall into the wrong hands, they could pose a major problem for software companies and users alike.

Released in March, Mythos is the most anthropocentric of films advanced A model for thinking, coding, and cybersecurity tasks. The company’s internal materials describe the system as part of a new model layer that goes beyond the company’s previous Opus series.

Testing conducted before the model was released showed that it could identify thousands of previously unknown vulnerabilities across major operating systems and web browsers.

Anthropic has limited access to the system through a restricted program called Glasswing Projectwhich gives selected technology companies – including Amazon, Apple and Microsoft – the ability to use the model to scan software for vulnerabilities. It reflects a growing effort in the cybersecurity industry to use artificial intelligence systems to identify vulnerabilities and patch them before attackers can exploit them.

However, the same technology can also enable new forms of cyberattacks. AI systems capable of analyzing code at scale could automate the discovery of exploitable vulnerabilities across widely used software, security researchers say.

After the launch of Mythos, testing conducted by the AI ​​Security Institute in the UK found that the AI ​​was capable Implement complex independently Cyber ​​operations, including completing a multi-stage corporate network attack simulation without human assistance. These capabilities have caught the attention of governments and intelligence agencies alike.

Despite President Donald Trump’s administration’s call to Stop Using Anthropic technology due to a dispute over its use in matters of war and surveillance, on Monday, the National Security Service open To run Claude Mythos Preview on underground networks, according to sources familiar with the deployment process. The use of Mythos underscores the growing interest among US security agencies in the model’s ability to identify critical software vulnerabilities.

The model’s performance has also revealed the limitations of current AI evaluation systems. Earlier this month, Anthropy I confess Many cybersecurity standards are no longer sufficient to measure the capabilities of their latest models.

Mozilla said the findings indicate a potential shift in cybersecurity, where defenders may begin to close off the long-standing advantage that attackers had.

“We are incredibly proud of how our team has risen to this challenge, and others will too,” Mozilla wrote. “Our work is far from over, but we have turned the corner and can glimpse a future that is much better than just continuing. The Defenders finally have a chance to win, decisively.”

Mozilla did not immediately respond to a request for comment Decryption.