Mozilla Reports Anthropic's Mythos Preview Found 271 Firefox Vulnerabilities, Far Exceeding Prior Model

Mozilla released Firefox 150 this week after granting Anthropic limited access to its Mythos Preview model. The company said the model was so effective at spotting flaws that it was initially shared only with critical industry partners. The move sparked debate over whether such AI tools herald a new era of automated hacking or simply reflect incremental progress.

Mythos Preview uncovered 271 vulnerabilities in the pre‑release code of Firefox 150. By contrast, Opus 4.6 detected only 22 security‑sensitive bugs in Firefox 148 the previous month. Bobby Holley, Firefox CTO, stated that defenders "finally have a chance to win decisively" in the ongoing attacker‑defender struggle. He noted that many of the flaws could have been found via traditional fuzzing or expert manual review, but Mythos eliminated months of costly human effort for each discovery.

The scale of vulnerabilities found suggests AI‑assisted static analysis can accelerate defect detection in large codebases like Firefox. Defenders should prioritize integrating similar AI‑driven scanning tools into their CI/CD pipelines to catch issues earlier. Immediate steps include: applying the latest Firefox 150 update, enabling automatic updates, reviewing Mozilla’s security advisory MFSA2024‑XX for any disclosed CVEs, and monitoring for exploit attempts using MITRE ATT&CK technique T1190 (Exploit Public-Facing Application). Organizations should also consider adopting static application security testing (SAST) solutions that incorporate language‑model‑based analysis to reduce reliance on manual fuzzing.