Anthropic's Claude Mythos found 271 Firefox vulnerabilities - CTO calls it just as capable as 'elite security researchers'
Anthropic's unreleased Claude Mythos is at the center of a cybersecurity debate. Its coding capabilities are so powerful that in pre-release tests, the model identified thousands of previously unknown vulnerabilities in major operating systems and web browsers. Since then, many have questioned whether the model is truly the future of cybersecurity or simply a normal step forward wrapped in overhype.
Mozilla has now tipped the scales in Anthropic's favor, sharing in the zero-days are numbered blog post that early access to Mythos Preview helped it pre-identify 271 security vulnerabilities in the latest Firefox release. Firefox CTO Bobby Holley added that "in the never-ending battle between cyberattackers and cyberdefenders, defenders finally have a chance to win, decisively."
According to the post, Mythos detected these hundreds of vulnerabilities simply by analyzing unreleased code from the browser's latest version. The post didn't go into detail on the severity of these vulnerabilities, but Holley compared Mythos to earlier AI tools, noting that Anthropic's Claude Opus 4.6 had detected only 22 security bugs when analyzing Firefox 148.
Despite the impressive numbers, Holley made clear that Mythos did not identify any bugs that an elite human researcher couldn't have found. This suggests that AI isn't, at the moment, able to crack cybersecurity protections any better than a person can. He was quick to add, however, that using Mythos saved the company months of costly human effort to find a single bug, and the new AI model is every bit as capable as the world's best security researchers.
"Computers were completely incapable of doing this a few months ago, and now they excel at it," Holley wrote. Speaking to Wired, he added that AI-aided vulnerability analysis is something every software company will need to integrate into its workflow to identify the hundreds of bugs "buried underneath the surface that are now discoverable." While future models may surpass Mythos and catch bugs current versions miss, Holley said he's confident that, at least for Firefox, the early head start has helped round the curve.
But the results also carry a darker implication. Such tools in the wrong hands could enable new forms of cyberattacks and automate the discovery of exploitable vulnerabilities across widely used software at scale. That is likely why Anthropic has restricted access through a program called Project Glasswing, which allows select technology companies, including Amazon, Apple, and Microsoft, to use the model to scan software for weaknesses.