Mozilla Uses Anthropic’s Claude Mythos Preview To Fix 271 Firefox Vulnerabilities In Release 150

Mozilla says it used an early version of Anthropic’s Claude Mythos Preview to scan Firefox source code and that fixes for 271 vulnerabilities were included in the Firefox 150 release.

“The disbelief was palpable when Mozilla’s CTO last month declared that AI-assisted vulnerability detection meant “zero-days are numbered” and “defenders finally have a chance to win, decisively”

Ars Technica

Mozilla also said its earlier collaboration with Anthropic using Opus 4.6 led to fixes for 22 security-sensitive bugs in Firefox 148.

Ars Technica

Ars Technica reports that Mozilla’s engineers traced the “finally ready-for-prime-time breakthrough” to two factors: “improvement in the models themselves” and Mozilla’s custom harness that supported Mythos as it analyzed Firefox source code.

The Ars Technica account says Mozilla’s work with Mythos was designed to avoid the “unwanted slop” seen in earlier AI-assisted vulnerability detection, where models produced plausible bug reports that humans later found to include hallucinated details.

Mozilla’s CTO had declared that AI-assisted vulnerability detection meant “zero-days are numbered” and “defenders finally have a chance to win, decisively,” and Ars Technica framed Mozilla’s new disclosure as a response to skepticism.

Ars Technica says Mozilla engineers described Mythos as working through a custom agent harness that “wraps around an LLM to guide it through a series of specific tasks.”

Latest news from Azerbaijan

In the Ars Technica description, the harness gives the model instructions like “find a bug in this file,” provides tools such as allowing it to read/write files and evaluate test cases, and then runs in a loop until completion.

Help Net Security, as summarized in the other source, quotes Mozilla engineer Grinstead on validation, saying the pipeline is “extremely reliable at filtering out false positives, so long as you have a clearly defined success condition to validate against.”

The Azerbaijan report says Mozilla told researchers that Mythos unearthed a wealth of high-severity bugs, including some that had lain dormant in the code for more than a decade, and it links the change to agentic systems that can assess their own work and filter out bad results.

“Mozilla wrote on its blog that it used an early version of Anthropic's Claude Mythos Preview to scan Firefox and that fixes for 271 vulnerabilities were included in the Firefox 150 release”

Let's Data Science

That same report says Firefox shipped 423 bug fixes in April 2026 compared to just 31 exactly a year earlier, and it notes that Mozilla’s researchers published details on 12 of the bugs.

The Azerbaijan report also quotes Brian Grinstead saying “It’s useful for both attackers and defenders, but having the tool available shifts the advantage a little bit to defense,” and it adds that “Realistically, nobody knows the answer to this yet.”

In the Ars Technica account, Mozilla’s engineers describe the harness as requiring customization and resources to guide the model through project-specific semantics and tooling, and they say the approach differs from earlier AI detection that produced hallucinated details at scale.