Mozilla fixed 271 Firefox bugs that Claude Mythos found. Its own tests caught 22.

Mozilla shipped Firefox 150 on Monday with fixes for 271 security vulnerabilities surfaced by Anthropic’s Claude Mythos Preview. That’s more than 12x the 22 bugs the same collaboration fixed in Firefox 148 using the older Opus 4.6 model. It’s also the largest single-release security patch in Firefox’s history.

What we know

• 271 vulnerabilities, one release. Mozilla folded the bug drop into Firefox 150, staged over the past few weeks. The prior run, on Opus 4.6 against Firefox 148, returned 22. Same team, same process, different model.
• All caught by Claude Mythos Preview. Mozilla accessed the unreleased model through Project Glasswing, Anthropic’s invite-only cyber-defense program. The program also counts Amazon, Apple, and Microsoft as early partners.
• Bobby Holley is quotable. Mozilla’s CTO told The Register the team hit “vertigo” at the sheer count and asked, internally, whether “it’s even possible to keep up.” His stronger line: “So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t.”
• No new bug classes, per Mozilla. Holley noted in the Mozilla blog post that “we also haven’t seen any bugs that couldn’t have been found by an elite human researcher.” In other words, Mythos is faster, not smarter. Everything it surfaced was theoretically findable by a top security team given enough time.
• Firefox users should update. All 271 fixes are in 150 as of Monday. Browser auto-update should have pulled it by now on default settings.

What we don’t know

• Severity breakdown. Mozilla hasn’t published how many of the 271 are critical vs high vs medium. Given Firefox’s normal CVE distribution, a material share are probably use-after-free and bounds-check issues rather than high-impact sandbox escapes, but Mozilla’s post keeps that detail vague.
• Which parts of the code. No word on whether Mythos focused on the JavaScript engine, the rendering pipeline, networking, the WebGPU stack, or some mix. Those codebases have very different attack surfaces.
• How the pipeline actually runs. Mozilla describes it as applying Mythos to the codebase, but hasn’t published methodology, prompting strategy, or how triage worked. The Engadget writeup doesn’t fill the gap either.
• How much human time it saved. A 271-to-22 jump sounds decisive, but the Opus 4.6 run also took a set of weeks, and triage/reproduction time is the actual cost in a security workflow.
• Whether attackers have the same tool. Mythos is restricted. Opus 4.7 is public. The gap between what Glasswing partners can run and what a well-funded offensive team can approximate with 4.7 is the question that should keep Mozilla up at night.

How Mythos got into Firefox

This is the second Firefox release built on Anthropic’s restricted model. Anthropic has held Mythos Preview back from the standard Claude product because the company argues its cyber capabilities are too dangerous for broad release. Project Glasswing is the narrow door: a hand-picked set of companies that get to use Mythos for defensive work, under contract.

Last week we covered the other side of that door: the NSA is on the Glasswing list, even as the Department of Defense has separately labeled Anthropic a supply-chain risk. Mozilla’s 271-bug haul is the cleanest success story Glasswing has produced in public. The NSA’s use of the same model is the messier one.

The Register’s framing is the right one to hold: Mythos doubled the ceiling on how many bugs a single code-review pass can surface, but it hasn’t yet surfaced a vulnerability class that human researchers couldn’t. That’s a speed and scale story, not a capabilities-jump story. For now.

What this means for you

Update Firefox. Seriously, that’s the short version. Firefox 150 closes 271 security holes that an AI model can, in principle, rediscover; the asymmetry between “Mozilla patched it” and “you haven’t restarted your browser” is the attack surface right now. If you’re running Firefox ESR at work, confirm your release train includes the 150-series backports.

For everyone else: the interesting number here isn’t 271, it’s 12x. That’s the multiplier Mythos Preview gets over the prior-generation Opus 4.6 on the same codebase, with the same team. If that multiplier holds on other large C++ codebases (Chromium, WebKit, the Linux kernel), we’re about to see a very lumpy few months of security releases from every major OSS project with a Glasswing seat. And we’re going to have a harder argument about what happens when the model that produced the 12x jump isn’t restricted anymore. If you maintain a security-sensitive OSS project, the question to start planning for is how your triage pipeline handles a 10x increase in incoming bug reports, because that’s the shape of the next twelve months.