Mozilla reported that Anthropic’s Claude Mythos identified 271 vulnerabilities in the Firefox browser during internal testing. The vulnerabilities were patched by Mozilla within the same week of the announcement.
This discovery underscores the potential of advanced AI systems to analyze extensive codebases and find weaknesses that typically require significant manual effort from human researchers. Mozilla stated that, for a hardened target, just one of the identified bugs would have been a major alert in 2025, raising concerns about the cybersecurity landscape.
Anthropic is limiting access to Claude Mythos to vetted partners through Project Glasswing due to cybersecurity risks. Mozilla expressed confidence in the system’s abilities but noted that complete elimination of software exploits remains an “unrealistic goal” for the industry.
Advanced AI can analyze source code and find vulnerabilities faster than human experts. Earlier tests of another Anthropic model identified 22 security-sensitive bugs in a previous version of Firefox. Mozilla emphasized that no vulnerabilities found by Mythos could not have been identified by a human expert.
Mythos, launched in March, is Anthropic’s most advanced model for reasoning, coding, and cybersecurity tasks. Internal testing indicated that the system can identify thousands of previously unknown vulnerabilities across various platforms.
Access to Claude Mythos is restricted to select tech companies, including Amazon, Apple, and Microsoft, under Project Glasswing. However, researchers warn that such AI capabilities could inadvertently facilitate automated cyberattacks by accelerating the discovery of exploitable vulnerabilities.
Testing by the U.K.’s AI Security Institute revealed that Mythos could autonomously execute complex cyber operations, including corporate network attack simulations without human involvement. The National Security Agency has reportedly deployed Claude Mythos Preview on classified networks, highlighting its utility in identifying critical software vulnerabilities.
Despite previous ethical concerns surrounding Anthropic’s technology, interest from U.S. security agencies indicates a strong demand for AI tools that can enhance cybersecurity measures. Mozilla noted that the results may signal a potential shift in the cybersecurity landscape, suggesting that defenders might close the traditional advantage held by attackers.
Mozilla concluded, “We are extremely proud of how our team rose to meet this challenge, and others will too. Defenders finally have a chance to win, decisively.”








