Mozilla identified 271 security vulnerabilities in Firefox using an advanced AI system developed by Anthropic. The result signals a step change in how quickly large-scale software audits can be conducted across critical internet infrastructure.
The findings emerged from internal testing using Anthropic’s Claude Mythos model, launched in March for advanced reasoning and code analysis tasks. Mozilla said the system scanned Firefox’s codebase and flagged weaknesses that would typically require extensive manual review by specialized security researchers. Earlier tests with a prior model version had identified 22 vulnerabilities in a previous Firefox release.
Bobby Holley
Can AI Close The Cybersecurity Gap With Attackers?
The results arrive as cybersecurity teams face increasing pressure from state-linked attacks and automated exploitation tools. According to Mozilla, even hardened systems like Firefox can now be examined at a depth and speed previously unattainable. Comparable advances suggest AI-assisted audits could scale across operating systems and enterprise software, where thousands of latent vulnerabilities may remain undiscovered.
“For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it’s even possible to keep up,” Mozilla said.
The company added that while AI accelerates discovery, the vulnerabilities identified were still within the reach of top-tier human researchers. Anthropic noted its latest models could detect thousands of unknown flaws during pre-release testing.
Still, the same capabilities introduce new risks. Security researchers warn that AI systems capable of scanning code at scale could also be deployed offensively, automating exploit discovery across widely used platforms. Testing by the U.K.’s AI Security Institute showed the model could execute complex cyber operations, including multi-stage network attack simulations without human input.
But could widespread adoption of such systems shift the balance toward defenders for the first time? The next phase will depend on how governments and enterprises deploy these tools, with early signals including reported use of Claude Mythos Preview on classified U.S. networks and expanded access through Anthropic’s Project Glasswing initiative.
