Anthropic’s Claude Mythos AI Finds 271 Vulnerabilities in Firefox—Sure, It is Critically Highly effective

For many years, attackers have had the benefit in cybersecurity. Synthetic intelligence could also be about to vary that.

In a weblog submit revealed on Tuesday, Firefox browser developer Mozilla mentioned an early model of Anthropic’s Claude Mythos AI—which has drawn consideration in latest weeks for its purported cybersecurity prowess—mannequin helped determine 271 vulnerabilities within the browser throughout inside testing. These bugs had been patched this week.

The outcomes spotlight how superior AI programs can analyze giant codebases and find weaknesses that beforehand required in depth handbook assessment by human cybersecurity researchers.

“As these capabilities attain the palms of extra defenders, many different groups at the moment are experiencing the identical vertigo we did when the findings first got here into focus,” Mozilla wrote. “For a hardened goal, only one such bug would have been red-alert in 2025, and so many directly makes you cease to wonder if it’s even attainable to maintain up.”

Mozilla had earlier examined one other Anthropic mannequin that recognized 22 security-sensitive bugs in a earlier Firefox launch. Regardless of these successes, Mozilla acknowledged that the cybersecurity business has lengthy handled the entire elimination of software program exploits as an “unrealistic objective.”



“Till now, the business has largely fought safety to a draw,” the corporate wrote. “Distributors of essential internet-exposed software program like Firefox take safety extraordinarily severely and have groups of people that get away from bed each morning excited about easy methods to preserve customers protected.”

Mozilla mentioned the brand new AI system can analyze supply code and determine vulnerabilities in ways in which beforehand relied on scarce human experience. Nonetheless, Mozilla mentioned the corporate was inspired to see that no bugs had been discovered that could not have been found by “an elite human researcher.”

“Some commentators predict that future AI fashions will unearth totally new types of vulnerabilities that defy our present comprehension, however we don’t assume so,” they mentioned. “Software program like Firefox is designed in a modular manner for people to have the ability to cause about its correctness. It’s complicated, however not arbitrarily complicated.”

The outcomes, nevertheless, recommend AI instruments may permit builders to uncover giant numbers of vulnerabilities earlier than attackers exploit them—although conversely, within the unsuitable palms, it may spell large bother for software program companies and customers alike.

Launched in March, Mythos is Anthropic’s most superior mannequin for reasoning, coding, and cybersecurity duties. Inner firm supplies describe the system as a part of a brand new mannequin tier past the corporate’s earlier Opus sequence.

Testing performed earlier than the mannequin’s launch confirmed it may determine 1000’s of beforehand unknown vulnerabilities throughout main working programs and internet browsers.

Anthropic has restricted entry to the system by a restricted program known as Challenge Glasswing, which supplies choose expertise corporations—together with Amazon, Apple, and Microsoft—the power to make use of the mannequin to scan software program for weaknesses. It displays a rising effort throughout the cybersecurity business to make use of AI programs to determine and patch vulnerabilities earlier than attackers can exploit them.

Nonetheless, the identical expertise may additionally allow new types of cyberattacks. Safety researchers say AI programs able to analyzing code at scale may automate the invention of exploitable vulnerabilities throughout broadly used software program.

After the launch of Mythos, testing by the U.Okay.’s AI Safety Institute discovered that the AI may autonomously execute complicated cyber operations, together with finishing a multi-stage company community assault simulation with out human help. These capabilities have drawn consideration from governments and intelligence businesses alike.

Regardless of a name from President Donald Trump’s administration to cease utilizing Anthropic’s expertise on account of a conflict over its use in conflict and surveillance issues, on Monday, the Nationwide Safety Company was revealed to be working Claude Mythos Preview on categorized networks, based on sources aware of the deployment. The usage of Mythos underscores the rising curiosity amongst U.S. safety businesses within the mannequin’s potential to determine essential software program vulnerabilities.

The mannequin’s efficiency has additionally uncovered limits in present AI analysis programs. Earlier this month, Anthropic acknowledged that a number of cybersecurity benchmarks are not ample to measure the capabilities of its latest fashions.

Mozilla mentioned the outcomes level to a possible shift in cybersecurity, the place defenders might start to shut the long-standing benefit attackers have held.

“We’re extraordinarily happy with how our workforce rose to fulfill this problem, and others will too,” Mozilla wrote. “Our work isn’t completed, however we’ve turned the nook and may glimpse a future a lot better than simply maintaining. Defenders lastly have an opportunity to win, decisively.”

Mozilla didn’t instantly reply to a request for remark by Decrypt.