Mozilla announced last week that Claude Mythos Preview, Anthropic's new cybersecurity-focused model, found 271 vulnerabilities in Firefox and that all of them are patched in Firefox 150. Both companies framed it as a structural win for defenders. Mozilla CTO Bobby Holley said the model is every bit as capable as the world's best security researchers. Anthropic published the result alongside its Project Glasswing announcement and Mozilla put out a blog post under the headline that the zero-days are numbered.
The 271 figure does most of the work in the press cycle. Mozilla's own security advisory MFSA 2026-30 lists 41 CVEs. The 271 number represents discrete code defects identified by Mythos during evaluation, many of which were bundled into those 41 entries, and a sizeable portion of which were hardening fixes and defense-in-depth issues that did not meet the threshold for a public CVE. That is not nothing. It is also not 271 separately exploitable zero-days, which is the impression the headline number is built to give.
The bugs Mythos did find include genuine memory safety problems. Use-after-free vulnerabilities in DOM and WebRTC are the same family of flaws that browser exploitation has been built on for the last twenty years. An earlier evaluation pass with Claude Opus 4.6 on Firefox 148 found 22 bugs, fourteen of them high severity, which Mozilla noted was close to a fifth of all high-severity Firefox flaws fixed in 2025. The Mythos run is roughly twelve times that count by Mozilla's own framing. The capability is real even with the headline number deflated.
One detail in Anthropic's own announcement got far less attention than the 271. On the same day Project Glasswing went public, unauthorized users gained access to Mythos Preview by guessing the model's URL through a third-party vendor environment. Anthropic said it was investigating. The leak does not change what Mozilla shipped in Firefox 150. It changes how to read what the partnership demonstrated. A model that can find and exploit memory safety bugs at scale was already accessible to whoever could guess a URL on a vendor's infrastructure before the partnership had been announced to the public.
Within Firefox's JavaScript shell, Mythos turned 72.4 percent of identified vulnerabilities into successful exploits and reached register control in another 11.6 percent of attempts. A model that finds bugs at human-researcher quality and converts most of them to working exploits without human intervention is a deployment race. Whoever runs it first against a target gets the result first. The 271 is downstream of that capability, and so is whether the result lands as a coordinated patch or as a working exploit in the wild.
Mozilla won this round because they were inside Anthropic's partnership program. That access is what allowed the 22 bugs from Opus 4.6 to land in Firefox 148, and the larger Mythos batch to land in 150. The same access did not exist for OpenBSD, FFmpeg, or FreeBSD, which is why Mythos was used to surface a 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and a 17-year-old vulnerability in FreeBSD as part of the announcement instead of as part of a coordinated patch cycle. Those projects do not have a Mozilla-Anthropic relationship. They got the announcement.
Holley said in the same blog post that Mozilla has not seen any bugs that could not have been found by an elite human researcher. David Shipley at Beauceron Security said the same thing more bluntly. Nothing Mythos found could not have been found by a skilled human. It is just finding a lot of stuff that was missed. The capability is faster, cheaper, more thorough. Not novel.
Mozilla's framing that defenders have finally been handed a decisive win assumes every defender will get the same access at the same time as every attacker. The URL leak suggests that assumption is already wrong on the offensive side. The OpenBSD, FFmpeg, and FreeBSD examples suggest it is also wrong on the defensive side. Firefox 150 is a real result. The 271 is a press number. Whoever runs the next instance of Mythos against the next browser will get the result first, and whether the maintainers find out from a coordinated patch or from a working exploit in the wild depends on who that is.
Blackout VPN exists because privacy is a right. Your first name is too much information for us.
Keep learning
FAQ
What is Claude Mythos
Claude Mythos is a cybersecurity-focused AI model from Anthropic. Mozilla applied an early version, Mythos Preview, to Firefox in partnership with Anthropic, and Firefox 150 includes the resulting fixes.
Are there really 271 zero-days in Firefox
Mozilla's official security advisory MFSA 2026-30 lists 41 CVEs. The 271 figure represents discrete code defects found by Mythos during evaluation, many of which were bundled into the 41 CVEs, with a sizeable portion classed as hardening or defense-in-depth fixes that do not meet the bar for a public CVE.
What kinds of bugs did Mythos find
The serious ones include use-after-free vulnerabilities in DOM and WebRTC components. These are memory safety issues in the same category that browser exploitation has relied on for two decades.
What was the third-party vendor incident
On the same day Anthropic announced Project Glasswing, unauthorized users gained access to Mythos Preview by guessing the model's URL on a third-party vendor environment. Anthropic said it was investigating.
Does this favour defenders or attackers
Mozilla framed it as a defender win. The capability favours whoever runs the model first against a target. Mozilla had partnership access. Most other projects do not.