Cybersecurity News Kinetic Potential

Claude Mythos Finds 271 Firefox Vulnerabilities

Thu, 04/23/2026 - 10:37 / 0 Comments

Mozilla says Anthropic’s new cybersecurity-focused Claude Mythos AI model has discovered 271 vulnerabilities in Firefox.

The vulnerabilities, identified with an early version of Claude Mythos Preview, were patched in the popular web browser this week with the release of version 150.

More than 40 CVEs have been addressed in Firefox 150, but only three are credited to Claude in the official advisory: CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.

This indicates that many of the 271 bugs are likely lower-severity issues or flaws that don’t meet the threshold for a public CVE. This can include defense-in-depth issues, hardening, or bugs in non-exploitable code paths.

Mozilla has not shared any information on the type or nature of the vulnerabilities, but has made an important clarification.

“Encouragingly, we also haven’t seen any bugs that couldn’t have been found by an elite human researcher. Some commentators predict that future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension, but we don’t think so,” Firefox CTO Bobby Holley noted.

The fact that Claude Mythos found so many Firefox vulnerabilities is not surprising. When Anthropic released Mythos, the AI giant said the new frontier model can autonomously discover thousands of zero-day vulnerabilities.

That is why the company decided to withhold its public release and instead offer it only to a relatively small number of major organizations through a program called Project Glasswing.

The list of companies in Project Glasswing includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.

Palo Alto Networks has also shared some preliminary data from testing Mythos, saying that in terms of vulnerability discovery it accomplished the equivalent of a year’s worth of pentesting in less than three weeks.

The cybersecurity company also noted that the AI has impressive vulnerability-chaining capabilities, combining medium- and low-severity issues into a critical exploit.

In addition, Mythos can identify logic-based issues that traditional tools may not detect.

“Within six months, advanced AI models with deep cybersecurity capabilities will become commonplace. Organizations that have not put appropriate safeguards in place will face an entirely new class of risk across their enterprise and critical infrastructure,” said Lee Klarich, chief product and technology officer at Palo Alto Networks.

Klarich pointed out that similar advances will likely come from other AI companies and the models may not be as restricted as Mythos.

In addition, there are already some reports of Mythos being accessed by unauthorized users.

This article was published by Security Week. Please check their website for the original content.

Add new comment

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.
CAPTCHA This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
7 + 8 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.

Share The Story


Stay informed - subscribe to our newsletter.
The subscriber's email address.

Recent Posts