MOZILLA says Anthropic’s new cybersecurity-focused Claude Mythos AI model has discovered 271 vulnerabilities in Firefox, all of which were patched with the release of version 150. According to Mozilla, more than 40 CVEs have been addressed in Firefox 150, but only three are credited to Claude in the official advisory: CVE-2026-6746, CVE-2026-6757, and CVE-2026-6758.
This indicates that many of the 271 bugs are likely lower-severity issues or flaws that don’t meet the threshold for a public CVE, such as defense-in-depth or non-exploitable code-paths. Mozilla has not shared information on the type or nature of the vulnerabilities, but Firefox CTO Bobby Holley notes that none of the bugs could not have been found by an elite human researcher.
The story follows Anthropic’s earlier claim that Mythos can autonomously discover thousands of zero-day vulnerabilities, with Project Glasswing restricting public release to a select group of organisations, including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.