Anthropic's Claude Mythos Preview found 271 unknown vulnerabilities in Firefox 150, some up to 20 years old. Mozilla's agentic pipeline lets the AI write and run its own test cases to verify findings, and will soon check every new code commit automatically.
In a detailed post on the Mozilla Hacks blog, three Firefox developers describe how their team used Claude Mythos Preview to find and fix 271 previously unknown security vulnerabilities in Firefox 150. In total, Mozilla resolved 423 security issues in April - a massive jump from the previous record of just 76 in March. The breakdown makes clear how central Mythos Preview was to that effort: beyond the 271 bugs found in Firefox 150, roughly a third of the remaining 111 internally discovered bugs also came from Mythos runs. The other two-thirds were split between the same pipeline running other models and traditional testing methods like fuzzing. Only 41 of the 423 total vulnerabilities came from external reports.
Just a few months ago, AI-generated bug reports were widely dismissed as useless AI slop - findings that sounded plausible but turned out to be wrong, wasting developers' time on verification. According to the authors, two things changed that: more capable models and better infrastructure for separating real findings from noise.
