Anthropic’s Claude Mythos AI Finds 271 Vulnerabilities in Firefox—Yes, It’s Seriously Powerful

For many years, attackers have had the benefit in cybersecurity. Synthetic intelligence could also be about to vary that.

In a weblog submit revealed on Tuesday, Firefox browser developer Mozilla mentioned an early model of Anthropic’s Claude Mythos AI—which has drawn consideration in latest weeks for its purported cybersecurity prowess—mannequin helped establish 271 vulnerabilities within the browser throughout inner testing. These bugs have been patched this week.

The outcomes spotlight how superior AI techniques can analyze massive codebases and find weaknesses that beforehand required intensive handbook overview by human cybersecurity researchers.

“As these capabilities attain the fingers of extra defenders, many different groups are actually experiencing the identical vertigo we did when the findings first got here into focus,” Mozilla wrote. “For a hardened goal, only one such bug would have been red-alert in 2025, and so many without delay makes you cease to wonder if it’s even doable to maintain up.”

Mozilla had earlier examined one other Anthropic mannequin that recognized 22 security-sensitive bugs in a earlier Firefox launch. Regardless of these successes, Mozilla acknowledged that the cybersecurity business has lengthy handled the whole elimination of software program exploits as an “unrealistic purpose.”

]]>

“Till now, the business has largely fought safety to a draw,” the corporate wrote. “Distributors of essential internet-exposed software program like Firefox take safety extraordinarily critically and have groups of people that get off the bed each morning eager about the right way to hold customers secure.”

Mozilla mentioned the brand new AI system can analyze supply code and establish vulnerabilities in ways in which beforehand relied on scarce human experience. Nonetheless, Mozilla mentioned the corporate was inspired to see that no bugs have been discovered that could not have been found by “an elite human researcher.”

“Some commentators predict that future AI fashions will unearth solely new types of vulnerabilities that defy our present comprehension, however we don’t suppose so,” they mentioned. “Software program like Firefox is designed in a modular method for people to have the ability to purpose about its correctness. It’s advanced, however not arbitrarily advanced.”

The outcomes, nevertheless, recommend AI instruments might enable builders to uncover massive numbers of vulnerabilities earlier than attackers exploit them—although conversely, within the fallacious fingers, it might spell large bother for software program corporations and customers alike.

Launched in March, Mythos is Anthropic’s most superior mannequin for reasoning, coding, and cybersecurity duties. Inner firm supplies describe the system as a part of a brand new mannequin tier past the corporate’s earlier Opus sequence.

Testing carried out earlier than the mannequin’s launch confirmed it might establish hundreds of beforehand unknown vulnerabilities throughout main working techniques and net browsers.

Anthropic has restricted entry to the system by way of a restricted program referred to as Mission Glasswing, which supplies choose expertise corporations—together with Amazon, Apple, and Microsoft—the power to make use of the mannequin to scan software program for weaknesses. It displays a rising effort inside the cybersecurity business to make use of AI techniques to establish and patch vulnerabilities earlier than attackers can exploit them.

Nonetheless, the identical expertise might additionally allow new types of cyberattacks. Safety researchers say AI techniques able to analyzing code at scale might automate the invention of exploitable vulnerabilities throughout broadly used software program.

After the launch of Mythos, testing by the U.Ok.’s AI Safety Institute discovered that the AI might autonomously execute advanced cyber operations, together with finishing a multi-stage company community assault simulation with out human help. These capabilities have drawn consideration from governments and intelligence companies alike.

Regardless of a name from President Donald Trump’s administration to cease utilizing Anthropic’s expertise as a result of a conflict over its use in battle and surveillance issues, on Monday, the Nationwide Safety Company was revealed to be operating Claude Mythos Preview on categorized networks, in response to sources conversant in the deployment. The usage of Mythos underscores the rising curiosity amongst U.S. safety companies within the mannequin’s potential to establish essential software program vulnerabilities.

The mannequin’s efficiency has additionally uncovered limits in present AI analysis techniques. Earlier this month, Anthropic acknowledged that a number of cybersecurity benchmarks are not enough to measure the capabilities of its latest fashions.

Mozilla mentioned the outcomes level to a possible shift in cybersecurity, the place defenders might start to shut the long-standing benefit attackers have held.

“We’re extraordinarily happy with how our staff rose to fulfill this problem, and others will too,” Mozilla wrote. “Our work isn’t completed, however we’ve turned the nook and might glimpse a future a lot better than simply maintaining. Defenders lastly have an opportunity to win, decisively.”

Mozilla didn’t instantly reply to a request for remark by Decrypt.