271 Zero-Day Flaws Found in Firefox via Advanced AI – A Record Security Haul
Claude Mythos AI found 271 zero-days in Firefox, patched in version 150. Marks paradigm shift in defensive cybersecurity.
February 2025 – Mozilla has announced that an early version of Anthropic's Claude Mythos AI discovered and helped fix 271 zero-day vulnerabilities in Firefox, the highest single sweep of critical bugs in the browser's history. The flaws, all classified as latent security holes, have been patched in the Firefox 150 update released this week.
The findings stem from a collaboration between Mozilla and Anthropic that began in late 2024. In a previous phase, the Frontier AI model Opus 4.6 identified 22 security-sensitive bugs that were fixed in Firefox 148. The new results from the Claude Mythos preview represent a dramatic escalation in both scale and severity.
“For a hardened target like Firefox, even one such bug would have been a red-alert in 2025,” said a Mozilla security spokesperson. “Seeing 271 at once makes you question whether it’s even possible to keep up – but our team did.”
Background
Claude Mythos is the latest iteration of Anthropic’s large language model, fine-tuned specifically for cybersecurity tasks. It can analyze millions of lines of source code and identify subtle, previously unknown vulnerabilities that traditional scanners miss.
The AI was given early access to Firefox’s codebase as part of a defensive trial. Mozilla engineers then validated and categorized each finding, prioritizing the most severe issues for immediate patching. The process took less than three months from discovery to release.
What This Means
This breakthrough signals a fundamental shift in the balance between attackers and defenders. Until now, zero-day vulnerabilities were typically found and exploited by malicious actors. With AI-powered tools like Claude Mythos, defenders can proactively scan their own software at unprecedented speed and depth.
“Speed of patching is everything,” the Mozilla spokesperson added. “If defenders can find and fix bugs before attackers weaponize them, we finally have a chance to win decisively.”
The results also raise questions about the broader software industry. Mozilla’s experience suggests that similar scans on other major browsers, operating systems, or critical infrastructure could reveal thousands of hidden flaws. Teams that embrace this technology will need to reprioritize and maintain relentless focus to realize the benefits.
Mozilla plans to continue using Claude Mythos and share its methodology with the open-source community. The company hopes other developers will replicate the approach, turning the vertigo of discovery into a systematic advantage.
For more details on the previous Opus 4.6 findings, see the Background section.