How Mozilla used Claude Mythos to find 271 vulnerabilities in Firefox

Mozilla using Claude Mythos Preview discovered and fixed 271 hidden vulnerabilities in Firefox — a record number found by a single AI project. This demonstrates how modern language models are becoming tools for finding critical security defects.

How Mozilla hunted for vulnerabilities

Mozilla used Claude Mythos Preview — a new version of Anthropic's model — to analyze Firefox's source code. Instead of manually checking millions of lines of code, the team developed an approach where AI systematically scans the browser for signs of potential vulnerabilities. The process included several stages. First, AI models, including Claude Mythos, analyzed the codebase and identified suspicious patterns. Then Mozilla's security experts manually verified each candidate. After confirmation, the team reproduced the vulnerability, developed a patch, and coordinated its release. In parallel, other AI models were used for cross-checking.

Why this is a record number

271 vulnerabilities is an enormous number of defects that traditional audit methods could miss for years. Some affected critical browser components: memory handling, network operations, media format parsing. Each one could potentially compromise user security. Mozilla's success shows that AI models can find not just obvious errors, but complex logical defects that require understanding the context of the entire program. This is especially valuable for huge projects like Firefox, where manual auditing of millions of lines of code would take months.

Method for other projects

Mozilla published recommendations for developers who want to apply similar methodology when searching for vulnerabilities:

• Start with critical components, not the full codebase
• Use multiple AI models for cross-checking results
• Always manually verify each found bug
• Coordinate patch releases with the security community
• Document the approach for reproducibility

Key takeaway: combining AI scanning with manual verification by experts is maximally effective. AI finds candidates, humans check and fix. This is exactly how Mozilla managed to find more vulnerabilities in two weeks than in previous years.

What this means

An era is beginning where security becomes more automated and scalable. For Firefox users this means a more secure browser. For developers — an understanding that AI tools are already ready to help in security audits, not just in code generation.