Mozilla Used Claude Mythos Preview to Find 423 Firefox Bugs Nobody Caught for Years
Mozilla has revealed something that should make every software developer sit up straight. The nonprofit behind the Firefox browser used Claude Mythos Preview, an unreleased AI model from Anthropic, to hunt for security vulnerabilities, and the results were staggering.
The AI model discovered hundreds of issues, including at least one that had survived for 20 years, and went completely undetected by the standard security testing tools commonly used to break software.
In total, Mozilla’s AI-assisted effort contributed to fixes for 423 security bugs shipped in the April releases of Firefox, with 271 of those issues specifically tied to Claude Mythos Preview. To put that in context, Mozilla made just 25 bug fixes in January, and 76 in March.
Mozilla engineers described the scale of discovery as vertigo-inducing, noting that for a hardened target like Firefox, even a single such bug would have been a red-alert situation in 2025.
What makes this more remarkable is the quality of the findings. Engineers reported almost no false positives after combining Claude Mythos Preview with custom orchestration and filtering tools the team developed to steer and verify model output. Earlier AI models used for similar tasks were described by Mozilla as producing “unwanted slop”, where suggestions sounded plausible but turned out to be wrong. That problem appears to have been solved.
One of the 12 sampled bugs detailed by Mozilla was a 15-year-old flaw in the HTML legend element, triggered by a precise orchestration of edge cases across distant parts of the browser’s codebase.
Despite the scale of what was found, Mozilla said it was encouraged that none of the bugs uncovered were beyond what an elite human researcher could have discovered. The company pushed back on predictions that future AI models would unearth entirely new classes of vulnerabilities beyond human comprehension, arguing that software like Firefox is built for human reasoning.
Claude Mythos Preview is not available for general public use. Anthropic has instead been working with a curated group of partners, including Amazon Web Services, Apple, Google, Microsoft, and Nvidia, under an initiative called Project Glasswing, to help secure critical software before vulnerabilities can be exploited.
The model has also attracted significant attention from government bodies. The National Security Agency was reported to be running Claude Mythos Preview on classified networks, underscoring the growing interest from U.S. security agencies in the model’s capabilities.
The Firefox findings are a clear signal that AI-powered security scanning is no longer theoretical. The bigger question now is whether the software industry can keep pace with what these tools are uncovering.
