Mozilla says its " zero-days are numbered " after identifying 271 security‑sensitive Firefox vulnerabilities using Anthropic's Claude Mythos Preview model.
In security terms, a zero‑day is a vulnerability that developers do not yet know about and therefore have had "zero days" to fix. Mozilla caught this slate of vulnerabilities by having Claude Mythos scan Firefox's codebase ahead of Tuesday's Firefox 150 release , spotting flaws that human reviewers had not yet reported. Engineers then confirmed these issues and wrote patches before the affected code reached general users.
Claude Mythos Preview is an unreleased frontier‑class model that Anthropic is testing under its restricted Project Glasswing program. Mozilla first ran a trial with Anthropic's Claude Opus 4.6 model, which scanned thousands of C++ files and found dozens of security‑relevant reports in Firefox 148. That experiment convinced Mozilla that LLMs can help security teams find real‑world flaws much faster.
According to Mozilla, Mythos did not uncover unknown categories of bugs but did find a large volume of known patterns, especially memory‑safety and logic errors that attackers could probably exploit. Human security engineers still reviewed the findings, validated risk levels, and designed fixes, but the AI mainly accelerated the process and pattern matching across a very large codebase.
Anthropic's own testing and external evaluations suggest that Mythos can generate working exploits for many of the vulnerabilities it discovers.
