Mozilla says it has fixed 271 previously unknown security vulnerabilities in Firefox 150 after testing an experimental AI model from Anthropic, marking a dramatic escalation in AI-assisted bug discovery.
The announcement by Bobby Holley, a senior staff engineer on the Firefox team, details Mozilla’s ongoing collaboration with Anthropic to apply advanced language models to browser security. The latest findings stem from early access to Claude Mythos Preview, a frontier AI system that Mozilla used to analyze Firefox’s codebase for latent flaws.
This work builds directly on earlier experiments with Anthropic’s Claude Opus 4.6 model, which identified 22 security-sensitive bugs during a two-week testing period earlier this year. In contrast, the Mythos Preview evaluation uncovered an order of magnitude more issues, 271 vulnerabilities, which were all addressed in this week’s release of Firefox 150.
According to Holley, the vulnerabilities were identified through AI-driven static analysis of Firefox’s source code, something that, until recently, required highly specialized human expertise. While traditional techniques like fuzzing remain effective, they often yield uneven coverage, particularly in complex or less frequently executed code. In contrast, the new AI models can reason about program logic in ways similar to elite human researchers, enabling them to uncover subtle bugs that automated tools historically missed.
The vulnerabilities discovered by Mythos Preview span a wide range of Firefox components and bug classes, though Mozilla did not publish a full technical breakdown.
Holley noted that the scale of findings initially caused concern within the team, as even a single critical vulnerability would typically trigger a high-priority response. Discovering hundreds at once forced Mozilla engineers to reprioritize their work and focus almost exclusively on remediation.
Historically, browser security has been “offense-dominant,” meaning attackers only need to find a single exploitable flaw, while defenders must secure a vast and complex codebase. Mozilla believes AI could close this gap by enabling defenders to discover vulnerabilities faster and more cheaply, reducing the asymmetry that has long favored attackers.
Notably, Mozilla stated that the AI did not uncover entirely new classes of vulnerabilities beyond human understanding. Instead, the model demonstrated the ability to consistently find the same types of flaws that expert researchers would, but at a significantly greater scale and speed. This suggests that, rather than introducing unknown risks, AI could help exhaust the finite pool of existing software defects over time.
Users are advised to update to Firefox 150, as it contains fixes for hundreds of security issues that could potentially be exploited in the wild. More broadly, Mozilla’s findings indicate that AI-assisted security auditing is rapidly becoming a core part of modern software defense.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
