Claude Mythos Has Found 271 Zero-Days in Firefox

That’s a lot. No, it’s an extraordinary number:

Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our collaboration with Anthropic to scan Firefox with Opus 4.6, which led to fixes for 22 security-sensitive bugs in Firefox 148.

As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.

As these capabilities reach the hands of more defenders, many other teams are now experiencing the same vertigo we did when the findings first came into focus. For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it’s even possible to keep up.

Our experience is a hopeful one for teams who shake off the vertigo and get to work. You may need to reprioritize everything else to bring relentless and single-minded focus to the task, but there is light at the end of the tunnel. We are extremely proud of how our team rose to meet this challenge, and others will too. Our work isn’t finished, but we’ve turned the corner and can glimpse a future much better than just keeping up. Defenders finally have a chance to win, decisively.

They’re right. Assuming the defenders can patch, and push those patches out to users quickly, this technology favors the defenders.

News article.

Tags: , ,

Posted on April 29, 2026 at 6:12 AM26 Comments

Comments

Ismar April 29, 2026 6:44 AM

Hmmm, how many of those vulnerabilities are actually exploitable by those outside the few nation-level attackers who can already do this with using Mythos?

Anonymous April 29, 2026 6:52 AM

271 zero days! It’s not enough to “just” fix the code anymore. The coders responsible for introducing the zero days need to be fired and blacklisted on suspicion of sabotage.

hello again April 29, 2026 7:34 AM

This post made me realize that I had not bothered to update Firefox for Android. The date on the patch was April 15th. This is what the patch notes said.

Behind-the-scenes updates to keep your browsing steady, smooth, and responsive.

Thanks for the information!

Clive Robinson April 29, 2026 7:55 AM

@ Bruce, ALL,

Maybe we should look a little closer at the article when it says,

“This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.”

Before making claims… Because that’s effectively “diplomatic double speak” being deployed…

That last part of,

“identified during this initial evaluation”

Tells us that those “271 vulnerabilities” are in effect a “low water mark”, from “the first run” of the tool against the code base…

Or to put it another way,

“An initial discovery of 271 vulnerabilities with probably more to come from later runs of the tooi…

Miguel Farah April 29, 2026 8:36 AM

That a security-focused audit (AI or not) found this many bugs speaks of poor quality source code and an extremely shallow (or non-existing?) code review process. This is impressive… but not for the same reasons.

I wonder whether a “regular” code audit would have found a similar amount of problems, and I also wonder what was the “raw” number of observations made, before discarding out the false positives down to the 271 confirmed ones.

the love the love the love illusion April 29, 2026 9:40 AM

It’s clear, use the Dillo browser.

Dillo is a fast and small graphical web browser with the following features:

  • Multi-platform, running on Linux, BSD, MacOS, Windows (via Cygwin) and even Atari.
  • Written in C and C++ with few dependencies.
  • Implements its own real-time rendering engine.
  • Low memory usage and fast rendering, even with large pages.
  • Uses the fast and bloat-free FLTK GUI library.
  • Support for HTTP, HTTPS, FTP and local files.
  • Extensible with plugins written in any language (see the list of plugins).
  • Is free software licensed with the GPLv3.
  • Helps authors to comply with web standards by using the bug meter Bugmeter icon.

James April 29, 2026 9:54 AM

“271 zero days! It’s not enough to “just” fix the code anymore. The coders responsible for introducing the zero days need to be fired and blacklisted on suspicion of sabotage.”

Have you even written a line of code?

No?… didn’t think so.

Winter April 29, 2026 10:12 AM

@the love the love the love illusion

It’s clear, use the Dillo browser.

Dillon is indeed a great browser. However, it is sadly next to useless on 90% of websites.

_+_+_+_+ April 29, 2026 10:21 AM

I watched a snail crawl along the edge of a straight razor. This is my dream; this is my nightmare. Crawling, slithering, along the edge of a straight razor, and surviving.

huffin paint for chicks n trix April 29, 2026 10:25 AM

@James

“Have you even written a line of code?”

I’ve snorted a lot of lines, does that count?

What does the shaky squirrel say to the curious sea lion who bathes in the fresh blue urine of the muskrat every evening?

Do you understand, can you understand the processes behind the obliteration of the jewel encrusted forehead?

My eyes see without seeing, my feet dance without dancing. I prance upon packets of mustard at noon.

For it is the turd, carefully squeezed, which sits at the base of the spine, unblemished.

Morley April 29, 2026 11:30 AM

The most dangerous part of AI is that it wears away the ability to discern truth, even for people who are looking closely. I’m getting exhausted trying to read through the marketing hype. It’s tempting to just pick a side and assume things.

CdrJameson April 29, 2026 11:42 AM

And are they looking at these fixed bugs to see how they can change their development process to make it impossible for similar bugs to happen again? Otherwise you’ll just be patching something similar again next month.

DBA April 29, 2026 12:32 PM

@Ed25519:

That is a very interesting paper! Basically pretty much pure marketing hype when the two well-known and fixed exploits are removed. That link should be attached to every mention of Anthropic’s claims.

Dave April 29, 2026 2:04 PM

@Dave Brown

The problem is that @Bruce headline is wrong. Mythos didn’t find 271 zero days, it found 271 “vulnerabilities” most of which were not zero days.

Note too this important cavet in the missive from FF,

There’s a risk that codebases begin to surpass human comprehension as a result of more AI in the development process, scaling bug complexity along with (or perhaps faster than) discovery capability. Human-comprehensibility is an essential property to maintain, especially in critical software like browsers and operating systems.

In other words, vibe coding is bad for security because it favors attackers over defenders.

lurker April 29, 2026 2:40 PM

@the love illusion

I have used Dillo. It does what it says on the box, nothing less, nothing more. and that’s the problem,

Helps authors to comply with web standards by using the bug meter Bugmeter icon.

Why should authors do anything to satisfy the users of a browser with way less than 1% market share? Years ago I used to smugly put the W3C approval tick on my pages, knowing that IE would screw it up. Until I started getting complaints from higher up my chain of command.

Nowadays it’s all about monetizing the web, we’ve gone way beyond dancing gerbils. So to view those pages requires a browser that monetizes the web, e.g. Firefox (Chrome, Safari, &c.). And monetizing the web requires a humongous pile of junk code that humans seem no longer capable of keeping clean and sane.

BCS April 29, 2026 3:07 PM

Defense can only win where clients favor defense.

That said, clients that favor “defense at all costs” just won’t use the product at all, so there has to be, and should be, some balance of interests going on.

Clive Robinson April 29, 2026 3:14 PM

@ Ed25519, ALL,

You say,

“A buddy of mine shared this article with me. A pretty good critique of these findings. Turns out its a bit more marketing fluff than we typically like to see.”

But do not mention it’s from “Davi Ottenheimer” a well respected researcher, who has been around atleast as long as our host @Bruce, and used to be a regular poster here.

You can look up the rest of his C.V. but I would say his word is sufficient to cause you to “pause for thought” on the issue he is raising.

However note that I tend to fall on his side of the fence, in that I see little of actual worth in “General LLM and ML AI systems” having played with AI and Fuzzy logic from back in the 1980’s I know that there is “some potential” in these AI systems, but only in highly niche areas, that mostly do not justify the cost, and finding “NEW” “Unknown Unknowns” is currently most definitely not one of them and humans for all their limitations are well ahead even on finding variations on “Known Knowns” that are also better found at considerably less resource use by “fuzzing systems” currently.

Davi however does cut through a lot of “nonsense noise” stirred up in the MSM and trade press that generally brings out the “idiot” in politicians… And it is this “idiot” that is perhaps the most dangerous to society. Way more so than even AI with physical agency.

But he also notes that (mis)Anthropic is most likely to gain great advantage from the “idiot” behaviour, not just now but long into the future.

In the past I’ve made the point that the “political idiot” behaviour almost always leads to at best “poor overly broad in scope legislation and regulation” that then gets abused.

(Mis)Anthropic is certainly positioning not just it’s self but the entire US based LLM and ML System current AI failings into a “position of primacy” that can then be escalated against all other AI research in the world.

It will be a re-run of the US DMCA 1201 harm pushed by Idiots in the Obama era into every trade negotiation that sovereign nations stupidly fell in line with.

It’s something our host @Bruce’s old friend Cory Doctorow has a “bee under his bonnet about” and very justifiably so.

So yup I’d pay attention to what Davi is saying, I suspect his shots are falling very close to the target centrum.

r April 29, 2026 5:12 PM

cool story bro, now target another high-consumable platform like a samsung or lg television os.

did i say the following here or somewhere else? i think CISA/NIST are required by the us constitution.

Ed25518 1/2 April 30, 2026 12:43 AM

A buddy of mine shared this article with me. A pretty good critique of these findings. Turns out its a bit more marketing fluff than we typically like to see.
https://www.flyingpenguin.com/the-boy-that-cried-mythos-verification-is-collapsing-trust-in-anthropic/

I was going to post the same link, and there’s several more like that, including ones where people used open-source models to find the same vulns. The whole thing has been carefully stage-managed to sell Mythos, or at least to sell Anthropic in their upcoming IPO, so who knows what the real story is. They’re now valued at $1T and can easily gloss over the letdown on what Mythos really does once they’ve IPO’d at that valuation.

Rontea April 30, 2026 9:06 AM

Security, as always, is about trade-offs. When we evaluate new technologies or policies, the critical question isn’t just whether they add protection but whether the incremental benefit justifies the cost—in money, time, complexity, or freedom.

somebody April 30, 2026 12:43 PM

No this technology does not favor the defenders. Bruces post shows we have lost, since even he has given up.

The original sin is assuming that you can get correct software by writing incorrect software and then finding all the bugs. This does not work. We know this in theory due to Turing and Gödel. We know this in practice because everytime we look harder we find more bugs.

The correct way to write correct programs is to design them to work, write a proof that they work and then check the proof. Yes this means there are in theory some correct programs we cannot write, If anybody comes up with an example that actually matters I might reconsider.

Maybe we can teach AI to write correct programs, but nobody is trying, and where would we get the training set?

snon April 30, 2026 11:26 PM

Can you imagine the next dozen Patch Tuesday’s if Microsoft ran the same scan against Windows 11 and Windows Server? Or would they hide the results and simply apply them to Windows 11 2H26 and Windows Server 2027?

r May 1, 2026 4:41 AM

@snon, that capability is only public facing and probably shouldn’t be the investment target. in my opinion it should be able to analyze various assembly dialects post-release, you wouldn’t need developer level access to find state level logic bugs in compiler code. it could be used against drone missile and satellite code post-mortem.

add-in some die picture analysis for logic level recognition and you have a behemoth.

i don’t represent anyone or anything of any stature though, not even myself.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.