271 Zero-Day Flaws Found in Firefox via Advanced AI – A Record Security Haul

By

February 2025 – Mozilla has announced that an early version of Anthropic's Claude Mythos AI discovered and helped fix 271 zero-day vulnerabilities in Firefox, the highest single sweep of critical bugs in the browser's history. The flaws, all classified as latent security holes, have been patched in the Firefox 150 update released this week.

The findings stem from a collaboration between Mozilla and Anthropic that began in late 2024. In a previous phase, the Frontier AI model Opus 4.6 identified 22 security-sensitive bugs that were fixed in Firefox 148. The new results from the Claude Mythos preview represent a dramatic escalation in both scale and severity.

“For a hardened target like Firefox, even one such bug would have been a red-alert in 2025,” said a Mozilla security spokesperson. “Seeing 271 at once makes you question whether it’s even possible to keep up – but our team did.”

Background

Claude Mythos is the latest iteration of Anthropic’s large language model, fine-tuned specifically for cybersecurity tasks. It can analyze millions of lines of source code and identify subtle, previously unknown vulnerabilities that traditional scanners miss.

The AI was given early access to Firefox’s codebase as part of a defensive trial. Mozilla engineers then validated and categorized each finding, prioritizing the most severe issues for immediate patching. The process took less than three months from discovery to release.

What This Means

This breakthrough signals a fundamental shift in the balance between attackers and defenders. Until now, zero-day vulnerabilities were typically found and exploited by malicious actors. With AI-powered tools like Claude Mythos, defenders can proactively scan their own software at unprecedented speed and depth.

“Speed of patching is everything,” the Mozilla spokesperson added. “If defenders can find and fix bugs before attackers weaponize them, we finally have a chance to win decisively.”

The results also raise questions about the broader software industry. Mozilla’s experience suggests that similar scans on other major browsers, operating systems, or critical infrastructure could reveal thousands of hidden flaws. Teams that embrace this technology will need to reprioritize and maintain relentless focus to realize the benefits.

Mozilla plans to continue using Claude Mythos and share its methodology with the open-source community. The company hopes other developers will replicate the approach, turning the vertigo of discovery into a systematic advantage.

For more details on the previous Opus 4.6 findings, see the Background section.

Related Articles

• Adaptive Parallel Reasoning: A Breakthrough in AI Inference Speed
• Germany Surges as Prime Target in European Cyber Extortion Wave – 92% Spike in 2025
• 6 Key Insights into the Silver Fox Cyberattack Campaign Using the Novel ABCDoor Backdoor
• How Russian Hackers Exploited Old Routers to Steal Microsoft Login Tokens
• Critical Security Patch: Google Resolves Maximum-Severity Flaw in Gemini CLI and GitHub Actions Integration
• Reviving the Apple Lisa: An FPGA-Based Tribute to a Pioneering Computer
• Germany Exposes REvil and GandCrab Mastermind: Russian Daniil Shchukin Named as 'UNKN'
• 10 Critical Steps to Secure Your vSphere Environment Against BRICKSTORM Malware