271 Zero-Day Flaws Found in Firefox via Advanced AI – A Record Security Haul
February 2025 – Mozilla has announced that an early version of Anthropic's Claude Mythos AI discovered and helped fix 271 zero-day vulnerabilities in Firefox, the highest single sweep of critical bugs in the browser's history. The flaws, all classified as latent security holes, have been patched in the Firefox 150 update released this week.
The findings stem from a collaboration between Mozilla and Anthropic that began in late 2024. In a previous phase, the Frontier AI model Opus 4.6 identified 22 security-sensitive bugs that were fixed in Firefox 148. The new results from the Claude Mythos preview represent a dramatic escalation in both scale and severity.
“For a hardened target like Firefox, even one such bug would have been a red-alert in 2025,” said a Mozilla security spokesperson. “Seeing 271 at once makes you question whether it’s even possible to keep up – but our team did.”
Background
Claude Mythos is the latest iteration of Anthropic’s large language model, fine-tuned specifically for cybersecurity tasks. It can analyze millions of lines of source code and identify subtle, previously unknown vulnerabilities that traditional scanners miss.
The AI was given early access to Firefox’s codebase as part of a defensive trial. Mozilla engineers then validated and categorized each finding, prioritizing the most severe issues for immediate patching. The process took less than three months from discovery to release.
What This Means
This breakthrough signals a fundamental shift in the balance between attackers and defenders. Until now, zero-day vulnerabilities were typically found and exploited by malicious actors. With AI-powered tools like Claude Mythos, defenders can proactively scan their own software at unprecedented speed and depth.
“Speed of patching is everything,” the Mozilla spokesperson added. “If defenders can find and fix bugs before attackers weaponize them, we finally have a chance to win decisively.”
The results also raise questions about the broader software industry. Mozilla’s experience suggests that similar scans on other major browsers, operating systems, or critical infrastructure could reveal thousands of hidden flaws. Teams that embrace this technology will need to reprioritize and maintain relentless focus to realize the benefits.
Mozilla plans to continue using Claude Mythos and share its methodology with the open-source community. The company hopes other developers will replicate the approach, turning the vertigo of discovery into a systematic advantage.
For more details on the previous Opus 4.6 findings, see the Background section.
Related Articles
- Silver Fox Strikes Again: ABCDoor Malware Delivered via Tax Phishing in India and Russia
- Mastering Container Security: 7 Key Questions on Docker Hardened Images and Mend.io Integration
- Strengthening Digital Fortresses: Meta's Advances in End-to-End Encrypted Backup Security
- AI-Powered Hacker Breaches Nine Mexican Government Agencies, Steals Hundreds of Millions of Records
- Double-Edged Sword: Anti-DDoS Firm's Infrastructure Used to Attack Brazilian ISPs
- The AI Arms Race: 6 Key Threats from Adversaries Using Artificial Intelligence
- 10 Critical Lessons from the Foxconn Ransomware Attack
- Microsoft's Legacy MSHTA Tool Becomes a Stealthy Malware Delivery Mechanism