Mozilla announced on Tuesday that an early version of Anthropic’s Claude Mythos AI model, during internal testing, identified 271 security vulnerabilities in the Firefox browser, and all of them were patched within this week. While Mozilla said it was also surprised by the findings, it noted that the results suggest a fundamental shift may be underway in the cybersecurity landscape, and that defenders may be about to shrink attackers’ advantage—one that they have held for years.
From 22 to 271: Claude Mythos’s security capability leap
Mozilla previously tested another Anthropic model that, in an earlier version of Firefox, identified 22 security-sensitive vulnerabilities. The discovery of 271 vulnerabilities this time represents a major jump in scale.
Mozilla emphasized that all vulnerabilities found by the system could be found even by “top human researchers,” and that AI tools have not yet revealed entirely new categories of vulnerabilities that humans can’t understand. Its core advantage is that it greatly speeds up this process, enabling developers to quickly identify issues before attackers can exploit them.
Claude Mythos was released in March 2026. It is Anthropic’s most advanced model to date, and company internal materials describe it as a new model that goes beyond the earlier Opus series. In pre-release testing, it found thousands of previously unknown vulnerabilities across major operating systems and web browsers.
Project Glasswing: Why access is tightly controlled
Anthropic provides limited access to Claude Mythos through its “Glasswing Program” (Project Glasswing). The organizations currently approved to use it are limited to specific vetted technology companies such as Amazon, Apple, and Microsoft, with use cases restricted to software vulnerability scanning.
The rationale behind this strict control is as follows: testing by a UK AI safety research institute found that Claude Mythos can autonomously carry out complex web operations, including multi-stage enterprise network attack simulations without any human intervention. According to people familiar with the matter, even though the Trump administration had called for a halt to the use of Anthropic’s technology, the U.S. National Security Agency (NSA) has deployed and is running a preview version of Claude Mythos on classified networks.
A double-edged sword: The same capabilities can accelerate cyberattacks
The results Mozilla found have far-reaching implications on both sides. Security researchers warn that AI systems that can analyze code at scale can automatically identify exploitable vulnerabilities in widely used software. If it falls into the hands of bad actors, it will create an unprecedented cybersecurity threat for software companies and users—and may even give rise to a new generation of automated cyberattack forms.
Frequently Asked Questions
What types of issues are the 271 vulnerabilities Claude Mythos found in Firefox?
According to Mozilla, these are real security-sensitive vulnerabilities that “even top human researchers” can find. Mozilla said AI tools have not yet revealed entirely new categories of vulnerabilities that humans can’t understand. However, their advantage lies in how far faster they can conduct large-scale systematic scanning than manual review, and all issues have been fully fixed within this week.
What is the purpose of the Glasswing Program, and which organizations can use Claude Mythos?
The Glasswing Program is Anthropic’s controlled-access program. Currently, only a limited number of vetted technology companies such as Amazon, Apple, and Microsoft are allowed to use Claude Mythos for limited purposes, with use restricted to software security vulnerability scanning. This restriction reflects Anthropic’s high level of caution about the dual-use risks of the model.
What are the broader, far-reaching implications of this discovery for the cybersecurity industry as a whole?
Mozilla said the emergence of AI tools may give defenders, for the first time, an opportunity to shrink attackers’ long-held advantage and achieve “decisive victory.” However, researchers also warn that the same capabilities can be used by attackers as well, accelerating the scale and efficiency of automated cyberattacks. Therefore, controlling access to AI security tools is crucial.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
OpenAI's Brockman Takes Over Product Integration; Sora Downgraded Due to "Technical Branch Divergence"
Gate News message, April 22 — OpenAI President Greg Brockman has taken over the company's overall product and research integration efforts, a role he has held for approximately "several weeks," according to remarks made on the Core Memory podcast. CEO Sam Altman noted that this organizational
GateNews2m ago
Sam Altman Responds to Home Attacks in Podcast, Predicts More Similar Incidents
Gate News message, April 22 — Sam Altman, CEO of OpenAI, has publicly responded to two attacks on his residence for the first time during a Core Memory podcast appearance. Altman stated that similar incidents are likely to occur in the future, though he did not elaborate on the details of the attack
GateNews10m ago
Shanghai Completes Registration of 1 Generative AI Service, Cumulative Total Reaches 158
Shanghai reports one new generative AI service registered by April 21, 2026, bringing Shanghai's total to 158 under interim measures requiring regulatory registration.
Abstract: This brief notes that Shanghai's cyberspace administration announced that as of April 21, 2026, one new generative AI service completed registration, bringing the total to 158. The move follows the Generative Artificial Intelligence Service Management Interim Measures, which require providers to register with regulatory authorities.
GateNews11m ago
Hugging Face Open-Sources ml-intern, an AI Agent for Autonomous ML Research
Open-sourced ml-intern, Hugging Face's autonomous ML research agent that reads papers, curates data, trains, evaluates, and iterates across science, medicine, and math.
Abstract: Hugging Face's ml-intern is an open-source autonomous ML research agent that reads papers, curates datasets, trains on local or cloud GPUs, evaluates results, and iterates improvements. Built on smolagents with CLI and web interfaces, it navigates arXiv/HF Papers, HF Hub, and HF Jobs. Demonstrations span science, medicine, and mathematics, showing end-to-end automation and performance gains.
GateNews26m ago
JPMorgan Chase Raises S&P 500 Year-End Target to 7,600, Citing AI Investment Surge and Easing Geopolitical Risks
Summary: JPMorgan lifts 2026 S&P 500 to 7,600, 2027 to 385 EPS, driven by AI enthusiasm and easing Middle East tensions; forward P/E stays 22x, potential to 23x and ~8,000 if tensions fall; warns of short-term consolidation amid oil and geopolitical risks.
Abstract: JPMorgan’s strategy team, led by Dubravko Lakos-Bujas, raised the year-end S&P 500 forecast to 7,600 from 7,200, citing renewed AI enthusiasm and easing Middle East tensions. 2026 EPS is boosted to $330 and 2027 to $385, with the forward multiple held at 22x; a quicker geopolitical resolution could lift the multiple to 23x and push 2026 toward 8,000. The AI theme gained momentum after Anthropic unveiled Mythos, with about two-thirds of AI-related S&P 500 stocks outperforming. Risks include higher oil prices and lingering geopolitical tensions, suggesting a potential short-term consolidation before further gains.
GateNews30m ago
OpenAI Briefs U.S. Government and Five Eyes Alliance on Cybersecurity Product
Gate News message, April 22 — OpenAI has briefed the U.S. federal government and the Five Eyes alliance on a new cybersecurity product, according to Axios.
GateNews40m ago
