AI Security Model Reportedly Found 271 Vulnerabilities in Firefox 150 Before Release

Mozilla’s Firefox claim has sharpened an already tense AI security debate

Mozilla says Anthropic’s Mythos Preview model helped it identify 271 security vulnerabilities in Firefox 150 before the browser’s release, a result that immediately raises the stakes in the race to understand how advanced AI will affect cybersecurity.

The finding, reported by Ars Technica, adds unusually concrete evidence to a debate that has so far been driven largely by speculation, benchmark claims, and warnings from AI companies. Earlier in April, Anthropic said Mythos was so effective at discovering vulnerabilities that the company limited the model’s initial release to a small group of critical industry partners. Mozilla’s reported experience is now one of the clearest real-world signals of what that capability may look like in practice.

Firefox CTO Bobby Holley described the implications in sweeping terms, arguing that defensive security teams may finally be gaining an advantage. Even without detailed disclosure of the severity of the 271 flaws, the scale of the reported result is hard to ignore.

From dozens of bugs to hundreds in a single release cycle

The most striking comparison in the source report is not between AI and humans, but between one generation of AI models and the next. Holley said Anthropic’s Opus 4.6 model found 22 security-sensitive bugs when analyzing Firefox 148 last month. Mythos Preview, examining Firefox 150, reportedly surfaced 271 vulnerabilities.

If those figures are directly comparable, the jump is dramatic. It suggests that model progress in vulnerability analysis may not be linear. Even allowing for differences in target code or search conditions, moving from a few dozen to hundreds of findings in that short a span implies a meaningful change in capability.

The source report says the model found these issues simply by analyzing unreleased source code. That point matters because it frames the model not as an automated fuzzing engine requiring execution at scale, but as a reasoning system able to inspect codebases and flag likely vulnerabilities.

Holley compared the work to what could be done either through automated fuzzing or through elite human researchers reasoning through complex browser code. The practical difference, he argued, is cost and speed. If an AI model can find security flaws without many months of concentrated expert effort, defensive review becomes cheaper and more scalable.

Why browser security is a meaningful test case

Browsers are among the most complex and heavily attacked consumer software products in the world. They process untrusted input constantly, span huge codebases, and require careful handling of memory, rendering, scripting, networking, and sandboxing.

That makes Firefox a strong test environment for claims of AI-driven vulnerability discovery. A model that can find meaningful bugs in a modern browser is doing something more consequential than winning a toy benchmark. It is operating in a domain where real defects can affect millions of users and where expert security review is already highly sophisticated.

The source report does not specify the severity breakdown of the 271 vulnerabilities. That missing detail is important. Hundreds of low-severity issues would not carry the same strategic meaning as hundreds of high-impact flaws. Still, even the ability to pre-identify a large number of security-sensitive bugs before public release would represent a major change in software defense workflows.

The defenders-versus-attackers question is getting harder to answer

For months, the cybersecurity conversation around advanced AI has oscillated between alarm and skepticism. One side worries that powerful models will make exploitation easier and more scalable for attackers. The other argues that AI mostly accelerates work defenders are already doing and that the hype often outpaces practical results.

Mozilla’s reported use of Mythos does not end that argument, but it does push it forward. Holley’s view, as described in the source report, is that cheaper vulnerability discovery helps defenders because software vendors can find and fix problems before attackers exploit them.

That is plausible, especially for organizations with access to frontier models and the engineering capacity to integrate them into secure development pipelines. But the same underlying capability could also benefit attackers if equivalent systems become more widely available or leak into offensive toolchains.

In other words, the advantage may depend less on whether AI can find vulnerabilities and more on who can operationalize that ability faster and more responsibly.

What changes inside software development

If Mozilla’s result holds up, AI-assisted code review may stop being a nice-to-have and become a baseline requirement for major software projects. Holley told Wired, according to the source report, that every piece of software may soon need to engage with this kind of AI-aided analysis because every piece of software will be exposed to the same capability from the outside.

That creates a new minimum standard. Projects that do not use strong AI tooling to inspect code could be at a disadvantage against attackers or competitors who do. Security review might begin to look more like continuous AI triage layered onto conventional testing, fuzzing, and human research.

It could also shift labor dynamics inside security teams. Highly skilled researchers may spend less time digging through low-yield code paths manually and more time validating, prioritizing, and exploiting or fixing model-generated findings. In that scenario, AI does not replace elite security work so much as change its economics.

The missing details still matter

The headline number is impressive, but the unresolved questions are substantial. The source report does not disclose how many of the vulnerabilities were severe, how many would have been found by existing internal tools, or what the false-positive rate looked like. It also leaves open whether the performance depended on privileged guidance, tooling, or prompting that would be hard to replicate broadly.

Those caveats do not erase the significance of the result. They simply define what remains unknown. Security claims are strongest when outside researchers can validate them over time across multiple codebases and operational settings.

A threshold moment for AI in cyber defense

Even with those uncertainties, Mozilla’s account feels like a threshold event. Until now, claims about frontier AI and cyber capability have often sounded hypothetical or self-serving. A browser maker saying a model helped uncover 271 vulnerabilities in a major release gives the debate more concrete shape.

If the number reflects real and meaningful security defects, then advanced AI is beginning to alter the economics of software assurance right now. That does not guarantee defenders have decisively won, as Holley argues. But it does suggest the contest has entered a new phase, one in which the ability to reason through code at machine speed is becoming a practical security factor rather than a future possibility.

The next question is no longer whether AI can matter in vulnerability research. It is how quickly the rest of the software industry adapts to a world in which it already does.

This article is based on reporting by Ars Technica. Read the original article.