Firefox Has a New Security Auditor, and It Found 271 Bugs

Bobby Holley runs browser security at one of the most scrutinized codebases in the world. He is not in the habit of announcing that a core assumption of his profession is dead. In a WIRED interview published Tuesday, the Firefox CTO described what happened when Anthropic's Mythos model ran against the Firefox codebase: it synthesized novel exploit variants and working proof-of-concept attacks — not by matching known vulnerability signatures, not by fuzzing for crashes, but by generating new attacks against fully patched targets. His conclusion: automated techniques can now cover the full space of vulnerability-inducing bugs. The old assumption — that some bugs require human intuition to find — is no longer holding. The cost to find them: under $20,000 in API credits.

That is the story. The numbers — 22 vulnerabilities found in Firefox 148 last month, 271 in Firefox 150 this month — are consequences of the capability shift, not the shift itself.

The distinction matters. Traditional vulnerability scanners pattern-match against known exploit signatures. Fuzzers throw random inputs at code and watch for crashes. What Anthropic's red team documented in its technical preview was different: for a fully patched FreeBSD NFS server, Mythos produced a 20-gadget ROP chain — a sequence of existing code snippets strung together to achieve code execution without injecting new code. For Firefox, it generated a four-vulnerability JIT heap spray chain, a technique for corrupting browser memory to run arbitrary code. These were not retrieved from a known exploit database. They were generated against targets that were fully patched at the start of the test.

The Reuters account of Mythos published Monday cited the Firefox 150 numbers and the AISI evaluation — 73 percent success rate on expert-level hacking tasks, a capability that did not exist before April 2025. What it did not fully capture was the conversion rate: Anthropic found that Mythos could turn vulnerabilities into working exploits 181 times out of 200 attempts, compared to the prior model Claude Opus 4.6's rate of roughly 2 in 200. That gap — two percentage points versus 90 — is the operational meaning of "the tools have changed things dramatically."

The cost was not high by security-industry standards. Across roughly a thousand automated runs against open-source codebases including Firefox, FreeBSD, and others, Anthropic spent under $20,000 in API credits and found several dozen additional findings, according to the Anthropic red team blog. One of those bugs had been sitting in OpenBSD for 27 years. A linter does not find a 27-year-old bug in an obscure operating system kernel. A linter does not synthesize ROP chains. If Mythos were merely a better pattern-matcher, the Firefox CTO would have said so.

Anthropic has not released Mythos publicly. The company announced the model April 7 alongside a controlled-access program called Project Glasswing, which grants early use to Microsoft, Google, Apple, Amazon Web Services, JPMorgan Chase, and Nvidia, among other organizations. Mozilla is not formally part of Glasswing — Firefox got access through a separate direct collaboration with Anthropic. The restriction is not academic. The conversion rate numbers are why.

Holley's description of what comes next is not optimistic in the short term. Engineering leaders at large companies are pulling thousands of engineers off their regular work to process the output of AI vulnerability scanners, he told WIRED. Every piece of software is going to have to make this transition, because every piece of software has a lot of bugs buried underneath the surface that are now discoverable. The concern is smaller projects and open-source maintainers who lack the staff to process an AI-generated firehose of bug reports, let alone fix them.

Mozilla CTO Raffi Krikorian made this argument explicitly in a New York Times Op-Ed last week. The underlying economics have not changed, he wrote. The most valuable software infrastructure in the world continues to be maintained by people working for free, while the companies building fortunes on top of it never had to pay for its upkeep. Firefox 150 is a concrete answer to that question: Mozilla got Mythos access first, ran the scan, and published 271 bugs worth of patches. The maintainer of a critical but unfunded library used by millions does not have that option.

The 271 figure requires some precision. The Mozilla Foundation Security Advisory for Firefox 150 (MFSA 2026-30) lists 36 individually credited vulnerabilities plus two bulk entries for memory safety bugs covering dozens of additional instances. Not all of these are the kind of remotely exploitable, high-severity flaws that security teams lose sleep over. The jump from 22 to 271 partly reflects scope expansion as well as capability improvement — the earlier Firefox 148 count of 22 CVEs represented only security vulnerabilities; the latest count includes correctness bugs that do not have CVE assignments. Anyone using the raw number to imply a precise 12x leap in vulnerability detection should hold that qualification in mind.

What is not in question is the direction. The technology works. The question is whether the ecosystem can absorb what it produces.

Firefox 150 is available now. The bugs it patched are documented in Mozilla Foundation Security Advisory 2026-30.