Claude Mythos surfaces 271 latent Firefox vulns in single sweep

Mozilla disclosed that Firefox 150 ships with fixes for 271 security vulnerabilities identified by an early build of Anthropic’s Claude Mythos Preview, an order-of-magnitude jump from the 22 bugs Opus 4.6 surfaced in Firefox 148 earlier in the collaboration. The browser team described the experience as vertigo-inducing — any single one of these flaws in a hardened target would have triggered a red-alert response in 2025, and the model produced them in bulk.

Schneier reads the result as evidence that frontier-model vulnerability discovery structurally favors defenders, but only if patch pipelines can keep pace. The asymmetry collapses if attackers gain comparable tooling while user-side update cadence stays slow: a 271-bug disclosure becomes a 271-bug n-day window for anyone who can diff the release. The implicit demand is faster, more aggressive auto-update enforcement and a re-think of what “triage” means when the finding rate outruns human review.

The broader signal is that hardened, mature codebases still contain latent vulnerability surface measured in the hundreds, and that surface is now cheaply enumerable. Other defender teams running the same playbook should expect similar yields — and similar reprioritization pressure on everything else on the security backlog.