Firefox 150 shipped this week with fixes for 271 vulnerabilities, all found using Anthropic's Mythos Preview AI model. The Firefox team got early access through direct collaboration with Anthropic, though Mozilla isn't part of Anthropic's formal Project Glasswing consortium. Firefox CTO Bobby Holley says AI tools like Mythos can now "cover the full space of vulnerability-inducing bugs" that previously required expensive human analysis to find. The security advisory (MFSA2026-30) shows at least three CVEs specifically credit Anthropic's Claude model for discovery.
The new security math of bug hunting just shifted. For years, Firefox and others relied on a mix of automated fuzzing and manual research. Some bugs were only findable by humans willing to spend serious time and money. That created a natural ceiling. Now that ceiling is gone. Holley describes it as a "bootcamp" every piece of software will have to go through. He told WIRED that "every piece of software has a lot of bugs buried underneath the surface that are now discoverable."
The real problem is access. Firefox is open source, maintained by a well-funded organization with direct Anthropic connections. Most open source projects don't have that. Mozilla CTO Raffi Krikorian wrote in the New York Times last week that "the most valuable software infrastructure in the world continues to be maintained by people working for free, while the companies building fortunes on top of it never had to pay for its upkeep." When AI bug hunting becomes widespread, projects with limited resources get squeezed hardest. Holley says he's heard engineering leaders at large companies plan to pull thousands of engineers off other work for months to handle this transition. Small volunteer teams can't do that.
Firefox is working with maintainers across the open source ecosystem to share knowledge and tools. But there's a limit. "Ultimately the open source stuff is a human problem," Holley told WIRED. "There's only so much that you can scale with technology."