Mozilla
Sources: Mozilla (homepage) · Mozilla security blog: AI-found zero-days · Behind the scenes: hardening Firefox
Mozilla is the open-source organization that develops the Firefox browser. It tested Claude Mythos Preview against Firefox in coordination with Project Glasswing and published its own write-ups of the experience.
Firefox 150 Result
Per Anthropic’s one-month Glasswing update and Mozilla’s own security blog and hardening write-up, Mozilla found and fixed 271 vulnerabilities in Firefox 150 while testing Mythos Preview — over ten times the number it found in Firefox 148 with Claude Opus 4.6.
Most AI-found vulnerabilities never become CVEs. The Mythos-ready briefing noted that of Mozilla’s 271 disclosed vulnerabilities, only 3 warranted CVEs. This matters for the Zero Day Clock: TTE curves built on CVE-exploit pairs undercount AI-driven discovery, because the vast majority of AI-found-and-fixed bugs are patched without ever entering the CVE system. Mozilla’s Firefox 150 figure is the cleanest single illustration of the gap between AI discovery volume and CVE volume.
See Also
- Project Glasswing — the coalition context.
- Glasswing initial update — primary source for the 271 figure.
- Zero Day Clock — where the CVE-undercount caveat is load-bearing.
- Claude Mythos Preview — the model tested.