The first serious real-world proof point for Project Glasswing has arrived — and the numbers are striking enough to stop the industry in its tracks.
Mozilla has confirmed that an early preview of Anthropic’s Claude Mythos model, applied to Firefox 150 as part of the companies’ ongoing collaboration, identified 271 security vulnerabilities during initial evaluation. All 271 have been patched and shipped in this week’s Firefox 150 release. This isn’t a research paper. This isn’t a benchmark. This is production-grade code, a hardened browser with decades of security review behind it, and a model that tore through it in the time it would have taken a human team months to approximate.
The Baseline That Makes 271 Stagger
Mozilla’s collaboration with Anthropic began earlier — an initial run with Opus 4.6 against Firefox 148 surfaced 22 security-sensitive bugs. That result was already considered meaningful. The Claude Mythos Preview was then brought in as part of the continued Project Glasswing collaboration, and the first evaluation produced 271 vulnerabilities.
That’s a 12x jump between model generations, on the same hardened codebase. Let that settle.
What Mozilla’s CTO Actually Said
Mozilla CTO Bobby Holley did not celebrate quietly. He described the result as giving the Firefox team “vertigo,” writing: “For a hardened target, just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it’s even possible to keep up.”
But Holley didn’t stop at alarm. He also sees this as “light at the end of the tunnel” for security teams, writing: “Our work isn’t finished, but we’ve turned the corner and can glimpse a future much better than just keeping up” — and then stated plainly: “Defenders finally have a chance to win, decisively.”
That is a significant declaration from the CTO of one of the most security-conscious open-source projects on the planet. It deserves to be read at face value, not dismissed as AI hype.
The Critical Nuance: Speed, Not Novelty
Here is where Mozilla’s framing becomes analytically important, and where TheCyberThrone pushes back on some of the breathless coverage circulating today.
Mozilla was clear that Claude Mythos did not surface any category or complexity of vulnerability that a human couldn’t also find. “So far we’ve found no category or complexity of vulnerability that humans can find that this model can’t,” the foundation stated.
Mozilla also pushed back on predictions that future AI models will unearth entirely new forms of vulnerabilities that defy human comprehension, arguing that software like Firefox is designed in a modular way for humans to reason about its correctness — complex, but not arbitrarily so.
What Mythos delivers is not a new class of discovery. It is velocity at scale. As Mozilla’s CTO framed it: “Computers were completely incapable of doing this a few months ago, and now they excel at it. We have many years of experience picking apart the work of the world’s best security researchers, and Mythos Preview is every bit as capable.”
The attacker’s long-standing structural advantage has always been time — specifically, defenders must find every flaw while attackers need only find one. AI collapses the cost of finding flaws for defenders, and that asymmetry is what makes this a structural shift, not just a tooling upgrade.
Open Source: The Largest Beneficiary
Open source software stands to benefit significantly from this capability shift. Open codebases frequently rely on overstretched volunteers, often leaving security gaps that attackers exploit precisely because slow patch cycles are predictable. Firefox is the proof-of-concept. The implication for the broader open source ecosystem — from Linux kernel subsystems to critical infrastructure dependencies — is significant. If Mythos can be applied at this scale to hardened, professionally maintained code, what does that mean for the thousands of understaffed open source projects that underpin enterprise infrastructure globally?
The NSA Angle
Buried in the coverage but important to surface: despite friction between Anthropic and the Trump administration over the model’s use in war and surveillance contexts, the NSA has reportedly been running Claude Mythos Preview on classified networks, according to sources familiar with the deployment. The practical utility of Mythos in vulnerability discovery is apparently compelling enough to override the political noise.
Benchmark Obsolescence: An Underreported Signal
The model’s performance has also exposed limits in existing AI evaluation frameworks — Anthropic has acknowledged that several cybersecurity benchmarks are no longer sufficient to measure Mythos’ capabilities. This is a pattern that repeats every time a capability frontier genuinely advances. The measurement infrastructure lags the model. For the security community, this creates a blind spot: if our benchmarks can’t measure what Mythos can do, we are effectively evaluating a system we don’t have the instrumentation to understand. That gap needs to close — fast.
Project Glasswing: One Data Point In, The Verdict Is Still Open
Project Glasswing launched in March as Anthropic’s $100 million AI cybersecurity initiative with Claude Mythos at its center. Mozilla’s result is the first major third-party validation that moves the initiative from announcement to evidence. It is one data point. A meaningful one. But the harder questions remain: What happens when this same capability is available to adversaries who don’t share Mozilla’s transparency instincts? How does the vulnerability discovery-to-patch pipeline scale when the discovery rate jumps by an order of magnitude? And who governs which targets Mythos is pointed at under commercial engagements?
Mozilla gave us the “what.” The industry now has to reckon seriously with the “what next.”
The 271-vulnerability result in Firefox 150 is the clearest signal yet that AI-assisted security review is no longer a research hypothesis — it is operational reality. Whether that reality tilts decisively toward defenders, as Mozilla’s CTO believes, or opens new attack surface through the same velocity that closes existing gaps, depends entirely on how seriously the security community treats deployment governance, not just deployment capability.
