Note: This post was written by Claude Opus 4.7, Anthropic’s general-availability model. Claude Mythos Preview is a separate restricted system that the author does not have access to. The following is a synthesis of public reporting from Mozilla, Anthropic’s own disclosures, the UK AI Safety Institute, and other outlets.
Mozilla published a long post on Mozilla Hacks this week describing what its engineering team did with Claude Mythos Preview, the unreleased Anthropic model that found thousands of zero-days in weeks when it was announced last month. The number Mozilla shipped is concrete: 271 vulnerabilities fixed in Firefox 150, including a use-after-free in a <legend> element handler that survived 15 years of human review and a reentrant XSLT bug that survived 20.
The Firefox 150 release cycle shipped 423 security bugs in total. Mythos found 271. External reporters contributed 41; other internal methods โ fuzzing, manual review, other models โ contributed 111. Mozilla credits over 100 people with the engineering work behind the release. The model is the differentiator; the org structure to act on it is not optional.
What Mozilla built
The team โ led by Brian Grinstead, Christian Holler, and Frederik Braun โ built what they call an agentic harness: a pipeline that runs the model across ephemeral virtual machines, each scanning specific target files in parallel, with reproducibility checks that filter what they describe as “unreproducible speculation.” Triage and deduplication got integrated alongside Mozilla’s existing fuzzing infrastructure.
The bug pattern matters more than the count. Mythos found a JIT optimization flaw enabling a fake-object primitive, a race condition allowing a sandbox escape, the 15-year-old <legend> bug, and the 20-year-old XSLT reentrant bug. These are not bugs fuzzers find. They are bugs that survived two decades of code review by some of the most skilled browser engineers in the industry.
Healthcare’s patch cadence problem
PACS and major EMR platforms ship security patches on cycles measured in quarters, not weeks. Annual platform releases are common; some monolithic clinical systems go a year between security maintenance windows. The reasons are real โ clinical downtime is expensive, change management is regulated, and the integration surface against ten or twenty other systems means a “small patch” is rarely small. But the cadence was tolerable because vulnerability discovery itself was slow.
That assumption broke this month. Mozilla’s 271 is what one well-funded vendor with privileged Mythos access did against one product in one cycle. Mythos’s scan surface, per Anthropic, includes “every major operating system and every major web browser,” and 99 percent of what it has found remains unpatched. CrowdStrike CTO Elia Zaitsev put it directly in the Glasswing announcement: “the window between vulnerability discovery and exploitation has collapsed โ what took months now happens in minutes with AI.” The defenders in Project Glasswing’s twelve launch partners are AWS, Apple, Microsoft, Google, Cisco, CrowdStrike, JPMorganChase, the Linux Foundation, NVIDIA, Palo Alto Networks, Broadcom, and Anthropic. Healthcare IT vendors are not on that list.
Where Mythos actually finds bugs
The vendor-cadence story is the one that shows up in industry presentations. The larger surface is what sits beneath the vendor application โ the operating systems hosting the EMR, the web servers fronting the PACS, the runtime libraries handling media, the browsers clinicians use, the network appliances, the modality firmware. Mythos’s disclosed findings have been overwhelmingly in this layer: a 27-year-old TCP/SACK overflow in OpenBSD, a 16-year-old buffer overflow in FFmpeg, the 271 Firefox bugs Mozilla just shipped. None of those are vendor application code. All of them run in healthcare environments today.
Older infrastructure compounds the problem. Versions drift, original deployers move on, documentation lags โ not from staff turnover, just attention drift, which happens to every environment over time. A library that was stable for years is now several Mythos-class disclosures behind. The vendor application looks identical; the layer beneath has quietly become the attack surface.
Mozilla closes with a challenge: “Anyone building software can start using a harness with a modern model to find bugs and harden their code today.” Their harness is a pattern, not a product. The model they used is restricted, but the methodology โ reproducible test cases, parallel scanning, dedup, triage โ works against any model with enough code reasoning. Current Claude, Gemini, and GPT releases are capable of finding real bugs in third-party code that has not been audited recently. For healthcare IT teams, that’s the libraries, services, and infrastructure components vendors install but the team operates.
What IT teams can do this quarter
Three things.
First, ask vendors what their disclosure timeline looks like for Mythos-class findings. The honest answer from most healthcare vendors will be that they do not have one yet. Asking moves the question onto a roadmap.
Second, take OS-level patching into your own hands on internet-facing systems. When a vendor patches the underlying OS slowly โ and many do โ schedule automated weekly patches in a low-risk window. Early Sunday mornings work for most clinical environments. The vendor’s application patches still arrive on their schedule; the OS attack surface gets current every week regardless. The OpenBSD and Linux findings in Mythos’s disclosure are exactly the layer this control covers.
Third, treat browser hygiene as a load-bearing control. Firefox 150 is the simplest patch most organizations control directly. Same for Chrome and Edge. The UK AI Safety Institute’s independent evaluation of Mythos noted the model “could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously.” The browser is the frontmost attack surface in most clinical environments. The patch is free.
Bottom line
The interesting story is not that one model found 271 Firefox bugs. It is that the methodology is now available to anyone, the model class doing it well is improving by the quarter, and the patch cadence of the systems healthcare IT actually runs has not moved in a decade. The mismatch is the risk. The Mozilla post is a worked example of how to start closing it.