"Two hundred seventy‑one" is the number turning a routine browser release into a security stress test. In internal trials on Firefox 150, Mozilla reports that Anthropic's Mythos model surfaced 271 previously unknown zero‑day vulnerabilities before the build shipped, pushing AI from bug‑hunting novelty to front‑line gatekeeper.

The bolder claim sits with Mozilla's leadership, which argues this is not just incremental tooling but a step change in software assurance. Their CTO says Mythos is "every bit as capable" as the world's best security researchers, a comparison that puts a generative model on par with elite exploit developers who mine memory corruption, race conditions and privilege‑escalation chains for a living.

Skeptics will see a marketing flourish, yet the technical signal is hard to ignore. Zero‑day discovery at this scale suggests Mythos can systematically traverse complex code paths, reason about undefined behavior and model exploitability, rather than merely pattern‑match known Common Vulnerabilities and Exposures entries. For a browser with a vast C++ attack surface and intricate JavaScript engine, that kind of automated reasoning shifts the economics of secure development.

The more unsettling takeaway is about power concentration. If a proprietary model can enumerate hundreds of weaponizable flaws in a single release, the same capability, pointed in the opposite direction, becomes an offensive toolkit. Between Mythos as guardian and Mythos as threat, Mozilla's experiment hints at a security future in which the strongest lock and the best lock‑pick are, uncomfortably, the same machine.