271. That's The Number They're Telling You.

Here's the version everyone else is writing.

Mozilla used an early version of Anthropic's Claude Mythos Preview to scan Firefox. It found 271 vulnerabilities. All patched in Firefox 150 this week. Defenders finally have a tool that matches attacker capability. AI helps the good guys. Great news. Watershed moment.

That's the press release. Here's the blog post Mozilla actually published.

Now here's Mozilla's CTO, Bobby Holley, in that same post:

So why does he sound like someone who knows exactly how screwed they are?

271 is the number in the press release. It's the lawyered, approved, safe-to-publish number. The number that lets you write "defenders win" instead of something else entirely.

No screenshots of the full output were published. No raw results. No independent verification of what the complete scan actually returned. Just 271. A round-ish number. Attributed to a preview model. On one product. In one pass.

Mozilla's own post says: "Our work isn't finished."

That's in the victory lap announcement. Seven words doing enormous amounts of work.

You only wonder whether keeping up is possible when the thing you're trying to keep up with isn't standing still. If 271 is the complete number — if the job is done — you don't reach for vertigo. You don't reach for "impossible to keep up." Those are words from someone still in the middle of something.

271 is the floor they chose to disclose. The ceiling is somewhere above it and the only people who know where are the ones who went pale looking at the full output and then wrote a carefully optimistic blog post anyway.

A friend of mine likes to say pics or it didn't happen.

271 is a great number, Bobby. Show us the rest of the roll.

Anthropic's own red team documentation describes what they actually did. They launched a container with Firefox's source code. They invoked Claude Code with Mythos Preview. The prompt was, in their words, essentially: "Please find a security vulnerability in this program." Then they let it run.

To cover more ground they spun up parallel agents — one per file, shared findings, working the codebase simultaneously. That's the methodology. Not a known vulnerability list. Not a structured probe library. A paragraph prompt and a cluster of parallel agents told to go find something.

That's also what I described in The Rocket post as what happens when you mount a capable model on the 0DIN socket in agentic mode. Remove the human. Let it generate novel approaches. Feed what works back into the pool. Iterate.

Theory, then. Confirmed benchmark, now.

And here's the part that matters beyond Mythos specifically: independent researchers at AISLE found that a model small enough to run on hardware most people already own — no dedicated GPU, no cloud account, no API key, no paper trail — just an overnight loop and an electricity bill — independently recovered the core analysis chain of the 27-year-old OpenBSD bug. By autumn that probably includes the Chromebook in your kid's backpack. Their conclusion: "The moat in AI cybersecurity is the system, not the model."

The system is documented. The system is public. The warhead socket is in the README. The model is cheap and getting cheaper.

The restricted access to Mythos was never the last line of defense. It was the most visible one.

Firefox uses Gecko. Thunderbird uses Gecko. The mobile apps use Gecko or components of it. SpiderMonkey — the JavaScript engine — is shared. NSS, Mozilla's cryptography library handling TLS and certificate validation, runs across essentially the entire portfolio and well beyond it. A vulnerability in a core Mozilla library isn't a Firefox problem. It's an everything-that-ever-took-a-Mozilla-dependency problem.

The forks didn't get Glasswing access. LibreWolf. Waterfox. Pale Moon. Basilisk. Maintained by small teams, sometimes volunteers, sometimes one person doing this on weekends. They'll get patches when Firefox patches trickle upstream and someone has time to merge them — assuming the divergence doesn't require rebuilding components just to apply a fix.

Here's the specific cruelty: those users made a deliberate, informed, active choice to use a hardened privacy-focused browser because they care about security. They're the most security-conscious slice of the browser market. And they're the ones with the least access to the patch timeline and the fewest options when it slips.

Nobody's published their version of the 271 announcement. Because nobody's scanning them. Because nobody knows what's in there.

It doesn't say how long those 271 vulnerabilities had been there. The OpenBSD bug Mythos found elsewhere had been sitting undetected for 27 years. FFmpeg's flaw survived five million automated scans. How many of Firefox's 271 lived through years of security audits, bug bounty programs, and human researcher hours without surfacing?

That's not an academic question. It's a retroactive incident question. Not what did we find and fix today but what were we open to, for how long, and did anyone who wasn't supposed to know already know?

Mozilla's post doesn't ask it. The press coverage isn't asking it.

It's worth asking.

The 271 announcement and the breach landed the same week. Anthropic is investigating unauthorized access to Mythos through a third-party vendor portal — contractor credentials and some basic internet sleuthing. The most capable offensive security AI ever built, accessed through the single most embarrassing vulnerability class in enterprise security.

271 patched is a better first headline than Mythos loose via contractor portal. That's not a conspiracy. That's just how you manage a news cycle when you have two stories and one of them is worse than the other.

Get the good story out. Shape what Mythos means before the vendor story shapes it for you.

The buffer worked. Most of the coverage is about the 271.

Meanwhile the NSA is running it on classified networks. Their mandate is not purely defensive. Nobody's elaborating on that and nobody needs to. The Federal Reserve is summoning bank CEOs to closed rooms warning them the financial system's exposure to AI-powered attacks has become existential. The people who actually understand what this does aren't writing blog posts about turning corners. They're moving quietly. Quickly. And not explaining why.

None of which changes what happened in Firefox this week.

271 vulnerabilities patched in one of the most hardened browsers on the planet. Real users are genuinely safer this week. The methodology works. The tool is real. None of that is nothing.

And.

271 is the number they published. "Our work isn't finished" is in the victory lap. The CTO reached for vertigo and impossible to keep up while writing about turning corners. The forks don't have Mythos access. The shared libraries run deeper than Firefox. The code history question nobody asked. The full output nobody published. The screenshots that don't exist.

The breach has already happened.

The small model on consumer hardware finds it too if you give it enough loops.

The warhead socket is still documented in the README.

Find me on Mastodon at @ppb1701@ppb.social. The series is here. The thread keeps not running out.

#security