https://pfisterer.xyz/en/tags/audit/Recent content in Audit on Pfisterer ConsultingHugoenWed, 13 May 2026 07:00:00 +0200https://pfisterer.xyz/en/news/claude-mythos-firefox-glasswing-mittelstand/Wed, 13 May 2026 07:00:00 +0200https://pfisterer.xyz/en/news/claude-mythos-firefox-glasswing-mittelstand/<p>On May 5, 2026, Mozilla publishes an unusually candid blogpost: An early version of Anthropic&rsquo;s newest model, Claude Mythos Preview, has found 271 security vulnerabilities in Firefox over the past weeks. 180 high-severity, 80 moderate, 11 low. Some of the bugs sat undiscovered in the code for 15 years, meaning since 2011. Patches went out in Firefox 149.0.2, 150, 150.0.1, and 150.0.2.</p> <p>That alone would be a substantial story. What makes it matter for the German Mittelstand is the footnote: Mythos is not publicly available. Anthropic currently hands the model only to eleven organizations under a program called Project Glasswing. The list contains U.S. hyperscalers, U.S. banks, U.S. security vendors, and the Linux Foundation. No German company. No European company outside Linux.</p>