Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks

In a landmark demonstration of AI-assisted security auditing, Anthropic partnered with Mozilla to have its Claude Opus 4.6 model scrutinize the Firefox browser's code. Over a concentrated two-week period, the AI identified 22 distinct vulnerabilities, with a significant 14 of them rated as high-severity. The team deliberately chose Firefox for this test because it represents a complex, mature, and famously well-secured open-source project, making any findings particularly noteworthy. Most of these bugs have already been patched in the recent Firefox 148 release, with the remainder slated for the next update, showcasing a rapid response to AI-generated findings.

The audit began by focusing on Firefox's JavaScript engine before expanding to other code sections. While Claude Opus proved exceptionally adept at finding subtle security flaws in millions of lines of code, it highlighted a current limitation: the model was far less effective at autonomously writing software to exploit those vulnerabilities. The team spent approximately $4,000 in API credits attempting to generate proof-of-concept exploits but succeeded in only two instances. This outcome underscores AI's emerging role as a powerful force multiplier for human security researchers—capable of efficiently scanning vast codebases for weaknesses—while also hinting at the potential for an influx of AI-generated bug reports and merge requests that projects will need to manage.