Hardening Firefox with Anthropic's Red Team

Anthropic has announced a groundbreaking security research partnership with Mozilla, where their Claude Opus 4.6 model discovered 22 previously unknown vulnerabilities in Firefox over just two weeks. Mozilla classified 14 of these as high-severity security flaws, representing almost 20% of all high-severity vulnerabilities the browser fixed throughout all of 2025. This collaboration began after Anthropic noticed Claude was approaching perfect scores on the CyberGym benchmark for reproducing known vulnerabilities, prompting them to test against Firefox—one of the world's most secure and complex open-source codebases. The findings were so significant that Mozilla incorporated fixes into Firefox 148.0, protecting hundreds of millions of users.

The technical breakthrough came when Claude Opus 4.6 identified its first novel vulnerability—a Use After Free memory bug in Firefox's JavaScript engine—within just 20 minutes of analysis. This type of vulnerability allows attackers to overwrite data with malicious content. Anthropic researchers validated the bug independently before submitting it to Mozilla's Bugzilla tracker, complete with a proposed patch written by Claude. While human researchers were validating that first finding, Claude had already discovered 50 more unique crashing inputs. The speed and scale of discovery prompted Mozilla to establish a streamlined reporting process, accepting bulk submissions of AI-identified vulnerabilities. This partnership establishes a new model for how AI-enabled security researchers and software maintainers can collaborate to dramatically accelerate vulnerability detection and patching in critical software.