Back Mar 6, 2026

Anthropic’s Claude AI Finds 22 Firefox Vulnerabilities in Two-Week Test

Background and Partnership

Anthropic entered a security partnership with Mozilla to evaluate the capabilities of its Claude Opus 4.6 model on a large, well‑tested open‑source project. The focus was on Firefox because it is both a complex codebase and one of the most secure open‑source browsers.

Testing Process

Over a span of two weeks, the Anthropic team directed Claude Opus to examine Firefox’s JavaScript engine first, then expanded the analysis to additional parts of the codebase. The AI model was tasked with locating potential security weaknesses rather than developing exploitation techniques.

Vulnerability Findings

The AI uncovered 22 separate vulnerabilities within Firefox. Of these, 14 were labeled as “high‑severity.” Most of the identified bugs have already been addressed in Firefox 148, the version released earlier this year, while a few fixes are slated for the next release cycle.

Exploit Attempts and Costs

In an attempt to create proof‑of‑concept exploits, the team allocated $4,000 in API credits to Claude Opus. Despite the investment, successful exploit code was produced in only two cases, indicating that the model excels at finding flaws but is less effective at automatically generating exploit scripts.

Implications for Open‑Source Security

The results demonstrate that AI tools like Claude can substantially aid in uncovering security issues in complex software projects. However, the process also generated a substantial number of low‑value merge requests alongside the useful findings, underscoring the need for careful review of AI‑generated contributions.

Conclusion

This collaboration between Anthropic and Mozilla illustrates both the promise and the challenges of applying generative AI to software security. While the AI identified a notable number of high‑severity vulnerabilities and helped accelerate patching efforts, its limited success in crafting exploits and the accompanying noise suggest that human expertise remains essential in the security workflow.

Used: News Factory APP - news discovery and automation - ChatGPT for Business

Source: TechCrunch

Also available in:

Español La IA Claude de Anthropic encuentra 22 vulnerabilidades en Firefox en una prueba de dos semanas Português A IA Claude da Anthropic Encontra 22 Vulnerabilidades no Firefox em Teste de Duas Semanas