AI model Claude identifies 22 security vulnerabilities in Firefox within two weeks

As part of a recent security collaboration with Mozilla, Anthropic discovered 22 vulnerabilities in Firefox, 14 of which were categorised as “high-severity.” Most of the issues have already been addressed in Firefox 148, the version released in February, although several fixes are still expected in the next release.

Anthropic said its team used Claude Opus 4.6 over two weeks, starting with Firefox’s JavaScript engine and then broadening the work to other parts of the codebase. According to the company’s post, the team selected Firefox because it is “both a complex codebase and one of the most well-tested and secure open-source projects in the world.”

One notable takeaway from the effort was that Claude Opus proved far more effective at finding vulnerabilities than at producing software capable of exploiting them. Anthropic’s team said it spent $4,000 in ionAPI credits to build proof-of-concept exploits, but succeeded in only two instances.

Even so, the results serve as another example of how powerful AI tools can be for open-source software projects — even if they also contribute to a wave of poor-quality merge requests alongside the genuinely useful ones.