Anthropic’s Claude found 22 Firefox vulnerabilities in two weeks

In a security partnership with Mozilla, Anthropic found 22 separate vulnerabilities in Firefox, 14 of them classified as high-severity. Most of the bugs were fixed in Firefox 148, released this February, while a few fixes will wait for the next release.

The team used Claude Opus 4.6 over two weeks, beginning in the JavaScript engine and then expanding to other parts of the codebase. They focused on Firefox because it is both a complex codebase and one of the most well-tested and secure open-source projects in the world.

Claude Opus proved much better at finding vulnerabilities than at writing exploits. Anthropic spent $4,000 in API credits attempting proof-of-concept exploits and succeeded in only two cases. The effort underscores how powerful AI tools can be for open source projects, even as they generate a flood of bad merge requests alongside useful ones.

anthropic, claude opus, firefox, vulnerabilities, high severity, javascript engine, mozilla, firefox 148, exploits, api credits