Anthropic says its Claude Opus 4.6 AI model discovered 22 previously unknown vulnerabilities in Mozilla Firefox during a two-week collaboration with Mozilla researchers.
Anthropic researchers used Claude Opus 4.6 to analyze Firefox’s codebase and identify security flaws, and submitted the results to Mozilla via its Bugzilla vulnerability reporting system.
The AI-assisted research resulted in 112 vulnerability reports, including 22 issues later assigned CVE identifiers by Mozilla. Most of the bugs were fixed in the recently released Firefox 148.
Anthropic said the research began in late 2025 after internal evaluations showed that Claude Opus 4.5 could solve nearly all tasks in CyberGym, a benchmark used to test whether language models can reproduce known security vulnerabilities. To test more realistic scenarios, researchers constructed a dataset of historical Firefox CVEs and asked Claude Opus 4.6 to reproduce them.
While the model successfully rediscovered many historical bugs, researchers were concerned that some of the vulnerabilities might have appeared in the model’s training data. To eliminate that possibility, the team tasked Claude with identifying entirely new vulnerabilities in the current Firefox codebase.
The AI initially focused on the browser’s JavaScript engine, one of the most security-critical components because it executes untrusted code from websites. Within about 20 minutes of exploration, Claude reported a use-after-free memory vulnerability, a type of bug that can allow attackers to overwrite memory with malicious data. Researchers validated the flaw in a virtual machine running the latest Firefox release before submitting it to Mozilla, along with a proposed patch generated by the model.
While the first vulnerability was being validated, Claude had already generated roughly 50 additional unique crashing test cases. Over the course of the project, the AI scanned nearly 6,000 C++ source files and produced hundreds of test inputs that triggered potential flaws.
Mozilla engineers later encouraged Anthropic researchers to submit their findings in bulk, even when individual crashes had not yet been fully validated, allowing the Firefox security team to triage the reports internally.
The resulting vulnerabilities span multiple browser components, many of which affect the JavaScript engine, DOM implementation, WebAssembly, audio/video subsystems, and IndexedDB storage. Several of the high-severity flaws involve use-after-free memory errors, while others involve integer overflows, boundary condition errors, or sandbox escape vulnerabilities. All of them were fixed in Firefox 148.
Anthropic also tested whether the AI could automatically exploit the vulnerabilities it discovered. In hundreds of attempts costing roughly $4,000 in API credits, Claude successfully created functioning proof-of-concept exploits in only two cases, and even those worked only in a controlled testing environment where some browser defenses, such as the sandbox, were intentionally disabled.
The results suggest that current AI models are significantly better at finding vulnerabilities than turning them into working exploits. However, Anthropic noted that the ability to automatically generate even crude exploits demonstrates the need to accelerate defensive security work before such capabilities improve.
Anthropic says it plans to expand its work with open-source maintainers and has already used Claude to search for vulnerabilities in other projects, including the Linux kernel.
Leave a Reply