Anthropic has revealed that its latest AI model helped uncover dozens of security flaws in Mozilla’s Firefox browser in a remarkably short time.
Mozilla disclosed that Anthropic used its Claude Opus 4.6 model to analyze the browser’s source code and identify vulnerabilities that could potentially expose users to security risks. Over the course of a two-week testing period, the AI system discovered 22 previously unknown vulnerabilities, including 14 that Mozilla classified as high severity.
The project was intended to test whether modern AI models could assist with vulnerability discovery in large, complex software projects.
Firefox was selected because it is a widely used open-source browser with an extensive codebase and a long-running security review process.
Anthropic directed the model to examine specific subsystems of the browser, including its JavaScript engine and other components written largely in C++.
According to the two companies, the model produced more than a hundred potential bug reports during the testing period.
After manual verification by security researchers, 22 of those reports were confirmed as legitimate vulnerabilities. Many of the issues involved memory safety problems, including conditions such as use-after-free errors or other memory-management flaws that can lead to crashes or, in some cases, opportunities for exploitation.
We partnered with Mozilla to test Claude's ability to find security vulnerabilities in Firefox.
Opus 4.6 found 22 vulnerabilities in just two weeks. Of these, 14 were high-severity, representing a fifth of all high-severity bugs Mozilla remediated in 2025. pic.twitter.com/It1uq5ATn9— Anthropic (@AnthropicAI) March 6, 2026
Anthropic said the AI model analyzed thousands of files in the Firefox codebase while searching for problematic patterns. One of the early findings reportedly involved a memory-management bug in the browser’s JavaScript garbage collection system. As with the other issues, the finding was reviewed by human researchers before it was reported to Mozilla.
The experiment also explored whether the model could turn the discovered vulnerabilities into working exploits.
Anthropic reported limited success in that area.
After numerous attempts, the model produced only a small number of proof-of-concept exploit attempts, none of which bypassed Firefox’s existing security protections in a realistic scenario.
Mozilla documented and addressed these vulnerabilities in security updates for Firefox.
Several of the issues were included in the advisory for Firefox 148, said Mozilla in a blog post, while others are scheduled to be patched in later releases. The advisory notes that some of the flaws could potentially allow memory corruption or unintended data exposure under certain conditions if they were successfully exploited.
Frontier models are now world-class vulnerability researchers, but they’re currently better at finding vulnerabilities than exploiting them.
This is unlikely to last. We urge developers to redouble their efforts to make software more secure.
Read more: https://t.co/LRbhsb6XUb— Anthropic (@AnthropicAI) March 6, 2026
The collaboration highlights how AI tools may increasingly be used to assist security teams in reviewing large codebases and identifying potential weaknesses earlier in the development process.
Systems like Claude can analyze large amounts of code and surface suspicious patterns for human researchers to investigate, potentially speeding up parts of the vulnerability discovery workflow.
At the same time, researchers caution that these capabilities are still evolving.
While current models appear more effective at identifying potential vulnerabilities than reliably exploiting them, Anthropic said the gap may narrow as AI systems improve. The company and Mozilla said the findings underscore the need for continued investment in secure software practices and defensive research as AI-assisted security analysis becomes more common.