Anthropic's AI Found 100+ Bugs in Firefox Browser

The collaboration between Anthropic and Mozilla involved using the AI model Claude Opus 4.6 to scan nearly 6,000 C++ files of the Firefox browser's code. This partnership was initiated after Anthropic's team first identified security bugs in Firefox's JavaScript engine and presented them to Mozilla with minimal test cases for quick verification. Of the more than 100 bugs found, 22 were classified as security vulnerabilities, with 14 of those rated as high-severity. These 14 high-severity bugs represent nearly one-fifth of all such vulnerabilities patched in Firefox during the entirety of 2025. All critical vulnerabilities discovered have since been patched in Firefox version 148. The AI model was able to identify entire classes of errors that conventional automated testing methods, such as fuzzing, had missed despite decades of use. In one instance, Claude discovered a "use-after-free" bug in the browser's JavaScript engine within just 20 minutes of starting its analysis. This specific type of memory flaw could potentially allow an attacker to inject malicious code. To test the dual-use risk, Anthropic tasked the same AI with developing exploits for the vulnerabilities it found. After several hundred attempts, costing around $4,000 in API credits, the model succeeded in creating a crude, working exploit in two instances. This demonstrates that while the AI is currently better at finding flaws than weaponizing them, the potential for offensive use exists.