Anthropic's AI Finds Firefox Bugs

The 14 high-severity bugs found by Claude Opus 4.6 represent nearly a fifth of all high-severity vulnerabilities Firefox patched in the entirety of 2025. The AI scanned almost 6,000 C++ files, submitting 112 unique reports that also included seven moderate and one low-severity bug, most of which were fixed and shipped in Firefox version 148. Anthropic's process began by targeting Firefox's JavaScript engine, a critical attack surface that processes untrusted code from the web. The AI identified its first major bug, a use-after-free vulnerability, within just 20 minutes of analysis. Mozilla's engineers highlighted that Anthropic's bug reports included minimal test cases, which allowed for rapid verification and patching. Beyond detection, Anthropic tested if the AI could create functional exploits for the vulnerabilities it found. After spending approximately $4,000 in API credits across several hundred attempts, Claude Opus 4.6 only succeeded in generating a crude exploit in two instances, and only within a testing environment where security features like the browser sandbox were disabled. This disparity signals that the cost of using AI to identify vulnerabilities is currently significantly lower than using it to create weaponized exploits. This dynamic gives a massive, though potentially temporary, advantage to cybersecurity defenders who can leverage AI for proactive code analysis and patching. The collaboration serves as a key case study in the rapidly growing AI in cybersecurity market, valued at over $34 billion in 2025 and projected to exceed $213 billion by 2034. The more specific AI Code Review market is forecast to grow from $1.67 billion in 2024 to over $8 billion by 2033, driven by the need to automate quality assurance and secure complex codebases.