Anthropic's AI Hacked Firefox in Minutes

The test was conducted by Anthropic's Frontier Red Team, a group focused on understanding and mitigating advanced AI risks, including in cybersecurity. Their collaboration with Mozilla involved using the Claude Opus 4.6 model to scan nearly 6,000 C++ files that make up the Firefox browser. This effort in January 2026 resulted in 112 unique bug reports. Of the vulnerabilities identified, 22 were issued official CVE (Common Vulnerabilities and Exposures) designations, with 14 of those being classified as high-severity. This number represents nearly one-fifth of all high-severity vulnerabilities that were patched in Firefox throughout the entirety of 2025. All the critical bugs discovered by the AI were patched by Mozilla in the Firefox 148 release. The AI model was particularly effective at finding complex logical errors that traditional automated methods like fuzzing—which involves bombarding software with random data to see if it crashes—had missed for years. One of the high-severity flaws was a just-in-time (JIT) miscompilation in the JavaScript WebAssembly component, identified as CVE-2026-2796 with a critical CVSS score of 9.8. Other high-severity bugs included several "use-after-free" vulnerabilities, which involve the incorrect handling of memory and can lead to arbitrary code execution. In a further test of its capabilities, Anthropic tasked the AI with attempting to write functional exploits for the bugs it discovered. After several hundred attempts costing around $4,000 in API credits, the model succeeded in creating a crude, working exploit in only two instances. These exploits, however, only worked in a controlled testing environment where key security features like sandboxing were disabled. The collaboration has been viewed as a significant milestone in AI-assisted security. Mozilla's engineers noted that within hours of receiving the AI-generated bug reports, which included reproducible test cases, they were able to begin implementing fixes. Mozilla has since started to integrate AI-powered analysis into its internal security workflow. The experiment highlights a current asymmetry in AI capabilities: the technology is significantly more advanced at discovering vulnerabilities than it is at exploiting them. This presents a temporary advantage for defenders, who can use AI to find and fix flaws faster than attackers can weaponize them. However, Anthropic researchers have warned that this gap between discovery and exploitation is unlikely to last long given the rapid pace of AI development.