Anthropic's Claude Opus 4.6 AI model identified 22 security vulnerabilities in Firefox during a two-week security partnership with Mozilla earlier this year, including 14 classified as high severity that have already been patched. The artificial intelligence company spent approximately $4,000 on API credits while its Frontier Red Team worked with Mozilla engineers to scan nearly 6,000 C++ files across the browser's codebase.
According to technical documentation, the effort generated 112 unique vulnerability reports between January and February.
Most of the critical flaws were addressed in Firefox version 148 released last month, with remaining fixes scheduled for upcoming releases. Mozilla engineers confirmed all identified bugs are now resolved in the current browser version.
Claude Opus demonstrated particular efficiency by detecting a use-after-free vulnerability in Firefox's JavaScript engine within just 20 minutes of exploration. Human researchers subsequently validated the finding in a virtualized environment to eliminate false positives.
The scale of discoveries represents what Mozilla describes as "almost a fifth" of all high-severity vulnerabilities patched throughout Firefox during 2025. Company engineers noted the findings demonstrate how large-scale AI-assisted analysis has become "a powerful new addition to security engineers' toolbox."
Beyond vulnerability detection, Anthropic tested Claude's ability to develop practical exploits for discovered flaws. After several hundred attempts costing thousands in computational resources, the AI successfully created working proof-of-concept exploits for two specific vulnerabilities.
One such exploit targeted CVE-2026-2796, a critical just-in-time compilation flaw rated with a CVSS score of 9.8 out of 10.
"The exploit that Claude wrote only works within a testing environment that intentionally removes some of the security features of modern web browsers," explained researchers from Anthropic's team. "Claude isn't yet writing 'full-chain' exploits that combine multiple vulnerabilities to escape the browser sandbox."
Mozilla selected Firefox for this collaboration specifically because it represents one of the world's most extensively tested and secure open-source projects. The browser maker has historically led deployment of advanced security techniques and now plans to integrate AI-assisted analysis into internal workflows.
In addition to the security-critical findings, Anthropic's scanning uncovered 90 other bugs mostly consisting of assertion failures overlapping with issues traditionally discovered through fuzzing techniques. The model also identified distinct logic errors that conventional automated testing had previously missed.
Mozilla engineers received approximately 470,000 crash reports from Firefox users during a single week earlier this year according to internal data shared by engineer Gabriele Svelto. About 25,000 appeared potentially attributable to hardware-related bit flips rather than software defects.
Anthropic cautioned that while current models show greater proficiency at finding vulnerabilities than exploiting them, this gap may not persist indefinitely given rapid AI advancement rates.
