In a significant development for browser security, Anthropic announced Friday the discovery of 22 new security vulnerabilities within the Mozilla Firefox web browser. This discovery was made possible through a collaborative security partnership between Anthropic and Mozilla. The findings, detailed in a recent announcement, highlight the emerging role of artificial intelligence in identifying critical security flaws in widely used software.
Anthropic’s AI Uncovers Major Firefox Vulnerabilities
Anthropic, an artificial intelligence company, revealed that its large language model, Claude Opus 4.6, identified the security vulnerabilities during a two-week period in January 2026. Of the 22 flaws found, 14 were classified as high-severity, seven as moderate-severity, and one as low-severity. These issues have since been addressed by Mozilla in the release of Firefox 148, which became available late last month. The AI’s contribution is notable, as the number of high-severity bugs identified by Claude Opus 4.6 represents nearly one-fifth of all such vulnerabilities patched in Firefox throughout 2025.
The AI model demonstrated remarkable efficiency, flagging a use-after-free vulnerability in the browser’s JavaScript engine within just 20 minutes of exploration. This initial detection was subsequently corroborated by a human researcher to confirm its validity and rule out any false positives. This rapid identification underscores the potential of AI to accelerate the security auditing process for complex software.
Anthropic shared that its AI scanned nearly 6,000 C++ files as part of the project, submitting a total of 112 unique reports, including the significant high- and moderate-severity vulnerabilities. While the majority of these issues have been rectified in Firefox 148, Anthropic indicated that any remaining vulnerabilities would be addressed in future updates. This comprehensive approach to security analysis offers a new paradigm for software developers and security professionals alike.
AI’s Role in Exploit Development
In addition to identifying vulnerabilities, Anthropic also tasked Claude Opus 4.6 with a more challenging objective: developing practical exploits for the identified security defects. The AI was provided with the complete list of vulnerabilities submitted to Mozilla and instructed to generate actionable exploits. Despite numerous attempts, consuming approximately $4,000 in API credits over several hundred trials, Claude Opus 4.6 was only successful in creating functional exploits in two instances.
This outcome offered valuable insights for Anthropic. Firstly, it suggests that the cost and effort associated with identifying security flaws are generally lower than those required to develop effective exploits. Secondly, the results indicate that while AI models like Claude are proving adept at discovering vulnerabilities, their capabilities in generating sophisticated exploits are still in earlier stages of development. This differential capability is a critical consideration for understanding the evolving threat landscape.
However, Anthropic cautioned that the ability of Claude to automatically develop even a rudimentary browser exploit is a cause for concern. The exploits developed by the AI were effective only within the controlled testing environment, which had certain security features, such as sandboxing, intentionally disabled. The development process included a task verifier component that provided real-time feedback to the AI, allowing it to iterate and refine its efforts until a successful exploit was devised. One notable exploit generated was for CVE-2026-2796, a high-severity (CVSS score 9.8) just-in-time (JIT) miscompilation issue within the JavaScript WebAssembly component.
This project follows closely on the heels of Anthropic’s release of Claude Code Security in a limited research preview, a tool designed to assist in fixing vulnerabilities using AI agents. Anthropic noted that while agent-generated patches passing their tests provide increased confidence in fixing the targeted vulnerability without disrupting program functionality, they cannot guarantee immediate deployability. The task verifiers, however, offer a crucial level of assurance for the plausibility of the generated patches.
Mozilla, in a parallel announcement, stated that this AI-assisted approach unearthed an additional 90 bugs, most of which have already been resolved. These findings included assertion failures, which overlap with issues traditionally discovered through fuzzing techniques, as well as distinct categories of logic errors that fuzzing tools had previously failed to detect. Mozilla views this collaboration as compelling evidence that large-scale, AI-assisted analysis is a potent new addition to the security engineer’s toolkit, demonstrating the power of combining advanced analytical tools with robust engineering practices for continuous software improvement.
Looking ahead, the continued integration of AI into security auditing processes for web browsers and other critical software will be a key area to monitor. The effectiveness and limitations of these AI tools will undoubtedly shape future cybersecurity strategies and the development of more resilient digital infrastructure.