Anthropic's Claude AI Discovered 22 Vulnerabilities in Firefox in Just Two Weeks

Claude Scanned Nearly 6,000 Firefox Code Files

Anthropic partnered with Mozilla to evaluate the capabilities of its Claude Opus 4.5 language model in identifying security vulnerabilities. The target was Firefox — widely regarded as one of the most rigorously tested and secure open-source projects with a highly complex codebase.

Over a two-week period, the AI model uncovered 22 vulnerabilities. Mozilla classified 14 of these as high-severity, a figure representing roughly one-fifth of all high-severity bugs the browser maker remediated throughout 2025.

"We partnered with Mozilla to test Claude's ability to find security vulnerabilities in Firefox. Opus 4.6 found 22 vulnerabilities in just two weeks. Of these, 14 were high-severity, representing a fifth of all high-severity bugs Mozilla remediated in 2025." — Anthropic (@AnthropicAI), original post

Why This Matters

The experiment's results highlight the growing potential of large language models in cybersecurity. A single AI system discovering one-fifth of a year's worth of critical vulnerabilities in one of the most well-defended browsers within just two weeks fundamentally shifts the landscape of software security auditing. At the same time, it raises concerns about the same technology potentially being weaponized by malicious actors.

How the Experiment Unfolded

Anthropic's researchers initially focused Claude on Firefox's JavaScript engine, which could be analyzed in isolation from the rest of the system. They subsequently expanded the model's scope to cover additional parts of the codebase.

Within just 20 minutes of starting, Claude flagged a Use After Free vulnerability — a type of flaw that allows attackers to replace data with arbitrary content. In total, the model analyzed nearly 6,000 C++ files and generated 112 reports on potential issues.

Mozilla's team addressed the majority of discovered vulnerabilities in Firefox 148, released in February. Patches for the remaining issues are scheduled for upcoming releases.

AI Proves Better at Finding Vulnerabilities Than Exploiting Them

Anthropic acknowledged that Claude demonstrated far greater proficiency in detecting security flaws than in actually exploiting them. To test this dimension, the team asked the model to demonstrate a real-world attack using the Use After Free vector.

The test was run several hundred times with varying starting conditions, consuming approximately $4,000 in API credits. Despite this extensive testing, Opus 4.6 managed to convert a vulnerability into a functioning exploit in only two instances.

According to Anthropic, this asymmetry — where AI finds vulnerabilities more effectively than it exploits them — provides a near-term advantage for cybersecurity defenders. However, the company noted that the fact the language model was able to produce even a primitive exploit at all is "cause for concern."

Mozilla Continues Working with Claude

Following the collaboration, Mozilla's researchers began independently experimenting with Claude for security purposes. This suggests the partnership's outcomes were compelling enough for the open-source project to consider integrating AI tools into its code audit workflows.

Earlier in February, so-called vibe coding using Claude Opus 4.6 led to a $1.78 million exploit of the DeFi protocol Moonwell — an incident that underscored the dual-use nature of AI in the security domain.