Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks

In a recent security partnership with Mozilla, Anthropic 22 separate vulnerabilities in Firefox – 14 of them classified as ‘very serious’. Most bugs have been resolved Firefox 148 (the version released in February), although a few fixes will have to wait for the next release.

The Anthropic team used Claude Opus 4.6 for two weeks, starting in the JavaScript engine and then expanding to other parts of the codebase. According to the post, the team focused on Firefox because “it is both a complex codebase and one of the best-tested and most secure open source projects in the world.”

Remarkably, Claude Opus was much better at finding vulnerabilities than at writing software to exploit them. The team ultimately spent $4,000 in API credits trying to come up with proof-of-concept exploits, but was only successful on two occasions.

Still, it’s a reminder of how powerful AI tools can be for open source projects — even if they bring a flood of bad merge requests along with the useful ones.