Anthropic's Claude Finds 22 Vulnerabilities in Firefox in Two Weeks
Anthropic partnered with Mozilla to use its Claude Opus 4.6 large language model to hunt for bugs in Firefox, identifying 22 security vulnerabilities over a two-week period in January 2026. Of those, 14 were classified by Mozilla as high-severity. Most vulnerabilities have been addressed in Firefox 148, released in February 2026, according to announcements from both companies.
The collaboration highlights a growing role for advanced AI systems in large-scale code security auditing. Anthropic said the effort was part of broader testing of Claude Opus 4.6, during which the model uncovered more than 500 previously unknown flaws across various open-source projects. In the Firefox-specific work, Anthropic submitted 112 reports to Mozilla over the two-week span, according to reports from TechCrunch and Axios.
Details of the Findings
According to Anthropic's official blog post, the AI-assisted review located 22 security issues, including 14 high-severity vulnerabilities, along with approximately 90 additional bugs that have since been fixed. The company noted that the number of high-severity bugs identified by Claude Opus 4.6 represented "almost a fifth" of similar reports in recent periods.
Mozilla worked closely with Anthropic to triage the reports, helping the AI company understand which types of findings warranted formal bug submissions. "Mozilla fielded a large number of reports from us, helped us understand what types of findings warranted submitting a bug report, and shipped fixes," Anthropic stated in its announcement.
The vulnerabilities were discovered in January 2026, with fixes landing in Firefox 148 the following month. The volume of issues found in this short period exceeded the total number of vulnerabilities reported in any single month of 2025, according to coverage by The Hacker News.
Broader AI Security Testing Effort
The Firefox project was only one component of Anthropic's larger evaluation of Claude Opus 4.6. The company reported discovering more than 500 previously unknown flaws across multiple open-source projects during last month's testing. This scale of automated vulnerability discovery demonstrates the potential of frontier AI models to supplement traditional security research teams.
Anthropic emphasized the collaborative nature of the work with Mozilla, describing it as a productive partnership that improved Firefox's overall security posture. The open-source nature of Firefox made it a suitable target for this type of large-scale automated analysis.
Impact on Developers and the Industry
For developers and security teams, the results suggest AI systems like Claude Opus 4.6 can meaningfully accelerate vulnerability discovery in complex codebases. Mozilla's willingness to review and act on a high volume of AI-generated reports indicates growing acceptance of machine-assisted security research within major open-source projects.
The findings arrive as the AI industry increasingly explores practical applications beyond chat interfaces. Security auditing represents one of the more concrete use cases for large language models, potentially allowing organizations to find and fix issues faster than human-only review processes.
This partnership also sets a precedent for closer collaboration between AI labs and established software vendors. By combining Anthropic's AI capabilities with Mozilla's deep knowledge of the Firefox codebase, the two organizations achieved results that exceeded monthly vulnerability reports from the previous year.
What's Next
Anthropic has not detailed immediate plans for similar partnerships with other open-source projects, though its discovery of more than 500 flaws across various repositories suggests the company is continuing to explore AI-driven security research. Mozilla has already incorporated fixes into Firefox 148 and may expand its engagement with AI-assisted auditing.
The success of this initial collaboration could encourage other browser vendors and open-source maintainers to test frontier AI models for security work. As models continue to improve, the volume and accuracy of AI-generated vulnerability reports are expected to increase, potentially changing how software security is maintained at scale.
Industry observers note that effective human-AI collaboration — as demonstrated by Mozilla's triage process — will be essential for turning raw AI findings into actionable security improvements.
Sources
- Partnering with Mozilla to improve Firefox’s security
- Anthropic's Claude found 22 vulnerabilities in Firefox over two weeks | TechCrunch
- Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model
- Anthropic's Claude uncovers 22 Firefox security vulnerabilities
- r/firefox on Reddit: Anthropic'c Claude found 22 vulnerabilities in Firefox in just two weeks