Claude Found 22 Vulnerabilities in Firefox — Including 14 Rated High-Severity

Claude Found 22 Vulnerabilities in Firefox — Including 14 Rated High-Severity
Claude Found 22 Vulnerabilities in Firefox — Including 14 Rated High-Severity
15

CYBERSECURITY  |  ARTIFICIAL INTELLIGENCE

Claude Found 22 Vulnerabilities in Firefox — Including 14 Rated High-Severity

In a landmark two-week collaboration with Mozilla, Anthropic’s Claude Opus 4.6 uncovered more security flaws in Firefox than any single month of community reporting in 2025 — signaling a new era for AI-powered cyber defense.

It took less than twenty minutes. Within the first moments of being pointed at Firefox’s sprawling codebase, Anthropic’s Claude Opus 4.6 had already flagged a previously unknown, serious security vulnerability in the browser used by hundreds of millions of people worldwide. Mozilla’s engineers asked for more. Over the next two weeks, what followed was a watershed moment for the intersection of artificial intelligence and cybersecurity.

Anthropic, the AI safety company behind Claude, has published the results of a deep security collaboration with Mozilla, the not-for-profit organization that develops Firefox. The findings are striking: Claude discovered 22 security vulnerabilities — formally issued as CVEs (Common Vulnerabilities and Exposures) — including 14 rated high-severity. All have now been patched and shipped to users in Firefox version 148, released on February 24, 2026.

Why Firefox? A Deliberately Hard Test

Firefox was not chosen by accident. Anthropic’s Frontier Red Team specifically selected it because of its reputation as one of the most battle-hardened, heavily audited codebases in open-source software. With over two decades of a bug bounty program, continuous fuzzing, and scrutiny from thousands of security researchers, Firefox represents the gold standard of community-reviewed software.

“We chose Firefox because it’s one of the most well-tested and secure open-source projects in the world,” said Logan Graham, head of Anthropic’s Frontier Red Team. “It’s been scrutinized by security researchers for decades, fuzzed continuously, and maintained by engineers who really know what they’re doing. We went into this believing if Claude could find undiscovered high-severity bugs here, it would tell us something substantial about where these capabilities are heading.”

The team began by focusing Claude on Firefox’s JavaScript engine — a particularly rich attack surface because it routinely processes untrusted code from the open web. From there, Claude expanded its analysis across nearly 6,000 C++ files, ultimately submitting 112 bug reports to Mozilla’s Bugzilla issue tracker.

The Numbers in Context

The scale of Claude’s output becomes more remarkable when placed in historical context. Mozilla patched just 73 high-severity or critical bugs in all of 2025. Claude found 14 high-severity bugs in two weeks — more than were reported by the entire global community in any single month last year.

Of the 112 total reports submitted, Mozilla issued CVEs for 22 — the security-sensitive bugs requiring formal disclosure. The remaining 90 reports covered non-security issues, including usability bugs and assertion failures that overlapped with traditional fuzzing results. Notably, Claude also identified entirely new classes of logic errors that conventional automated testing had never surfaced.

Brian Grinstead, a senior principal engineer at Mozilla, described the situation as an all-hands event. “This is a large influx,” he said. “We did mobilize as sort of an incident response to get the 100-plus bugs that were filed, triaged, and most of them fixed.”

Quality, Not Just Quantity

AI-generated bug reports have historically been a mixed blessing for open-source maintainers. In January 2026, Curl’s lead developer Daniel Stenberg lamented an “explosion in AI slop reports,” with fewer than one in 20 submissions representing real bugs. The Mozilla case was fundamentally different.

Anthropic’s team filtered rigorously before submitting — only reporting bugs that were fully reproducible, complete with minimal test cases that let Mozilla engineers quickly verify and replicate each issue. “Within hours, our platform engineers began landing fixes,” wrote Mozilla engineers Brian Grinstead and Christian Holler in an official blog post.

Better at Finding Than Exploiting — For Now

Anthropic also tested whether Claude could take the next step: turning discovered vulnerabilities into working exploits. The results were instructive. After several hundred attempts costing approximately $4,000 in API credits, Claude successfully generated working exploits in only two cases.

Even those two exploits came with important caveats — they only functioned in a stripped-down test environment that had intentionally disabled Firefox’s sandbox, one of the browser’s core defense mechanisms. In real-world conditions, the browser’s layered security architecture would have blocked both attacks.

“Just because you find a single vulnerability, even a high vulnerability, it is not enough to hack Firefox,” Grinstead noted. “Claude isn’t yet writing ‘full-chain’ exploits that combine multiple vulnerabilities to escape the browser sandbox, which are what would cause real harm.”

Anthropic was candid, however, that this gap between discovery and exploitation is unlikely to persist indefinitely. “Looking at the rate of progress, it is unlikely that the gap between frontier models’ vulnerability discovery and exploitation abilities will last very long,” the company stated. “If and when future language models break through this exploitation barrier, we will need to consider additional safeguards.”

What This Means for Open-Source Security

The Firefox collaboration offers a preview of how AI is reshaping the security landscape — and it cuts both ways. On the defensive side, tools like Claude can dramatically accelerate the rate at which vulnerabilities are found and fixed before attackers ever see them. Mozilla has already started integrating AI-assisted analysis into its own internal security workflows.

On the offensive side, the same capabilities are available to malicious actors. Security experts warn that the traditional cadence of vulnerability disclosure and patching is being compressed in ways that defenders are not yet prepared for. “The current methods of cyber defense are not able to handle the speed and frequency of what is going on,” said Gadi Evron, CEO of the AI cybersecurity firm Knostic.

For less well-resourced open-source projects — those without Firefox’s global engineering teams and decades of institutional knowledge — the influx of AI-powered bug reports may prove harder to manage. Mozilla itself needed to mobilize multiple engineering teams to process and patch Claude’s findings in a timely manner.

All Bugs Fixed. The Race Continues.

For Firefox users, the immediate outcome is unambiguously good: 22 previously unknown security vulnerabilities have been patched and delivered as part of version 148. The collaboration between Anthropic and Mozilla has been held up as a model for responsible AI-assisted security research — one characterized by verifiable reports, coordinated disclosure, and rapid remediation.

The broader story, however, is still being written. Anthropic’s case study illustrates both the immense promise and the urgency of the moment: AI systems that can find critical security flaws in the world’s most-tested software in under twenty minutes are no longer hypothetical. They are here — and both defenders and attackers know it.

All 22 CVEs have been patched in Firefox 148. Anthropic has published a full technical write-up of the research process at anthropic.com.

Share your love

Related Posts

Leave a Reply