Partnering with Mozilla to improve Firefox’s security

· Source: Anthropic News · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Advanced, medium

Summary

Anthropic collaborated with Mozilla, demonstrating that Claude Opus 4.6 can independently identify high-severity vulnerabilities in complex software. Over two weeks in February 2026, Claude Opus 4.6 discovered 22 vulnerabilities in Firefox, 14 of which Mozilla classified as high-severity. This represents almost a fifth of all high-severity Firefox vulnerabilities remediated in 2025. The AI model initially reproduced historical CVEs in older Firefox versions before successfully finding novel bugs in the current codebase, including a Use After Free vulnerability in the JavaScript engine. Mozilla subsequently released fixes for most issues in Firefox 148.0. While Claude is proficient at finding and fixing vulnerabilities, its ability to create exploits is significantly less developed, succeeding in only two out of several hundred attempts, at a cost of approximately $4,000 in API credits.

Key takeaway

For security teams and CTOs evaluating AI for cybersecurity, this collaboration highlights AI's immediate value in vulnerability discovery and patching. You should consider integrating LLM-powered tools, like Claude Code Security, into your security workflows to accelerate the identification and remediation of high-severity bugs. Focus on establishing robust task verifiers and clear reporting protocols to maximize AI's effectiveness and maintain trust in AI-generated findings, while acknowledging the current gap in AI's exploitation capabilities.

Key insights

AI models like Claude Opus 4.6 can autonomously find and help fix high-severity software vulnerabilities at accelerated speeds.

Principles

Method

Claude Opus 4.6 was tasked to find novel vulnerabilities in Firefox's current codebase, starting with the JavaScript engine, and then expanded to other areas, submitting findings with proposed patches.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, AI Researcher

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Anthropic News.