Article: Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks

Meridiano

Add Article

Image for Article: Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks

Article Details

Title

Article: Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks

Impact Score

5 / 10

AI Summary (Processed Content)

Anthropic, in partnership with Mozilla, used its Claude Opus AI to identify 22 vulnerabilities in Firefox, 14 of which were high-severity. Most of these bugs have been addressed in the latest Firefox release.

The AI was effective at finding security flaws in the complex, well-tested Firefox codebase but was less successful at creating functional exploits for them. The effort highlights the potential of AI as a powerful tool for auditing open-source software security.

The main topics covered are the discovery of Firefox vulnerabilities, the use of AI in security auditing, and the AI's comparative performance in finding flaws versus creating exploits.

Original URL

https://techcrunch.com/2026/03/06/anthropics-claude-found-22-vulnerabilities-in-firefox-over-two-weeks/

Source Feed

TechCrunch

Published Date

2026-03-06 19:00

Fetched Date

2026-03-06 16:30

Processed Date

2026-03-06 16:31

Embedding Status

Present

Cluster ID

Not Clustered

Raw Extracted Content

In a recent security partnership with Mozilla, Anthropic found 22 separate vulnerabilities in Firefox — 14 of them classified as “high-severity.” Most of the bugs have been fixed in Firefox 148 (the version released this February), although a few fixes will have to wait for the next release.
Anthropic’s team used Claude Opus 4.6 over the span of two weeks, starting in the JavaScript engine and then expanding to other portions of the codebase. According to the post, the team focused on Firefox because “it’s both a complex codebase and one of the most well-tested and secure open-source projects in the world.”
Notably, Claude Opus was much better at finding vulnerabilities than writing software to exploit them. The team ended up spending $4,000 in API credits trying to concoct proof-of-concept exploits, but only succeeded in two cases.
Still, it’s a reminder of how powerful AI tools can be for open source projects — even if they bring a flood of bad merge requests alongside the useful ones.