Claude AI Uncovers 22 Firefox Vulnerabilities in Two Weeks

Claude Scans 6,000 Firefox Files, Finds 22 CVEs

Anthropic and Mozilla announced a security partnership in which Claude Opus 4.6 scanned nearly 6,000 C++ files in the Firefox codebase over a two-week period, submitting a total of 112 unique bug reports. Of those, Mozilla issued 22 official security advisories (CVEs), with 14 classified as high-severity — representing nearly one-fifth of all high-severity Firefox vulnerabilities fixed in 2025.

The results are significant because Firefox is one of the most heavily scrutinized open-source projects in the world, having undergone decades of security auditing, fuzzing, and code review by both automated tools and human experts. The fact that an AI model found this many serious flaws in such a well-tested codebase suggests a step change in what AI can contribute to software security.

Finding What Decades of Fuzzing Missed

Perhaps the most striking finding: Claude identified entire classes of errors that conventional automated testing methods like fuzzing had missed despite decades of use. Traditional fuzzing tools generate random inputs to trigger crashes and errors, but they struggle with certain vulnerability patterns that require understanding code logic and context — areas where large language models appear to have an advantage.

Claude's initial focus was on Firefox's SpiderMonkey JavaScript engine, one of the most security-critical components of any web browser. Within just 20 minutes, the model identified a Use After Free vulnerability — a class of memory corruption bug that is among the most dangerous in C++ codebases and a common target for real-world browser exploits.

The vulnerability discoveries accelerated rapidly. Of 52 total CVEs found in Firefox during the first months of 2026, 22 traced back to Anthropic's analysis — meaning Claude was responsible for nearly half of all officially documented Firefox security issues during that period.

Exploitation: Possible but Limited

Anthropic also tested whether Claude could go beyond finding vulnerabilities to actually exploiting them. In several hundred test runs costing approximately $4,000 in API credits, Claude successfully developed working exploits in only 2 cases. Even those exploits only functioned in testing environments with security features disabled; Firefox's built-in sandbox would have mitigated them in production.

However, Anthropic warned that the gap between vulnerability discovery and exploitation abilities will likely narrow as models improve, necessitating additional safeguards and responsible disclosure practices in the AI security space.

Mozilla Plans to Integrate AI Security Tools

Mozilla has announced plans to integrate AI-powered code analysis into its internal security workflows following the partnership. The organization chose Firefox as a testing ground specifically because of its maturity and the depth of its existing security infrastructure — reasoning that if AI could find meaningful bugs there, it could find them anywhere.

Anthropic provided three critical components alongside each bug report that Mozilla valued: reproducible test cases, detailed proofs-of-concept, and candidate patches. This made the reports immediately actionable, reducing the time between discovery and remediation. All critical vulnerabilities have been patched in Firefox 148, with remaining fixes scheduled for upcoming releases.

"AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds." — Anthropic

What This Means for Software Security and Engineering

Anthropic says it has now found over 500 zero-day vulnerabilities in well-tested open-source software using Claude, and recently shipped cybersecurity features for Claude Code. The Firefox partnership represents the most high-profile validation of AI-powered vulnerability discovery to date.

For software engineers and security professionals, the implications are significant. AI-powered security scanning is moving from experimental to production-grade, and organizations that integrate these tools into their development pipelines may gain a substantial advantage in identifying vulnerabilities before they reach users. The $4,000 cost to run several hundred exploitation attempts also suggests that AI-powered security auditing could become accessible to organizations of all sizes, not just those with dedicated security teams.