Artificial intelligence (AI) is quickly becoming a powerful tool in cybersecurity.
In a recent partnership with Mozilla, researchers from Anthropic revealed that its AI model Claude Opus 4.6 discovered 22 previously unknown security vulnerabilities in the Firefox web browser in just two weeks.
The majority of the vulnerabilities have already been fixed in Firefox version 148, with the remainder to be patched in upcoming releases, thereby helping protect hundreds of millions of users worldwide.
AI-Powered Bug Hunt
During the investigation, Anthropic used its Claude Opus 4.6 large language model (LLM) to scan Firefox’s massive codebase for potential security weaknesses.
Over the course of two weeks in early 2026, the AI examined nearly 6,000 C++ files, including the high- and moderate-severity vulnerabilities.
Out of the vulnerabilities confirmed by Mozilla:
- 14 were classified as high severity
- 7 were moderate severity
- 1 was low severity
According to Anthropic, the number of high-severity bugs found by the AI alone represents “almost a fifth” of all high-severity Firefox vulnerabilities that were remediated in 2025.
A Critical Bug Found In Minutes
Within just 20 minutes of exploration, Claude identified a serious “use-after-free” memory bug in Firefox’s JavaScript engine.
This type of flaw can potentially allow attackers to overwrite memory and run malicious code.
Human researchers later verified the bug in a controlled virtual environment before reporting it to Mozilla’s bug-tracking system. In total, the AI generated 112 unique bug reports, which Mozilla’s engineers reviewed and validated.
AI Is Better At Finding Bugs Than Exploiting Them
After identifying vulnerabilities, Anthropic researchers tested whether the AI could turn them into working cyberattacks by creating exploits that could read and write files on a target system.
“We ran this test several hundred times with different starting points, spending approximately $4,000 in API credits. Despite this, Opus 4.6 was only able to actually turn the vulnerability into an exploit in two cases,” the company wrote in a blog post published on Friday, with most attempts failing to produce a usable attack.
According to Anthropic researchers, this shows that finding vulnerabilities is much easier than exploiting them, even for advanced AI systems.
Even then, the exploits were considered primitive and functioned only in a controlled testing environment where important security protections — such as Firefox’s sandbox — had been intentionally disabled.
Over 100 Bugs Identified In Total
The AI-assisted research uncovered more than just the 22 official vulnerabilities (CVEs). The collaboration between Anthropic and Mozilla also revealed around 90 additional bugs, including logic errors and crashes.
Mozilla noted that some of these problems had not been detected by traditional automated testing tools, such as fuzzing, which has been widely used in software security for years.
“The scale of findings reflects the power of combining rigorous engineering with new analysis tools for continuous improvement.
We view this as clear evidence that large-scale, AI-assisted analysis is a powerful new addition to security engineers’ toolbox,” the browser maker said in a separate blog post.
The results suggest that human expertise combined with AI-powered analysis tools can help developers uncover hidden issues faster and patch them before attackers can exploit them.
AI’s Growing Role In Cybersecurity
Anthropic says AI-powered tools like Claude could soon become essential for software security.
While AI is currently better at finding vulnerabilities than exploiting them, experts warn that this gap may shrink as the technology advances, making it important for developers and security teams to adopt AI-driven defenses.
