Anthropic finds 22 Firefox vulnerabilities using Claude Opus 4.6 AI Model
Anthropic on Friday said it discovered 22 new vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.
Of these, 14 are classified as high, seven are classified as medium, and one is rated as low. These issues were addressed in Firefox 148, released late last month. The risk was identified in a two-week period in January 2026.
The Artificial Intelligence (AI) company said the number of high-magnitude bugs identified by the Claude Opus 4.6 large language model (LLM) represents “nearly a fifth” of all fixed vulnerabilities in Firefox by 2025.
Anthropic said LLM discovered a non-functional bug in the browser’s JavaScript after “just” 20 minutes of testing, which was then validated by a human researcher in a virtual environment to avoid possible bugs.
“By the end of this effort, we had scanned nearly 6,000 C++ files and submitted a total of 112 unique reports, including the aforementioned high and medium vulnerabilities,” the company said. “Many issues have been fixed in Firefox 148, the rest will be fixed in future releases.”
The AI startup said it also gave the Claude model access to the entire list of vulnerabilities submitted to Mozilla and tasked the AI tool with improving them.
Despite running the test several hundred times and spending nearly $4,000 in API credits, the company said Claude Opus 4.6 managed to turn a security feature into an exploit in only two cases.
This behavior, the company added, signals two important factors: the cost of identifying risks is cheaper than making a profit, and the model is better at finding problems than exploiting them.
“However, the fact that Claude can automatically succeed in exploiting a dirty browser, even if only in a few cases, is concerning,” emphasized Anthropic, adding that the exploit only worked in its test environment, which has had other security features such as sandboxing removed on purpose.
An important part included in the process is a work verifier to determine if the exploit really works, giving the tool real-time feedback as it examines the code base in question and allowing it to repeat its results until a successful exploit is designed.
One such exploit that Claude wrote about was CVE-2026-2796 (CVSS score: 9.8), which was described as a just-in-time (JIT) flaw in the JavaScript WebAssembly component.
The disclosure comes just weeks after the company released Claude Code Security in a limited research preview as a way to fix vulnerabilities using an AI agent.
“We cannot guarantee that every patch produced by an agent that passes these tests is ready for immediate assembly,” Anthropic said. “But job verifiers are giving us increasing confidence that the patch produced will fix some vulnerability while maintaining system functionality—and therefore meet what is considered the minimum requirement for a reasonable patch.”
Mozilla, in a joint announcement, said the AI helper found 90 more bugs, many of which have been fixed. These included the assertion failures associated with issues typically found by fuzzing and the various categories of logic errors that fuzzers failed to catch.
“The benchmark results show the power of combining solid engineering with new analytical tools for continuous improvement,” the browser maker said. “We see this as clear evidence that massive, AI-assisted analysis is a powerful new addition to the toolbox of security engineers.”
