Anthropic and Mozilla used Claude Opus 4.6 to scan Firefox over two weeks, uncovering 22 vulnerabilities and 14 high-severity issues, with rapid initial findings—an Use After Free in the JavaScript engine surfaced within about 20 minutes.

Claude’s autonomous analysis focused on Firefox’s JavaScript engine, scanning nearly 6,000 C++ files and generating 112 bug reports for Mozilla’s Bugzilla, accelerating vulnerability discovery.

Claude Code Security could bring similar AI-assisted vulnerability discovery capabilities to customers and open-source maintainers, speeding remediation.

The test found more high-risk bugs in two weeks than typically reported worldwide in two months, underscoring AI’s potential to accelerate security discovery.

Security researchers warn that as AI advances, the gap between vulnerability discovery and exploit capability could shrink, calling for stronger safeguards against misuse.

Observers caution that AI tools could become a double-edged sword, speeding up both bug discovery and exploitation and potentially triggering an attackers-versus-defenders arms race.

To improve patching, the collaboration promoted best practices like a task verifier to validate AI-generated patches and providing minimal test cases, proofs-of-concept, and candidate patches for triage.

The proactive, rapid testing approach surfaces vulnerabilities quickly, potentially accelerating fixes and hardening of browsers.

Memory-related issues like bit flips—caused by cosmic rays, Rowhammer, or hardware faults—were noted as a common source of crashes across devices.

Anthropic plans to broaden cybersecurity work with developers, search for vulnerabilities, and build tools to assist maintainers in triaging and patching reports.

Mozilla’s triage process and feedback helped refine submissions, including bulk reporting of validated findings to speed remediation.

Open-source maintainers face mixed outcomes: AI can automate bug reports, but 2025–2026 reports risk hallucinations; context-based analysis is emphasized to reduce false positives.