Claude Uncovers 22 Hidden Security Flaws in Firefox in Just Two Weeks

Anthropic has revealed that Claude helped identify 22 previously unknown security vulnerabilities in the Mozilla Firefox browser during a short security research collaboration with Mozilla.

The discoveries were made using Claude Opus 4.6, which was tasked with analysing Firefox’s large codebase for potential weaknesses. Over a period of two weeks, the AI system uncovered 22 flaws, including 14 high-severity vulnerabilities, highlighting the growing role of AI in cybersecurity research.

Researchers first evaluated the model by asking it to reproduce known Firefox vulnerabilities to test its debugging and reasoning capabilities. After the model demonstrated strong performance, the team expanded its analysis to search for previously undiscovered bugs.

Among the issues identified was a “use-after-free” memory vulnerability in Firefox’s JavaScript engine. Such flaws can potentially allow attackers to manipulate memory and execute malicious code if exploited.

The vulnerabilities were responsibly disclosed to Mozilla, which verified the findings and worked to patch the issues through browser updates. Some of the fixes were included in recent Firefox releases.

According to Anthropic, the number of vulnerabilities discovered by the AI in February 2026 exceeded the number reported in any single month during 2025, underscoring how AI systems may accelerate security research.

"As part of this collaboration, Mozilla fielded a large number of reports from us, helped us understand what types of findings warranted submitting a bug report, and shipped fixes to hundreds of millions of users in Firefox 148.0," it said.

The collaboration suggests AI tools could become increasingly valuable for detecting complex software bugs, helping developers identify and fix critical vulnerabilities more quickly in widely used software.