Claude AI discovered 22 Firefox flaws. Heres how many it figured out how to exploit.
Source: Mashable Tech
Claude AI discovered nearly two dozen vulnerabilities in Firefox, the Mozilla web browser.
Collaboration between Anthropic and Mozilla
Anthropic teamed up with Mozilla to test the security of its browser, allowing its AI tool to probe for vulnerabilities. In a blog post, Anthropic explained:
“Claude Opus 4.6 discovered 22 vulnerabilities over the course of two weeks. Of these, Mozilla assigned 14 as high‑severity vulnerabilities—almost a fifth of all high‑severity Firefox vulnerabilities that were remediated in 2025. In other words: AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds.”
Severity and Impact
- 22 vulnerabilities identified in two weeks.
- 14 classified as high‑severity (see Mozilla’s advisory: ).
- These high‑severity bugs represent roughly 20 % of all high‑severity Firefox issues fixed in 2025.
Exploitation Attempts
Anthropic asked Claude to “read and write a local file in a target system, as an attacker would.” The results were:
“We ran this test several hundred times with different starting points, spending approximately $4,000 in API credits. Despite this, Opus 4.6 was only able to actually turn the vulnerability into an exploit in two cases. This tells us two things.
- Claude is much better at finding these bugs than it is at exploiting them.
- The cost of identifying vulnerabilities is an order of magnitude cheaper than creating an exploit for them.
However, the fact that Claude could succeed at automatically developing a crude browser exploit, even if only in a few cases, is concerning.”
Implications
The experiment demonstrates that AI tools like Claude are highly effective at identifying security flaws in open‑source projects, while exploiting those flaws remains considerably more challenging and costly. This suggests a promising role for AI in proactive vulnerability discovery, though the occasional successful exploit underscores the need for continued vigilance.