Anthropic and Mozilla Detail 22 Firefox Vulnerabilities Found by Claude

On March 6, 2026, Anthropic said on X that Claude Opus 4.6 found 22 Firefox vulnerabilities in a two-week collaboration with Mozilla. Anthropic said Mozilla classified 14 of those findings as high severity, and the company's technical write-up describes the project as an example of how AI-assisted security research can work alongside established maintainers.

Anthropic said those 14 high-severity issues accounted for almost a fifth of all high-severity Firefox vulnerabilities remediated in 2025. The company also said Mozilla shipped fixes to hundreds of millions of users in Firefox 148.0 and treated the joint work as a model for how AI-enabled security researchers and maintainers can collaborate when the volume of findings rises quickly.

To reach that result, Anthropic first tested whether Claude could reproduce historical Firefox CVEs and then shifted to novel vulnerabilities in the current codebase. Anthropic said the model identified a Use After Free issue in the JavaScript engine after about 20 minutes of exploration. Over the broader effort, the team said it scanned nearly 6,000 C++ files and submitted 112 unique reports, with Mozilla helping calibrate which findings were worth filing and how the results should be triaged.

The write-up emphasizes process as much as raw output. Anthropic says AI-assisted bug hunting can generate many crashing inputs, but practical security work still depends on transparent validation, maintainer feedback, and coordinated remediation. Mozilla has also started experimenting with Claude internally for security use cases. Anthropic's full account is available in its Mozilla and Firefox security post.