When Claude Became a Bug Hunter: How an AI Found 22 Firefox Vulnerabilities in Two Weeks

Claude magnifying glass over fox characters

In February 2026, a focused collaboration between Anthropic and Mozilla demonstrated a new phase in vulnerability research: large language models (LLMs) moving beyond assistance into active, high-throughput discovery. Over a two-week engagement, Claude Opus 4.6 performed deep analysis of the Firefox codebase and surfaced 22 distinct security flaws. The scope and speed of these findings — especially the 14 issues classified as high severity — illustrate how AI is reshaping the early stages of the find-and-fix lifecycle for complex software.

What the engagement looked like

Anthropic directed Claude Opus 4.6 to analyze the Firefox repository with particular attention to the browser’s JavaScript engine and core C++ components. The model scanned roughly 6,000 C++ files and submitted 112 unique bug reports to Mozilla’s Bugzilla tracker. Among those reports was a novel Use-After-Free vulnerability in the JavaScript engine — a class of memory corruption bug that can, under the right conditions, enable arbitrary code execution.

Mozilla and Anthropic worked together to triage the submissions. That human–AI coordination proved essential: automated output provided large volumes of candidate issues, while experienced maintainers validated, prioritized, and turned the validated reports into actionable patches. The validated and confirmed issues were addressed in Firefox 148.0.

Table of validated findings

Vulnerability Details	Component	Security Impact	Remediation Status
Use After Free (Zero-Day)	JavaScript Engine	Allows arbitrary malicious code execution via memory corruption	Patched in Firefox 148.0
High-Severity Flaws (14)	Core C++ Files	Various critical impacts requiring immediate developer intervention	Patched in Firefox 148.0
Moderate-Severity Flaws (8)	Browser Subsystems	Potential for limited exploitation or defense bypass	Slated for upcoming releases

Limits on exploit development

Anthropic also explored whether Claude could move from discovery to weaponization. The team asked the model to generate functional exploits for the discovered bugs, aiming to read and write local files on a target system. After several hundred attempts and roughly $4,000 in API credits, Claude produced working exploits only twice. Those exploit attempts were crude and required disabling Firefox’s sandbox — an unrealistic condition for typical user environments. In practice, the browser’s layered defenses would have mitigated the demonstrated exploits.

This outcome highlights an important, current asymmetry: AI systems are proving significantly more efficient at finding vulnerabilities than at reliably and remotely weaponizing them. That gap is narrowing as models and tooling improve, but for now defenders retain an advantage when hardening software and preserving defense-in-depth.

Broader context and industry implications

The Claude–Mozilla collaboration is not an isolated claim of AI-driven discovery. Anthropic has reported larger-scale results across multiple open-source projects, referencing over 500 zero-day discoveries in heavily audited codebases. Whether that precise number or the broader trend is emphasized, the practical takeaway for security teams is clear: automated tools can surface many more candidate issues than traditional manual review typically finds, and they do so quickly.

This changes priorities for maintainers, security teams, and incident response processes:

Triage capacity becomes a bottleneck. Large volumes of AI-generated reports must be filtered, validated, and prioritized.
Coordinated Vulnerability Disclosure (CVD) processes must be robust and fast to ensure responsible handling and timely patching.
Defense-in-depth and sandboxing remain vital mitigations as discovery tools improve.

Recommendations for practical adoption

Anthropic and collaborators propose concrete steps for teams that accept AI-generated vulnerability reports:

Provide minimal test cases with each submission to demonstrate trigger conditions.
Include clear proofs-of-concept so maintainers can reproduce the issue without excessive guesswork.
Submit candidate patches from the AI and validate them with automated test suites to reduce fix turnaround time.
Implement “task verifiers” — automated checks that allow an AI patching agent to iteratively verify that a proposed fix removes the vulnerability without introducing regressions.

These practices help convert AI-driven discovery into secure, maintainable fixes while avoiding the overhead of triaging false positives or incomplete reports.

What this means for defenders and attackers

Today, defenders have an edge because exploit construction is still comparatively harder and more resource-intensive than fuzzing or static analysis augmented by AI. But that margin may shrink as models improve, specialized tooling proliferates, and exploit-generation techniques become more automated. Organizations should treat AI-driven discovery as both an opportunity and a risk: an opportunity to accelerate remediation, and a risk to be managed through faster disclosure, better automated testing, and retained human oversight.

Conclusion

The Claude–Mozilla engagement is an early but important example of AI’s transformative potential in vulnerability research. Claude Opus 4.6 accelerated the identification of dozens of issues in a short timeframe, leading to concrete fixes in Firefox 148.0. The effort underscores the need for stronger triage pipelines, clearer submission artifacts, and continued reliance on defense-in-depth as AI capabilities evolve. For software maintainers and security teams, the time to prepare procedures and tooling for an AI-augmented future is now.