Anthropic has made significant strides in browser security by identifying 22 vulnerabilities in the Firefox web browser, in collaboration with Mozilla. Detected by the company’s Claude Opus 4.6 AI model, these vulnerabilities were discovered in January 2026 and have since been addressed in the recently released Firefox 148.
Breakdown of Discovered Vulnerabilities
The security flaws identified comprise 14 high-severity, seven moderate-severity, and one low-severity issues. The high-severity vulnerabilities alone account for nearly 20% of all such issues resolved in Firefox throughout 2025. Remarkably, the AI model managed to uncover a critical use-after-free error in the JavaScript engine within just 20 minutes of analysis, later confirmed by human researchers.
Anthropic’s efforts led to the examination of approximately 6,000 C++ files, culminating in 112 unique reports. While most vulnerabilities have been rectified in Firefox 148, the remaining issues are scheduled for resolution in subsequent updates.
AI’s Role in Exploit Development
In addition to identifying vulnerabilities, Anthropic tasked its AI with developing exploits. Despite multiple attempts and substantial computational resources, Claude Opus 4.6 succeeded in creating functional exploits for only two vulnerabilities. This outcome highlights that while AI is adept at identifying security flaws, crafting exploits remains a complex task.
The AI’s ability to produce even rudimentary browser exploits raises concerns, though these exploits were confined to a controlled testing environment lacking typical security features like sandboxing. A task verifier was employed to confirm exploit functionality, providing iterative feedback to enhance the AI’s output.
Implications for Future Security
Among the vulnerabilities exploited was CVE-2026-2796, a critical issue in the JavaScript WebAssembly component. These findings were disclosed following the limited preview release of Claude Code Security, an AI tool designed to address vulnerabilities.
Mozilla acknowledged the AI-assisted discovery of 90 additional bugs, many of which have already been fixed. These findings underscore the potential of combining AI with traditional engineering techniques to advance security measures. Mozilla views this as a testament to the efficacy of AI-enhanced analysis in bolstering cybersecurity strategies.
The collaboration between Anthropic and Mozilla marks a pivotal moment in the use of AI for cybersecurity, suggesting a promising path toward more robust and efficient vulnerability detection and resolution.
