During a recent security collaboration with Mozilla, Anthropic uncovered 22 distinct vulnerabilities in Firefox, with 14 of these classified as "high-severity." The majority of these bugs have already been addressed in Firefox 148, which was released this February, though a handful of fixes are scheduled for the next update.

EMBED_PLACEHOLDER_0

Anthropic's team employed Claude Opus 4.6 over a two-week period, beginning their analysis in the JavaScript engine before extending their review to other sections of the codebase. In their announcement, the team explained that they chose Firefox for this initiative because "it’s both a complex codebase and one of the most well-tested and secure open-source projects in the world."

An interesting observation from the effort was that Claude Opus proved significantly more adept at identifying vulnerabilities than at crafting software to exploit them. The team invested $4,000 in API credits attempting to develop proof-of-concept exploits but succeeded in only two instances.

Nevertheless, this initiative highlights the considerable potential of AI tools for enhancing open-source projects, even as they may generate a surge of low-quality merge requests alongside genuinely valuable contributions.