Researchers from Anthropic have collaborated with Mozilla to test the cybersecurity capabilities of the AI model Claude Opus 4.6, leading to the discovery of multiple vulnerabilities in the Mozilla Firefox codebase. Over a two-week research period, the model identified 22 vulnerabilities, including 14 vulnerabilities classified by Mozilla as high severity, nearly one-fifth of all high-severity Firefox flaws resolved in 2025.
The AI-assisted effort analyzed almost 6,000 C++ files and produced 112 unique bug reports. Many of the issues have already been corrected in Firefox version 148, while others will be addressed in future updates. During testing, the model detected a memory error known as a “use-after-free” vulnerability in the browser’s JavaScript engine within minutes of analysis. The study aimed to evaluate whether advanced language models could detect security weaknesses in complex software systems that typically require extensive human investigation.
Researchers conducted several hundred tests, spending about $4,000 in API credits to attempt automated exploit creation. The model succeeded in demonstrating a working exploit in only two cases, suggesting it remains significantly more capable at detecting weaknesses than exploiting them. The findings highlight both the opportunities and risks associated with AI-driven cybersecurity research.
According to the researchers, “AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds.” They also cautioned that although the demonstrated exploits were limited to controlled environments, the rapid improvement of AI systems means software maintainers should strengthen defensive measures. Mozilla has already begun experimenting with Claude internally for security research while continuing to collaborate with developers on faster detection and remediation of vulnerabilities.