Claude from Anthropic found 22 vulnerabilities in Firefox over two weeks, of which 14 are critical.

Short summary of the research findings

Over a two‑week period, Anthropic’s Claude Opus 4.6 model discovered 22 vulnerabilities in Mozilla Firefox—more than any single month in 2025. During the same span, it identified over a hundred bugs that could cause crashes. Researchers noted that AI enables the detection of serious security issues “very quickly.”

How the search unfolded
* The first finding took 20 minutes of model work.

* The full set of vulnerabilities (22):

* 14 were classified as critical (about 1/5 of all such errors Mozilla has already fixed in 2025).

* The rest were less severe.

Fixes and releases
Most bugs were closed in Firefox 148, the version released in February. Some fixes had to be carried over to the next release.

Why Firefox specifically?
The Anthropic team chose the browser because of its complex codebase and the fact that it is one of the most thoroughly tested and secure open‑source projects worldwide.

AI effectiveness in attack
When attempting to create exploits for the discovered bugs, Claude produced only two working examples. They succeeded on a test version of the browser but would be blocked by Firefox’s built‑in protection mechanisms in real use.

> “AI is more effective at finding errors than exploiting them,” said Logan Graham, head of Anthropic’s Frontier Red Team.

What this means for cybersecurity
Experts emphasize that the speed of detection and automatic conversion of vulnerabilities into exploit code changes defense approaches:

> “Current protective methods cannot keep pace with the rates at which AI systems find bugs,” noted Gadi Evrons, CEO of Knostic.

Thus, deploying advanced AI models can both accelerate software issue identification and necessitate a reevaluation of existing cyber‑security strategies.