Anthropic's Claude AI uncovers 22 security vulnerabilities in Firefox over two weeks

Anthropic's Claude found 22 vulnerabilities in Firefox over two weeks | TechCrunch

In a recent security partnership with Mozilla, Anthropic found 22 separate vulnerabilities in Firefox -- 14 of them classified as "high-severity." Most of the bugs have been fixed in Firefox 148 (the version released this February), although a few fixes will have to wait for the next release. Anthropic's team used Claude Opus 4.6 over the span of two weeks, starting in the javascript engine and then expanding to other portions of the codebase. According to the post, the team focused on Firefox because "it's both a complex codebase and one of the most well-tested and secure open-source projects in the world." Notably, Claude Opus was much better at finding vulnerabilities than writing software to exploit them. The team ended up spending $4,000 in API credits trying to concoct proof-of-concept exploits, but only succeeded in two cases. Still, it's a reminder of how powerful AI tools can be for open-source projects -- even if they bring a flood of bad merge requests alongside the useful ones.

Firefox finds a slew of new bugs with Claude's help

Now if only device makers would deliver higher quality components Thanks to Anthropic's AI and its bug-detecting abilities, Firefox users can now enjoy stronger security. Unfortunately, if browser crashes rather than security flaws are the problem, Claude probably can't help. Mozilla engineer Gabriele Svelto said in a recent Mastodon post that he believes that about 10 percent of Firefox browser crashes can be attributed to bit flips - unintentional changes in memory - rather than software errors. Bit flips can be caused by a variety of things, such as cosmic rays and Rowhammer attacks. But often the explanation is more mundane - flawed electronic components. "Today I was looking at the data that comes out of these tests and now I'm 100 percent positive that ... a lot of the crashes we see are from users with bad memory or similarly flaky hardware," he said. Svelto said that, in the last week, Mozilla received about 470,000 crash reports from Firefox users, which just covers those who opted in to crash reporting. About 25,000, he said, look to be potential bit flips. "That's one crash every twenty potentially caused by bad/flaky memory, it's huge!" he said. "And because it's a conservative heuristic we're underestimating the real number, it's probably going to be at least twice as much." And, he said, if he subtracts crashes caused by resource exhaustion, like running out of memory, the proportion of crashes attributable to hardware goes up to about 15 percent. Svelto said that, while his research focuses mainly on computers and phones, these issues are present in every device, such as routers and printers. This is not the first time people have been taken aback by hardware error rates. Google researchers looked at DRAM errors in its data centers back in 2009 and were surprised to find that DRAM error rates "are orders of magnitude higher than previously reported, with 25,000 to 70,000 errors per billion device hours per Mbit and more than 8 percent of DIMMs affected by errors per year." Bit flips are beyond Mozilla's control, but the biz has been able to shore up its software with the help of Anthropic's red team. Several weeks ago, said Mozilla engineers Brian Grinstead and Christian Holler in a blog post, Anthropic approached the Firefox team with a new AI-based vulnerability detection system. They said that they'd had mixed results with prior AI-assisted bug detection systems, but this one was different. "Within hours, our platform engineers began landing fixes, and we kicked off a tight collaboration with Anthropic to apply the same technique across the rest of the browser codebase," they said. "In total, we discovered 14 high-severity bugs and issued 22 CVEs as a result of this work. All of these bugs are now fixed in the latest version of the browser." Anthropic says it managed this feat using its recent Claude Opus 4.6 model and even got its AI model to generate a working exploit for one of the now patched vulnerabilities (CVE-2026-2796). "To be clear, the exploit that Claude wrote only works within a testing environment that intentionally removes some of the security features of modern web browsers," explained security researchers Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, and Daniel Freeman in a blog post. "Claude isn't yet writing 'full-chain' exploits that combine multiple vulnerabilities to escape the browser sandbox, which are what would cause real harm." But that moment may not be far off. "[L]ooking at the rate of progress, it is unlikely that the gap between frontier models' vulnerability discovery and exploitation abilities will last very long," said Anthropic. "If and when future language models break through this exploitation barrier, we will need to consider additional safeguards or other actions to prevent our models from being misused by malicious actors." ®

Anthropic's Claude uncovers 22 Firefox security vulnerabilities

Why it matters: AI models are rapidly lowering the cost of finding software vulnerabilities, surfacing serious flaws even in heavily scrutinized projects like Firefox. Driving the news: Anthropic uncovered more than 500 previously unknown flaws across open-source projects while testing Claude Opus 4.6 last month -- including 112 reports submitted to Mozilla over a two-week period. * Anthropic also rolled out Claude Code Security, an automated code security testing tool, last month -- briefly rattling cybersecurity stocks. The big picture: The Mozilla case study illustrates how open-source maintainers may need to adapt to a future where AI dramatically increases both the volume and plausibility of incoming bug reports. * Of the 112 total reports Anthropic submitted, Mozilla issued 22 CVEs for security-sensitive bugs, including 14 rated high severity. * The remaining roughly 90 reports involved non-security issues such as crashes and logic errors. What they're saying: "We chose Firefox because it's one of the most well-tested and secure open-source projects in the world," Logan Graham, head of Anthropic's frontier red team, said in a statement. * "It's been scrutinized by security researchers for decades, fuzzed continuously, and maintained by engineers who really know what they're doing." * "We went into this believing if Claude could find undiscovered high-severity bugs here, it would tell us something substantial about where these capabilities are heading and the urgency of the moment we are in," he added. Threat level: Claude found security bugs -- including 14 high-several flaws -- in Firefox's memory storage system, access boundary conditions, security safeguards and other programs. * It also surfaced dozens of non-security bugs, including issues that affected user experience but posed no direct security risk, Brian Grinstead, senior principal engineer at Mozilla, told Axios. * Attackers could potentially chain such flaws together to bypass protections, corrupt data or escalate privileges. Between the lines: Mozilla is well-resourced compared to many open-source projects, which often operate with small teams and limited security staff. * Grinstead said Anthropic reached out a few weeks ago with the first validated security bug. * After confirming the issue, Mozilla asked the team to direct Claude to search for more. The organization then pulled in multiple engineering teams to validate findings and write patches. * "This is a large influx," Grinstead said. "We did mobilize as sort of an incident response to get the 100+ bugs that were filed, triaged and most of them fixed." Reality check: Firefox included fixes for the issues in version 148, which rolled out Feb. 24. * Grinstead added that exploiting the flaws would have required chaining them with other vulnerabilities. * "Just because you find a single vulnerability, even a high vulnerability, it is not enough to hack Firefox," Grinstead said. * Modern browsers rely on multiple layers of defense, meaning attackers would need to combine several weaknesses to mount a successful exploit. What to watch: Less-resourced open-source maintainers may struggle to keep up as AI tools generate higher volumes of increasingly polished bug reports.