Anthropic Uncovers 22 Firefox Vulnerabilities with Claude Opus 4.6 AI Model

Taylor Keatsman

Published: March 8, 2026 6:36 PM ET

Anthropic Uncovers 22 Firefox Vulnerabilities with Claude Opus 4.6 AI Model

Anthropic recently revealed the discovery of 22 vulnerabilities in the Firefox web browser, highlighting the role of AI in enhancing online security. This finding is part of a collaborative effort with Mozilla aimed at improving browser safety.

Details of the Vulnerabilities

Out of the 22 vulnerabilities identified, 14 were rated high severity, seven were deemed moderate, and one was classified as low. These vulnerabilities came to light following a two-week assessment period in January 2026. The newly identified issues were subsequently addressed in the release of Firefox version 148, which became available last month.

Impact of AI on Vulnerability Discovery

The AI model used for detection, Claude Opus 4.6, recognized numerous security issues, representing about 20% of all high-severity vulnerabilities patched in 2025.
In a notable instance, Claude identified a use-after-free bug in the browser’s JavaScript in just 20 minutes, a discovery verified by human researchers.

Overall, nearly 6,000 C++ files were scanned, leading to 112 unique reports that highlighted various vulnerabilities—a testament to the capabilities of Claude Opus 4.6 in vulnerability assessment.

AI’s Exploit Development Insights

Interestingly, Anthropic tested the feasibility of developing practical exploits for the vulnerabilities discovered. Despite extensive simulations and expenditures of about $4,000 in API credits, only two successful exploits were generated.

This outcome suggests that identifying vulnerabilities may be less costly and more effective than developing corresponding exploits. The tests indicated that while AI excels at detecting issues, its capability to create effective exploits is limited.

Noteworthy Exploit Findings

One significant exploit crafted was for CVE-2026-2796, which received a CVSS score of 9.8. This flaw involves a miscompilation in the JavaScript WebAssembly component.

Collaborative Initiatives and Future Steps

Mozilla supported the findings, announcing that the AI-assisted evaluation had uncovered 90 additional bugs. Many of these bugs were fixed, reinforcing the effectiveness of combining AI analysis with traditional security engineering methods.

This partnership illustrates the strong potential of AI as an innovative tool in cybersecurity, providing a powerful addition to traditional security practices and enhancing the ongoing fight against vulnerabilities in software.