AI Found 22 Firefox Vulnerabilities in Just Two Weeks

22 vulnerabilities in two weeks. That's what AI found in one of the world's most secure browsers

Anthropic'sClaude Opus 4.6 just completed a security partnership with Mozilla that uncovered 22 separate vulnerabilities in Firefox—14 of them classified as high-severity. Most bugs were patched in Firefox 148 (released this February), though a few fixes are still pending the next release.

What makes this remarkable isn't just the number—it's the target. Anthropic's team deliberately chose Firefox because "it's both a complex codebase and one of the most well-tested and secure open-source projects in the world." They wanted to test AI against a genuinely challenging opponent.

Great at finding flaws, terrible at exploiting them

Here's where it gets interesting: Claude excelled at vulnerability discovery but struggled mightily with exploitation. The team burned through $4,000 in API credits trying to create proof-of-concept exploits, succeeding in only two cases.

This limitation reveals something crucial about AI security tools. They're exceptional "problem spotters" but poor "problem exploiters." For cybersecurity professionals, this might actually be reassuring news—at least for now.

The double-edged sword of AI-powered security

For open-source maintainers, this represents both opportunity and challenge. AI can dramatically accelerate security audits, potentially catching vulnerabilities that human reviewers miss. But as TechCrunch noted, these tools also risk flooding projects with "bad merge requests alongside the useful ones."

The implications extend beyond individual projects. If AI can audit Firefox's battle-tested codebase this effectively, what about smaller, less scrutinized open-source projects that power critical infrastructure? The security landscape could see a fundamental shift in how vulnerabilities are discovered and disclosed.