In February 2026, over the course of two weeks, Anthropic's cutting-edge AI model, Claude Opus 4.6, successfully discovered 22 new vulnerabilities in Mozilla Firefox This article explores new vulnerabilities mozilla. . Surprisingly, almost one-fifth of all high-severity Firefox vulnerabilities fixed in the preceding year were related to this AI-driven security research.
With the release of Firefox 148.0, Mozilla has already fixed most of these bugs for hundreds of millions of users, demonstrating the efficiency and speed of AI-assisted patching. The Anthropic team reported these issues in close cooperation with Mozilla researchers, and as a result, 14 were formally categorized as high-severity. Finding and Using Vulnerabilities Before targeting live software, Anthropic evaluated the previous Opus 4.5 model using the CyberGym benchmark to test its ability to reproduce known vulnerabilities.
Researchers moved Opus 4.6 to the current Firefox codebase in order to conduct a more thorough test, focusing mostly on the JavaScript engine and C++ files of the browser. This engine is a very important attack surface since it runs untrusted external code. Claude discovered a Use-After-Free flaw, a serious memory corruption vulnerability that enables attackers to replace data with malicious payloads, in just twenty minutes of isolated analysis.
Monthly reports of Firefox security flaws from all sources (Source: Anthropic) The Anthropic team broadened the AI's scope after verifying this first bug in a separate virtual machine, ultimately sending 112 distinct crash reports to Mozilla's Bugzilla tracker. Anthropic researchers challenged Claude to create rudimentary exploits for the found bugs in order to gauge the model's maximum offensive potential.
The objective was to carry out an actual attack, namely reading and writing a local file on a target system. Opus 4.6 produced functional exploits in just two instances out of hundreds of test runs using about $4,000 in API credits. These attacks were rudimentary and only worked in a limited testing environment that purposefully disabled important security features, such as the Firefox sandbox.
The experiment demonstrates that AI models are getting closer to automated, end-to-end exploit generation, even though Firefox's defense-in-depth architecture successfully countered these particular attacks in real-world scenarios.
Task Verifiers and Mitigation Anthropic strongly supports the use of "task verifiers" to assist software maintainers in handling an influx of AI-generated vulnerability reports. As AI patching agents traverse a codebase, these verification tools give them automated, real-time feedback. The complete neutralization of the vulnerability and the preservation of the intended functionality of the application are two essential components that a highly effective patching agent must confirm.
Task verifiers enable the AI to iteratively improve its candidate patches until they satisfy minimal security and stability requirements prior to human review by executing automated regression tests in conjunction with vulnerability triggers. Mainters are faced with a heavy triage burden due to the rapid influx of AI-discovered bugs. The Mozilla security team observed during the collaboration that rigorous documentation and coordination are necessary to trust submissions generated by AI.
In particular, they need researchers to provide viable candidate patches, comprehensive proofs-of-concept (PoCs), and accompanying minimal test cases. Anthropic's Coordinated Vulnerability Disclosure (CVD) principles incorporate these procedural standards. Additionally, Anthropic is pushing these quick find-and-fix capabilities directly to defenders with the release of Claude Code Security in limited preview, with the goal of securing infrastructure before malevolent actors can fully master AI-driven exploitation.
