AI Outruns Human Hackers: Claude Cracks Firefox's Defenses With 22 CVEs in 14 Days

News Summary

In a landmark demonstration of AI-driven security research, Anthropic's Claude Opus 4.6 identified 22 previously unknown vulnerabilities in Mozilla's Firefox browser during a two-week collaborative engagement in February 2026 (ET). The findings — 14 of which were classified as high-severity — represent nearly one-fifth of all high-severity Firefox vulnerabilities remediated throughout all of 2025. The results were publicly disclosed on Thursday, March 6, 2026 (ET).

Background: A Deliberate and Rigorous Test

Anthropic's Frontier Red Team selected Firefox as the proving ground for a specific reason: it is widely regarded as one of the most thoroughly audited and secure open-source codebases in the world, relied upon by hundreds of millions of users daily. The team wanted a challenge that would push Claude beyond synthetic benchmarks and into real-world, production-grade software.

The experiment began by asking Claude to reproduce previously known CVEs (Common Vulnerabilities and Exposures) in older versions of Firefox's codebase. The model's success rate was notably high — though researchers acknowledged some historical CVEs may have appeared in Claude's training data. To eliminate that uncertainty, the team redirected Claude to hunt for entirely novel, never-before-reported bugs in the current version of Firefox.

The Hunt: From the JavaScript Engine to the Entire Browser

Claude Opus 4.6 was deployed starting with Firefox's JavaScript engine — a logical entry point given its enormous attack surface. The engine routinely processes untrusted external code as users browse the web, making it one of the highest-value targets for attackers.

Within just twenty minutes of autonomous code exploration, Claude identified a novel Use-After-Free vulnerability, a class of memory corruption flaw that can allow attackers to overwrite data with malicious payloads. Building on that initial success, Claude scanned nearly 6,000 C++ source files, generating 112 unique bug reports submitted directly to Mozilla's Bugzilla issue tracker.

After triaging those submissions, Mozilla's security engineers confirmed 22 CVEs — 14 rated high-severity. This single two-week sprint produced more vulnerability reports than any single calendar month in 2025 from all combined human and automated sources.

Mozilla's Response: Rapid Patching at Scale

Mozilla described the collaboration as markedly different from typical AI-assisted security submissions, which have historically suffered from high false-positive rates and excessive noise. Anthropic's reports came with minimal, reproducible test cases that allowed Mozilla engineers to verify each issue within hours.

Mozilla activated what it characterized as an "incident response" posture to manage the influx of over 100 bug filings. Multiple engineering teams were mobilized to validate findings, write patches, and coordinate releases. The majority of fixes shipped in Firefox 148.0, released on February 24, 2026 (ET), with the remaining patches scheduled for the next browser release.

Beyond the 22 CVEs, Anthropic's research surfaced 90 additional non-security bugs — most of which have also been resolved. Notably, several of Claude's findings represented distinct logic error classes that traditional fuzzing techniques had not previously surfaced.

Exploitation: Where AI Still Lags

Despite the impressive discovery rate, the research revealed a critical asymmetry: Claude is significantly better at finding vulnerabilities than exploiting them. Anthropic spent approximately $4,000 in API credits across several hundred attempts to construct functional proof-of-concept exploits. Only two exploits succeeded — and both required a testing environment with the browser's sandbox disabled, meaning Firefox's layered security architecture would have blocked these attacks in real-world conditions.

Mozilla's security lead Tom Grinstead noted that exploiting any single vulnerability, even a high-severity one, is insufficient to compromise Firefox in practice. Modern browsers depend on defense-in-depth: an attacker would need to successfully chain multiple weaknesses together to mount a meaningful exploit.

For now, this asymmetry favors defenders — AI can find bugs faster and more cheaply than it can weaponize them.

Broader Implications: A New Era for Defensive Security

The Firefox collaboration was not an isolated experiment. Anthropic disclosed that Claude Opus 4.6 has been used to identify vulnerabilities across other critical open-source projects, including the Linux kernel, with over 500 zero-day vulnerabilities discovered across projects in recent months. Anthropic has also launched Claude Code Security, currently in limited research preview, which brings AI-assisted vulnerability discovery and patching capabilities directly to security teams and open-source maintainers.

For the cybersecurity community, the takeaway is clear: AI is emerging as a genuine force multiplier for defensive security. While human expertise remains essential for verification, prioritization, and remediation, AI systems can now scan millions of lines of complex code at speeds and scales impossible for human teams alone.

What Users Should Do Now

For everyday Firefox users, the immediate action is straightforward: update to Firefox 148 or later. All high-severity vulnerabilities identified during this engagement have been patched. Users who have not yet updated should do so promptly, as the affected versions remain exposed to the reported flaws.