Anthropic says it found a heap of Firefox security flaws using new Claude tools, says 'AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds'

Anthropic says it found almost two dozen vulnerabilities in the latest version of Mozilla’s Firefox browser, including a few that could have caused serious damage. In a new blog post Anthropic said it teamed up with Mozilla’s researchers and, over the course of a couple weeks, scanned almost 6,000 C++ files using Claude Opus 4.6.Opus 4.6 is the latest version of Anthropic’s most powerful large language model (LLM), which was released in early February 2026, and has been advertised as a must-have tool in every cyber defender’s arsenal, claiming it is “notably better” at finding high-severity vulnerabilities.

Major success

After analyzing popular open source repositories and finding more than 500 flaws, Anthropic set its sights to Firefox, mostly because it is “both complex and one of the most well-tested and secure open-source projects in the world.” In other words, it really wanted to prove a point by finding a product that’s generally considered large, and safe. The team ran the experiment for two weeks, and in that timeframe, Opus 4.6 managed to find 22 vulnerabilities. Mozilla labeled 14 of them as high severity. In total, Anthropic submitted a total of 112 unique reports, most of which were addressed in Firefox 148. The remainder will be fixed in upcoming releases, it was said. Anthropic is framing this as a major success, saying Opus 4.6 uncovered in two weeks roughly a fifth as many high-severity vulnerabilities as Mozilla fixed during all of 2025.“AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds,” they said. Earlier, Anthropic said Opus 4.6 stood out with the way it found vulnerabilities “out of the box without task-specific tooling, custom scaffolding, or specialized prompting.”It also added unlike fuzzing, which is a standard vulnerability hunting technique, Opus works by reasoning about the code “the way a human researcher would”, meaning it was looking at past fixes to find similar bugs that weren’t addressed, spotting patterns that tend to cause problems, and was understanding logic “well enough to know exactly what input would break it.”