Anthropic has identified 22 previously unknown security vulnerabilities in the Mozilla Firefox web browser using its Claude Opus 4.6 artificial intelligence model as part of a security collaboration with Mozilla.
According to the company, the vulnerabilities were discovered during a two-week research effort in January 2026 in which the AI model analyzed Firefox’s codebase to identify potential security flaws. Of the 22 vulnerabilities reported, 14 were classified as high severity, seven as moderate and one as low severity. Most of the issues were addressed in Firefox 148, released late last month.
Anthropic said the number of high-severity bugs identified by the Claude Opus 4.6 large language model represents nearly one-fifth of all high-severity vulnerabilities that were patched in Firefox in 2025.
During the exercise, the model scanned nearly 6,000 C++ files and produced 112 unique vulnerability reports. One notable issue, a use-after-free bug in the browser’s JavaScript engine, was detected after about 20 minutes of exploration. The finding was later validated by a human security researcher in a virtualized environment to confirm it was not a false positive.
Anthropic also tested whether the AI model could convert vulnerabilities into working exploits. The Claude model was given access to the full list of vulnerabilities submitted to Mozilla and tasked with generating exploit code.
Despite running the experiment several hundred times and spending around $4,000 in API credits, the company said the model successfully produced a working exploit in only two cases. This suggests that identifying vulnerabilities is significantly easier than reliably exploiting them.
However, Anthropic noted that the fact the model could automatically generate even a limited exploit remains notable. One such exploit targeted CVE-2026-2796, a critical vulnerability with a CVSS score of 9.8 related to a just-in-time miscompilation in the WebAssembly JavaScript component.
The company emphasized that the exploits worked only within its controlled testing environment, where certain security protections such as sandboxing were intentionally disabled.
A task verification system was also incorporated into the testing process to determine whether an exploit attempt was successful. This system provided the AI model with real-time feedback, allowing it to iteratively refine its approach while exploring the codebase.
The disclosure comes weeks after Anthropic introduced Claude Code Security in a limited research preview, a tool designed to help developers identify and fix software vulnerabilities using AI-driven agents.
