In one such recent AI security partnership, Anthropic used its Claude Opus AI to … During one two-week period, the AI discovered 22 vulnerabilities in Mozilla’s Firefox, including two high-severity bugs. This collaboration is a big leap forward in improving the security of one of the world’s most popular web browsers.
Ultimately, it all began as a highly-targeted effort to improve Firefox’s JavaScript engine. Then, the team continued to expand their tests happily, venturing beyond the cal area into other areas of codebase. Claude Opus showed impressive effectiveness in finding a lot of potential vulnerabilities, with 14 of the vulnerabilities being ranked as “high-severity.” Together, these alarming findings led to Mozilla jumping into action right away. Because of this, they were able to mitigate the majority of the bugs in the upcoming release version 148 in February.
While Claude Opus had notable success at discovering vulnerabilities, its performance at creating exploits was moderately less noteworthy. The team at Anthropic paid in API credits a total of $4,000 to produce the exploits which we were using as proofs-of-concept. In the end, they were able to create working exploits for only 2 out of the thousand+ vulnerabilities found.
Anthropic’s team operated Claude Opus version 4.6 throughout this process, highlighting the AI’s capabilities in vulnerability detection. The partnership allowed for a deep dive into Firefox’s complex code base. Anthropic lauded it for being “both a complex codebase and one of the most well tested and secure open-source projects on the planet.”
Anthropic has taken an ambitious step in embedding Claude Opus with Google Chrome. This expansion greatly enhances its security testing capabilities on web, mobile, API and desktop platforms. This integration is yet another step in the thriving partnership between Anthropic and Mozilla, as both companies work to provide the safest browser possible.
The vulnerabilities found by Claude Opus were all patched in Firefox 148. Though many concerns have been addressed, some will not be settled until later updates are released. This latest pledge to security is a reminder of how critical partnerships between technology companies are to keeping the people that use their services safe online.