Anthropic partnered with Mozilla to apply Claude Opus 4.6 to Firefox security testing, uncovering 22 vulnerabilities in two weeks, with 14 deemed high-severity and most patches rolled into Firefox 148.0, showcasing AI-assisted rapid discovery and patching.

The effort began in Firefox’s JavaScript engine and extended to broader areas of the codebase due to Firefox’s complex open-source architecture.

Researchers first reproduced known issues to validate Claude’s capabilities before scanning for new vulnerabilities in the current Firefox version, starting with the JavaScript engine.

Industry reaction is cautiously optimistic, viewing AI-assisted security as a supplement to traditional testing and anticipating broader adoption in other open-source projects.

The broader context envisions AI-assisted security becoming more common in open-source and influencing evolving industry standards for validating AI-generated findings.

The project introduces task verifiers to check AI output, ensuring patches remove vulnerabilities while preserving functionality, and emphasizes minimal test cases, detailed proofs-of-concept, and candidate patches to gain trust in automated reports.

Best practices for AI-generated vulnerability reports include minimal test cases, detailed PoCs, AI-produced candidate patches with validated tests, and automated test suites to prevent regressions.

The collaboration signals near-term revenue and product opportunities for Anthropic in AI-powered vulnerability discovery and reinforces Claude’s role in enterprise-grade security workflows.

Experts note that AI systems can hallucinate security problems, but capable AI-powered code analyzers can uncover real vulnerabilities.

Anthropic demonstrated exploitation gaps by creating working exploits in two cases during testing, though these required disabling security features in test environments, indicating that discovery currently outpaces exploitation.

Developers are advised that AI-assisted bug discovery could accelerate security work, with plans to expand outreach to open-source maintainers, launch Claude Code Security in limited preview, and hire more security researchers.

Mozilla engineers are beginning to use Claude for internal security testing, signaling a shift toward AI-assisted auditing in browser security.