In a groundbreaking demonstration of AI’s potential in cybersecurity, Anthropic’s Claude Opus 4.6 discovered 22 vulnerabilities in Mozilla Firefox during a two-week collaboration—with 14 classified as high-severity. This represents nearly a fifth of all high-severity Firefox vulnerabilities remediated in the entire previous year.
The impact is striking: Claude found more vulnerabilities in February 2026 than were reported from all sources in any single month of 2025. These weren’t minor issues—14 were flagged as high-severity vulnerabilities that could have serious security implications for hundreds of millions of Firefox users worldwide.
Mozilla has already shipped fixes for these vulnerabilities in Firefox 148.0, demonstrating how quickly this AI-human collaboration can translate into real-world protection.
The collaboration began when Anthropic noticed that Claude Opus 4.5 was close to solving all tasks in CyberGym, a benchmark for testing whether AI models can reproduce known security vulnerabilities. Rather than stopping there, the team wanted to push further.
They built a custom dataset using prior Firefox Common Vulnerabilities and Exposures (CVEs) to see if Claude could reproduce those known issues. Firefox was chosen specifically because it’s both a complex codebase and one of the most well-tested and secure open-source projects available.
The results exceeded expectations—Claude didn’t just reproduce known vulnerabilities; it discovered entirely new ones at an unprecedented pace.
What makes this collaboration particularly significant is how it establishes a working model for AI-enabled security research. Mozilla fielded a large number of reports, helped Anthropic understand what types of findings warranted bug reports, and worked to ship fixes efficiently.
This partnership demonstrates that AI can now independently identify high-severity vulnerabilities in complex software—something that previously required extensive human expertise and time. The speed at which Claude operates (two weeks for 22 vulnerabilities) suggests we’re entering a new era of proactive security research.
This collaboration raises important questions about the future of software security:
Speed vs. Scale: If AI can find vulnerabilities this quickly, how do we ensure fixes can keep pace? Mozilla’s rapid response shows it’s possible, but not all projects have Mozilla’s resources.
Defense vs. Offense: While Claude is being used defensively here, the same capabilities could theoretically be used by malicious actors. The security community will need to stay ahead of this curve.
Open Source Impact: Firefox is open-source, which made this collaboration possible. How will AI-assisted security research work with closed-source software?
Human-AI Partnership: This wasn’t AI replacing human security researchers—it was AI augmenting them. Mozilla’s expertise was crucial in validating findings and prioritizing fixes.
As Anthropic documented in their recent zero-day research, Claude found more than 500 previously unknown vulnerabilities across well-tested open-source software. The Mozilla collaboration shows this capability translating into tangible security improvements for real users.
The key takeaway isn’t just that AI can find vulnerabilities—it’s that when AI capabilities are paired with responsive maintainers and clear collaboration models, the result is faster, more comprehensive security for everyone.
For the millions of Firefox users who will never know about these vulnerabilities (because they were fixed before being exploited), this quiet collaboration represents exactly what proactive security should look like in the AI era.
Source: Anthropic - Partnering with Mozilla to improve Firefox’s security