An advanced artificial intelligence model developed by Anthropic has discovered 22 previously unknown security vulnerabilities in the Mozilla Firefox browser during a recent collaboration with Mozilla, highlighting the growing role of AI in cybersecurity research.
The findings came from tests conducted using Claude Opus 4.6, an AI model designed to analyze complex software systems. According to researchers, the system identified the vulnerabilities in just two weeks in February 2026.
Mozilla classified 14 of the discovered flaws as high-severity, a significant number considering they represent nearly 20% of all high-severity Firefox bugs fixed throughout 2025.
Rapid Bug Discovery
Researchers initially directed the AI model to examine Firefox’s JavaScript engine, a complex component that provides an isolated execution environment but also presents a large potential attack surface.
Within 20 minutes, the system reportedly detected a “use-after-free” memory vulnerability, a serious type of bug that can potentially allow attackers to manipulate memory and execute malicious code. The issue was later verified by security researchers, who submitted a patch generated by the AI model.
During the testing process, the system analyzed nearly 6,000 C++ files in Firefox’s codebase and generated about 50 additional crashing test inputs. In total, researchers filed 112 bug reports through Mozilla’s bug-tracking platform.
Harder to Exploit
While the AI proved effective at identifying vulnerabilities, researchers found it far less capable of turning them into working cyberattacks.
Anthropic tested whether the model could develop exploit tools capable of abusing the discovered flaws, spending roughly $4,000 in API credits across hundreds of attempts. However, the AI managed to produce only two basic exploits, both of which required researchers to disable modern browser protections such as sandboxing.
Security experts noted that Firefox’s existing “defense-in-depth” protections would normally prevent such attacks, suggesting that the AI is currently far better at detecting bugs than exploiting them.
Security Fixes in Latest Release
Most of the vulnerabilities discovered during the experiment were addressed in the Firefox 148.0 release issued in February.
The update also introduces several new features, including an AI Controls section in settings, improved accessibility support for screen readers reading PDF mathematical formulas, and native translation for Vietnamese and Traditional Chinese.
The experiment demonstrates how AI tools may increasingly assist developers and security teams in identifying hidden flaws in large and complex software systems.
