Dispatch
Claude Opus 4.6 Discovers 22 Firefox Vulnerabilities in Two Weeks via Anthropic-Mozilla Partnership
Anthropic and Mozilla ran a coordinated two-week security research project in February 2026 where Claude Opus 4.6 scanned roughly 6,000 Firefox C++ files, submitted 112 reports, and identified 22 CVEs — 14 classified high-severity, representing nearly one-fifth of all critical Firefox bugs patched in 2025. A JavaScript engine use-after-free was found in just 20 minutes; exploitation succeeded in only 2 of hundreds of attempts using $4,000 in API credits, demonstrating that AI-assisted discovery outpaces exploitation capability. The vulnerabilities shipped in Firefox 148.0, patching hundreds of millions of users.
Source
↳ Follow the thread