AI model Claude detects Firefox bugs faster than the community
In an internal test, Anthropic's AI Claude Opus 4.6 found more vulnerabilities in the Firefox browser within two weeks than the community did in two months.
(Image: David Esser/Shutterstock.com)
The AI development company Anthropic has found more vulnerabilities in the Firefox browser in two weeks than the community has in two months. This was confirmed by the Mozilla Foundation, responsible for Firefox, and Anthropic, according to a media report. The internal test shows how much AI can contribute to improving software by identifying security vulnerabilities. However, security researchers warn that these tools also fall into the hands of those with malicious intent.
The current AI model Claude Opus 4.6 found the first Firefox bug within 20 minutes, reports the Wall Street Journal. In two weeks, the model discovered over 100 errors in total, 14 of which were of high severity. For comparison: Mozilla patched 73 bugs last year that were considered highly critical or critical.
Weaker in Exploitation
Positively, the AI model used was more adept at finding security vulnerabilities than exploiting them, it is said. The AI only succeeded in writing functional exploits in two cases. However, these only worked in a test version of Firefox. Under real conditions, they would have been stopped by the browser's security mechanisms. Nevertheless, security researchers warn that AI is becoming a precursor, enabling bugs to be found and exploited faster. Cryptologist Bruce Schneier also sees an arms race between attackers and defenders through the use of AI tools.
Videos by heise
For developers of open-source projects, finding bugs with AI presents both opportunities and challenges. Many developers complain about automated bug reports based on hallucinations from the AI models used. Anthropics attempt was an exception here, as only reproducible bugs were passed on to the Firefox developers. To minimize false alarms, the company relies on context-based analysis rather than pure pattern matching for its new tool Claude Code Security. Curl developer Daniel Stenberg, for example, complained that in 2025 only one out of 20 reported bugs actually existed.
Firefox was chosen as the test subject because, with its bug bounty program that has existed for over 20 years, it is considered the most intensively tested browser in the world. This made it difficult for the AI to encounter errors, which should underscore its performance.
(mki)
