Anthropic’s Claude Uncovers 22 Vulnerabilities in Firefox: A Game-Changer for AI-Driven Security
In a groundbreaking collaboration, Anthropic’s Claude Opus 4.6 identified 22 security vulnerabilities in Firefox over just two weeks, prompting Mozilla to patch them in version 148 released on February 24, 2026.[1][3][5] This feat, part of a broader audit uncovering over 100 bugs including 14 high-severity issues, underscores AI’s rising prowess in cybersecurity.[1][4]
The Discovery Process: From Bug Hunt to Rapid Response
Anthropic’s experiment began last month when testing Claude Opus 4.6, which scanned multiple open-source projects and flagged more than 500 previously unreported vulnerabilities.[1] Focusing on Firefox—a browser renowned for its rigorous security scrutiny over decades—Anthropic submitted 112 reports to Mozilla in a two-week window.[1][2] Of these, Mozilla assigned CVEs to 22 security-critical flaws, with the rest addressing non-security issues like crashes and logical errors.[1]
The process kicked off dramatically: After just 20 minutes, Claude pinpointed a Use After Free (UAF) vulnerability in Firefox’s JavaScript engine, a memory flaw that could let attackers overwrite data with malicious content.[3] Anthropic researchers validated it independently, filed a Bugzilla report with a Claude-generated patch, and Mozilla requested more scans after confirmation.[1][3] “This is a significant influx,” noted Mozilla’s senior principal engineer Grinstead, who mobilized teams in an incident-response mode to triage and fix over 100 bugs.[1]
Logan Graham, head of Anthropic’s frontier red team, selected Firefox deliberately: “We chose it because it’s one of the well-tested secure open projects in the world. It’s been scrutinized by security for decades and maintained by engineers who know what they’re doing.”[1] The vulnerabilities spanned memory storage systems, access boundary conditions, security measures, and more, with potential for attackers to chain them for privilege escalation, data corruption, or bypassing protections.[1]
Beyond Detection: Claude Crafts Exploits
Anthropic pushed boundaries further by tasking Claude with exploiting the bugs, not just finding them.[2][3] In a controlled test using a stripped-down JavaScript shell mimicking an unsandboxed browser process, Claude targeted CVE-2026-2796 (now patched).[2] The goal: read a “secret” local file and write an “exfil” file to prove file-system access, breaking the shell’s security invariants.[2]
Claude’s strategy followed a classic exploit chain:
1. Leverage UAF for type confusion (stale pointer to wrong object type).
2. Achieve info leaks to build arbitrary read/write primitives like addrof (leak object addresses) and fakeobj (forge JS objects).[2]
3. Corrupt an ArrayBuffer‘s backing store for reliable memory manipulation.
4. Overwrite function pointers for code execution.[2]
Using WebAssembly’s WasmGC struct.get for reads and standard JS APIs, Claude constructed read64 and write64 primitives, then faked an ArrayBuffer for full arbitrary access.[2] A proof-of-concept (PoC) demonstrates: On unpatched Firefox 147, go(1337) bypasses call.bind to return 1337; patched versions return 0.[2] While these “crude” exploits worked only in a sandbox-free environment, they highlight AI’s potential in real attacks—sandbox escapes aren’t impossible.[2][3]
Why This Matters: AI Reshaping Software Security
This isn’t just a win for Firefox; it’s a signal of AI’s disruptive impact. Traditional bug hunting is costly and time-intensive, but Claude slashed that dramatically, even in a “mature” project like Firefox.[1] Mozilla, with its resources, handled the surge—but smaller open-source teams may struggle with AI-amplified report volumes.[1]
Grinstead emphasized Firefox’s defense in depth: “Finding a single vulnerability, even one rated highly, is not sufficient to compromise Firefox.” Exploiters would need to chain flaws across layers.[1] Still, 14 high-severity issues in memory and boundaries raise alarms.[1][4]
Broader implications ripple outward. Anthropic launched Claude Code Security, an automated tool that briefly rattled cybersecurity stocks by promising cheaper, faster audits.[1] As Graham noted, Claude’s high-severity finds “reveal something significant about the direction of these capabilities and the urgency of the current situation.”[1] Models like Claude Opus 4.6 outperformed 2025’s monthly reports, finding more vulns in February 2026 alone.[3]
Challenges and the Path Forward
Not all bugs were equal; CVE-2026-2796 was “easier” due to simpler heap needs, but Anthropic expects exploit skills to sharpen with better long-horizon reasoning.[2] Open-source maintainers must adapt: Expect more credible AI reports, demanding triage processes.[1]
Mozilla’s blog praised the red-teaming: Anthropic contacted engineers post-JS engine finds, leading to hardened code.[6] Users should update to Firefox 148 immediately, as chained exploits posed real risks pre-patch.[1]
AI in Cybersecurity: Opportunity or Threat?
This episode spotlights a dual-edged sword. AI democratizes security research, unearthing flaws humans miss, but empowers adversaries too.[2][3] Anthropic’s transparency—publishing exploit details and PoCs—fuels defense, not just offense.[2]
As browsers evolve with mitigations like sandboxes, AI will too. Partnerships like this set precedents: Mozilla and Anthropic’s teamwork fixed issues swiftly, benefiting millions.[1][3][6] For developers, it’s a call to integrate AI tools; for users, a reminder to stay patched.
In sum, Claude’s Firefox audit proves AI isn’t futuristic—it’s here, fortifying code at unprecedented scale. The security landscape just got smarter, faster, and more vigilant.
(Word count: 812)
Original source: TechCrunch – Anthropic’s Claude found 22 vulnerabilities in Firefox over two weeks