Claude Opus 4.5 discovered 22 vulnerabilities in Firefox in two weeks - ForkLog: cryptocurrencies, AI, singularity, the future

# Claude Opus 4.5 Discovered 22 Vulnerabilities in Firefox in Two Weeks

Anthropic’s team, using the AI model Claude, identified 22 vulnerabilities in the Firefox browser, 14 of which were classified as high severity by the developer, Mozilla.

We partnered with Mozilla to test Claude’s ability to find security vulnerabilities in Firefox.

Opus 4.6 found 22 vulnerabilities in just two weeks. Of these, 14 were high-severity, accounting for one-fifth of all high-severity bugs Mozilla fixed in 2025. pic.twitter.com/It1uq5ATn9

— Anthropic (@AnthropicAI) March 6, 2026

The latest figure represents roughly one-fifth of the total similar issues discovered in the popular web browser throughout 2025.

Researchers at Anthropic used Claude Opus 4.5 over two weeks to search for vulnerabilities in Firefox. The team explained that choosing the browser as the target for the experiment was because it is one of the most tested and secure open-source projects with a high level of complexity.

Initially, the developers focused their efforts on the JavaScript engine, as it can be analyzed in isolation, then expanded the model’s work to other parts of the codebase.

After just 20 minutes of research, Claude reported a Use After Free vulnerability that allows attackers to replace data with arbitrary content.

In total, the LLM scanned nearly 6,000 C++ code files and submitted 112 issue reports. Most of these were fixed by the browser team in Firefox 148, released in February. Patches for the remaining issues will be included in future releases.

According to Anthropic experts, after collaborating, Mozilla researchers began experimenting independently with using Claude for security purposes.

The AI company acknowledged that the model was more effective at finding vulnerabilities than exploiting them. Developers asked Claude to demonstrate a real Use After Free attack.

“We conducted this test several hundred times from different starting points, spending about $4,000 on API credits. Despite this, Opus 4.6 was only able to turn the vulnerability into an exploit in two cases,” they stated.

Anthropic noted that this situation provides an advantage for cybersecurity specialists using AI in the near future. However, the fact that the LLM was able to create a primitive malicious exploit “raises concerns.”

Recall that in February, Vibe coding through Claude Opus 4.6 led to the hacking of the DeFi project Moonwell, resulting in $1.78 million in losses.