In an innovative collaboration with Mozilla, Anthropic's AI system, Claude, uncovered 22 distinct vulnerabilities in the Firefox browser, with 14 classified as "high-severity." Most of these issues have been addressed in the recently released Firefox 148, although a few resolutions are slated for the next update.
Utilizing Claude Opus 4.6 over a two-week period, Anthropic's team began their investigation within the JavaScript engine, later extending their analysis to other segments of the codebase. The decision to focus on Firefox stemmed from its reputation as a complex and secure open-source project that has undergone extensive testing.
Interestingly, while Claude Opus excelled at detecting vulnerabilities, it faced challenges in developing software to exploit these weaknesses. The team invested $4,000 in API credits attempting to create proof-of-concept exploits, achieving success in only two instances.
This initiative highlights the significant potential of AI tools in enhancing the security of open-source projects, despite the challenges they may also introduce, such as an influx of less useful merge requests.