In a recent security partnership with Mozilla, Anthropic identified 22 separate vulnerabilities in Firefox—14 of which were labeled as “high-severity.” Most of these vulnerabilities have already been patched in Firefox 148, which was released this February. However, a few necessary fixes are scheduled for the next release. You can find a detailed breakdown of the vulnerabilities here: Anthropic’s report on Firefox vulnerabilities. The release notes for Firefox 148 are available at Firefox 148 release notes.

Testing with Claude Opus: The Process and Results

Anthropic’s engineers utilized Claude Opus 4.6 over a two-week period, initially concentrating on Firefox’s JavaScript engine. Eventually, they broadened their review to other segments of the codebase. According to their official statement, the team chose Firefox due to its complex architecture and its reputation as one of the most well-tested and secure open-source projects. Interestingly, Claude Opus demonstrated a stronger capability for uncovering vulnerabilities rather than generating code to exploit these flaws. Despite investing $4,000 in API credits to craft proof-of-concept exploits, the researchers only succeeded in two instances. This demonstrates the current strengths and limitations of AI models like Claude Opus in vulnerability discovery versus exploit creation.

The Broader Perspective on AI’s Role in Open Source Security

While some fixes are pending for the next release, this collaboration highlights just how impactful AI tools can be for open-source projects. They can dramatically increase the chance of exposed bugs being discovered and patched, though these same tools may also generate a surge of unhelpful merge requests. This duality is something open source communities need to navigate carefully, as discussed further in this TechCrunch article on AI and open source projects. Transitioning to AI-supported code review is a promising step, yet it remains vital for both security experts and maintainer teams to apply rigor and judgment to every new contribution. The Anthropic and Mozilla collaboration proves that leveraging AI can bring measurable improvements, while also requiring attention to avoid new complications for the development workflow.

Tags: Firefox, Anthropic, Claude Opus, siguri, dobësi softuerike, open-source