"Recently, Claude Opus 4.6 found 22 security vulnerabilities in Firefox in just two weeks. Fourteen earned high-severity classifications, which is almost 20% of all high-severity Firefox bugs patched throughout 2025. Anthropic's research went further than discovery: Claude actually wrote working exploits for some of these bugs."
"Each came with minimal test cases, detailed proofs of concept, and candidate patches. Their team could quickly verify and reproduce the issues. The 22 CVEs exceed the number of vulnerabilities reported in any single month in 2025, as Claude found 90 additional bugs beyond the security-critical ones, most of which are now fixed."
"Grinstead and Holler stated that, despite Firefox having undergone extensive fuzzing, static analysis, and regular security reviews for decades, the model revealed many previously unknown bugs. They compared this moment to the early days of fuzzing, suggesting there is likely a substantial backlog of now-discoverable bugs across widely deployed software."
Claude Opus 4.6 identified 22 security vulnerabilities in Firefox over two weeks, with fourteen earning high-severity classifications representing nearly 20% of all high-severity Firefox bugs patched in 2025. Claude generated working exploits for some vulnerabilities and provided minimal test cases, detailed proofs of concept, and candidate patches. Mozilla validated and fixed these issues in Firefox 148. The 22 CVEs exceeded any single month's vulnerability reports in 2025, with 90 additional bugs also discovered. Some findings matched traditional fuzzing results while others represented entirely new logic error classes. Despite decades of fuzzing, static analysis, and security reviews, Claude revealed previously unknown bugs, suggesting substantial backlogs of discoverable vulnerabilities across widely deployed software.
#ai-security-research #vulnerability-discovery #firefox-security #exploit-development #cybersecurity-threats
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]