anthropic.com
|
ksl
|
|
Anthropic partnered with Mozilla to point Claude Opus 4.6 at the Firefox codebase, and it found 22 vulnerabilities in February – 14 classified as high-severity by Mozilla, roughly matching one-fifth of all high-severity Firefox bugs remediated across 2025. The first Use After Free surfaced within 20 minutes. Claude scanned nearly 6,000 C++ files, submitted 112 reports, and generated minimal test cases and candidate patches alongside each finding. The exploit side was less impressive: out of several hundred weaponization attempts costing around $4,000 in API credits, only two produced working exploits, both too crude to bypass Firefox’s production sandbox. That gap between finding bugs and exploiting them is the defender advantage Anthropic is banking on. Google’s Project Zero and Microsoft have been running similar AI-assisted audits, but this is the most transparent public accounting of results from a frontier model against a major shipping codebase.
