Anthropic’s Claude Opus 4 Detects 22 Firefox Flaws in Just Two Weeks

Claude Opus 4.6’s two‑week sprint in January 2026 was a tightly scoped, production‑grade test of an LLM’s ability to act as a security analyst on a mature codebase. Rather than running on synthetic benchmarks, Anthropic gave the model direct read‑only access to the Firefox source tree and let it generate crash inputs, hypotheses, and even candidate patches, which were then funneled through Mozilla’s standard Bugzilla workflow (CoreProse, March 20). Within 20 minutes of kickoff the model produced a use‑after‑free exploit in the SpiderMonkey JavaScript engine; the bug was verified and patched by Mozilla engineers, demonstrating that Claude could move from raw code inspection to actionable proof‑of‑concept in real time (CoreProse). Over the full engagement the model scanned roughly 6,000 C++ files, produced dozens of crashing inputs during early triage, and contributed 112 distinct bug reports that were ultimately assigned CVE identifiers (CoreProse).

The output quality set the effort apart from typical AI‑generated bug reports. Mozilla security staff noted that Claude’s submissions routinely included minimized test cases, step‑by‑step reproduction instructions, and even candidate fixes mapped to specific source files and functions (CoreProse). This level of detail slashed the time engineers spent on validation, allowing the team to confirm and prioritize issues far more quickly than with conventional external disclosures. Of the 22 vulnerabilities uncovered, 14 were classified as high severity, seven as moderate, and one as low; the high‑severity bugs alone accounted for almost 20 % of all high‑severity Firefox issues patched in 2025 (CoreProse). Mozilla shipped fixes for most of the findings in the Firefox 148 release, with the remainder slated for upcoming updates, proving that AI‑found bugs can be remediated at internet scale within weeks of discovery (CoreProse).

In contextual terms, the Claude sprint outpaced the combined output of all other sources for February 2026, reporting more new Firefox CVEs in a single month than any month of 2025 (CoreProse). The 22 new CVEs represent a concentration of vulnerability discovery that would normally require months of manual fuzzing, static analysis, and peer review across multiple security teams. By compressing a year’s worth of high‑severity findings into a two‑week AI‑augmented engagement, the experiment forces security leaders to reconsider threat modeling assumptions that mature software is “battle‑tested” and therefore largely immune to novel attack vectors (CoreProse). The result also underscores a broader industry trend: as LLMs become more adept at code reasoning, they can serve as force multipliers for both offensive and defensive security operations.

Anthropic’s approach combined large‑scale language modeling with a structured pipeline that mirrored human security workflows. After Claude generated crash inputs, a human‑in‑the‑loop step validated the findings on virtual machines before they entered Bugzilla (CoreProse). The model also proposed candidate patches, which Mozilla engineers sometimes used as starting points for their own fixes (CoreProse). This hybrid reasoning—leveraging AI for rapid hypothesis generation while retaining expert oversight for verification—mirrored Anthropic’s broader research direction, as highlighted in recent Wired coverage of the company’s “hybrid reasoning” models (Wired). The success of the Claude Opus 4.6 experiment suggests that similar AI‑augmented security programs could be deployed across other enterprise software stacks, where the backlog of unexamined code is likely far larger than Firefox’s already heavily audited codebase (CoreProse).