AI-Powered Security Research Uncovers Multiple Firefox Vulnerabilities

A joint security research initiative between artificial intelligence company Anthropic and browser developer Mozilla has revealed a significant number of previously undiscovered vulnerabilities in the widely used Mozilla Firefox web browser, highlighting the growing role of artificial intelligence in modern cybersecurity investigations.

Using its latest large language model, Claude Opus 4.6, Anthropic discovered 22 previously unknown security vulnerabilities within Firefox during a focused two-week research effort conducted in January 2026. According to the companies, most of the issues have already been resolved in Firefox 148, which was released in late February.

The findings are part of a broader collaboration aimed at evaluating how advanced AI models can assist security engineers in identifying complex software flaws at scale. The research also underscores the emerging potential—and risks—associated with using generative AI systems for vulnerability discovery and exploit development.

Anthropic reported that the vulnerabilities uncovered during the research project ranged in severity from low to critical. The breakdown includes:

• 14 high-severity vulnerabilities
• 7 moderate-severity vulnerabilities
• 1 low-severity vulnerability

Security researchers noted that the high-severity findings alone represent nearly 20% of all high-severity Firefox vulnerabilities patched during 2025, demonstrating how rapidly AI-assisted analysis can uncover issues within large codebases.

One of the most striking discoveries occurred shortly after the model began analyzing Firefox’s code.

According to Anthropic, Claude Opus 4.6 identified a use-after-free vulnerability in the browser’s JavaScript engine after roughly 20 minutes of exploration. Human security researchers subsequently verified the issue in a controlled virtualized testing environment to confirm the vulnerability and eliminate the possibility of a false positive.

Use-after-free bugs occur when a program continues to reference memory after it has been freed. Attackers can sometimes manipulate this behavior to execute arbitrary code or crash applications. These flaws are considered especially dangerous in browsers because they may allow attackers to compromise a user’s system simply by visiting a malicious webpage.

During the experiment, the AI model systematically examined large portions of Firefox’s source code. Researchers reported that Claude analyzed nearly 6,000 C++ source files, identifying potential weaknesses across multiple components of the browser.

The effort resulted in 112 unique vulnerability reports submitted to Mozilla, with many classified as minor or informational issues and others representing serious security risks.

Mozilla confirmed that the majority of these vulnerabilities have already been patched in Firefox 148, while additional fixes are expected to appear in upcoming releases as part of the browser’s regular security update cycle.

The browser developer emphasized that the collaboration demonstrates how AI-assisted analysis can complement traditional software testing techniques.

“The scale of findings reflects the power of combining rigorous engineering with new analysis tools for continuous improvement,” Mozilla said in a statement. “We view this as clear evidence that large-scale, AI-assisted analysis is a powerful new addition to security engineers’ toolbox.”

Beyond vulnerability discovery, Anthropic also explored whether its AI model could autonomously convert the discovered flaws into working exploits—code designed to take advantage of software vulnerabilities.

To test this capability, researchers gave Claude Opus 4.6 access to the full set of vulnerabilities previously submitted to Mozilla and instructed it to attempt exploit development.

The experiment was repeated several hundred times, consuming approximately $4,000 in API credits during the process. Despite these extensive attempts, the AI successfully produced working exploit code in only two instances.

This outcome suggests that, while AI models are increasingly capable of identifying vulnerabilities, the process of developing reliable exploits remains significantly more complex. Turning a vulnerability into a functional exploit often requires deep knowledge of memory management, system architecture, and security mitigation techniques.

One of the vulnerabilities successfully exploited by the AI model was tracked as CVE-2026-2796, a critical flaw assigned a CVSS score of 9.8.

The vulnerability was linked to a just-in-time (JIT) miscompilation issue within Firefox’s JavaScript WebAssembly implementation.

Modern browsers use JIT compilation to improve performance by translating frequently executed JavaScript or WebAssembly code into optimized machine instructions at runtime. However, errors in the compilation process can sometimes produce unintended behaviors that attackers may exploit.

In this case, the miscompilation allowed the model to generate an exploit capable of triggering unintended execution paths within the testing environment.

Anthropic noted that the exploit worked only under controlled laboratory conditions. For testing purposes, certain browser security protections—such as sandboxing mechanisms—were intentionally disabled.

Sandboxing normally prevents browser processes from interacting directly with sensitive system resources, serving as a critical defense against browser-based attacks.

A key component of the experiment involved an automated task verification system designed to evaluate whether the AI-generated exploit attempts were successful.

The system provided real-time feedback to the AI model during the exploit development process. If an exploit failed, the model could adjust its strategy and attempt alternative approaches.

Anthropic described this feedback mechanism as a critical element enabling iterative experimentation. The same concept is also being applied to vulnerability remediation.

In recent weeks, the company introduced Claude Code Security, an experimental research platform designed to allow AI systems to generate proposed patches for discovered vulnerabilities.

According to Anthropic, the platform uses verification tools to ensure that AI-generated patches fix the identified vulnerability without breaking existing functionality.

“We can’t guarantee that all agent-generated patches that pass these tests are good enough to merge immediately,” the company said. “But task verifiers give us increased confidence that the produced patch will fix the specific vulnerability while preserving program functionality.”

Mozilla also revealed that the AI-assisted research uncovered approximately 90 additional bugs, many of which have already been addressed.

A number of these were assertion failures, which are software errors typically detected through fuzzing, a widely used vulnerability discovery technique that feeds random inputs into applications in order to trigger unexpected behavior.

However, the AI analysis also identified logic errors and structural code weaknesses that traditional fuzzing tools failed to detect.

Security researchers increasingly believe that AI systems may serve as a powerful complement to existing testing methods, particularly when analyzing extremely large and complex codebases such as modern web browsers.

Browsers are among the most security-sensitive software platforms in use today, as they process untrusted content from the internet and serve as gateways to sensitive personal and corporate data.

The collaboration between Anthropic and Mozilla arrives at a time when artificial intelligence is rapidly transforming both defensive and offensive cybersecurity capabilities.

On the defensive side, AI-driven code analysis could help software developers detect vulnerabilities earlier in the development process, reducing the number of exploitable flaws that reach production systems. However, the same technology could eventually be used by malicious actors to automate vulnerability discovery and exploit development.

For now, Anthropic’s findings suggest that AI models remain far more effective at identifying vulnerabilities than weaponizing them. However, improvements in model capabilities could eventually narrow that gap. The experiment therefore serves as both a technological milestone and a reminder of the evolving cybersecurity challenges facing the software industry. As AI systems become more capable, organizations will likely need to adopt similar tools themselves to stay ahead of potential threats.

For Mozilla and Anthropic, the research demonstrates that artificial intelligence can already function as a valuable partner in the ongoing effort to secure complex software ecosystems.

Join this webinar to understand how AI is reshaping insider risk, and what practical steps IT teams should take now