135/69 Monday, March 9, 2026
Anthropic has announced the discovery of 22 previously unknown vulnerabilities in the Mozilla Firefox browser through a collaboration with Mozilla. The findings were made using the large language model Claude Opus 4.6, which analyzed Firefox source code for only two weeks in January 2026. Among the vulnerabilities discovered, 14 were classified as high severity, accounting for nearly one-fifth of all high-severity vulnerabilities fixed in Firefox during 2025. The AI model was able to identify certain use-after-free vulnerabilities within approximately 20 minutes, and the issues have already been patched in Firefox version 148.
According to Anthropic, the AI scanned more than 6,000 C++ source files and submitted 112 detailed reports to Mozilla. Researchers also tested whether the AI could automatically generate exploits from the identified vulnerabilities. The results showed that while the model was highly effective at discovering vulnerabilities at a lower cost than exploit development, its ability to generate working exploits was limited. Out of hundreds of attempts, Claude successfully generated exploits in only two cases, including CVE-2026-2796 (CVSS 9.8), which involves a flaw in the processing of JavaScript WebAssembly. Nevertheless, the fact that AI can autonomously generate exploit code-even in limited cases-raises concerns about the future threat landscape.
Mozilla noted that the AI-assisted analysis also led to the identification of over 90 additional vulnerabilities, most of which were logic errors that traditional security tools had failed to detect. The incident highlights how large-scale AI-assisted code analysis is becoming a powerful tool for security engineers. However, experts emphasize that human review remains essential, particularly to verify patches generated by AI and ensure that fixes do not disrupt core system functionality.
Source https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html