Claude flagged 112 bugs in Firefox, including security vulnerabilities
What's the story
Mozilla has fixed over 100 bugs in its Firefox browser, all of which were flagged by Anthropic's Claude AI. The issues include 22 security vulnerabilities that could have been exploited by hackers. The case highlights how artificial intelligence (AI) is transforming the way software vulnerabilities are discovered, even in well-audited projects like Firefox.
AI discovery
Claude discovered over 500 bugs across open-source projects
Last month, while testing Claude Opus 4.6, Anthropic discovered more than 500 previously unknown flaws across open-source projects. Of these, 112 were reported to Mozilla in a two-week period. The tech company also launched Claude Code Security, an automated code security testing tool that caused a brief stir in cybersecurity stocks.
Bug validation
Mozilla mobilized multiple engineering teams to validate findings
Mozilla responded to the influx of bug reports by mobilizing multiple engineering teams to validate findings and write patches. Brian Grinstead, a senior principal engineer at Mozilla, said that Anthropic had reached out with the first validated security bug a few weeks ago. He added that exploiting these flaws would have required chaining them with other vulnerabilities due to modern browsers' multi-layered defense systems.
Patch release
Patches released in version 148 of Firefox
Mozilla released patches for the identified issues in version 148 of Firefox on February 24. This case highlights the potential challenges that less-resourced open-source maintainers may face as AI tools generate more polished bug reports at a higher rate. The situation could be difficult to manage for smaller teams with limited security staff.