Anthropic’s AI model Claude Opus 4.6 discovered 22 vulnerabilities over the course of two weeks in the Chrome competitor Mozilla Firefox, more vulnerabilities than were reported in any single month in 2025.
As more and more industries seem to be waking up to the threat of AI-based automation, new data from browser maker Mozilla is showing how AI is proving proficient at identifying cybersecurity vulnerabilities in popular software.
According to details shared by researchers at Mozilla, Anthropic’s AI model Claude Opus 4.6 discovered 22 vulnerabilities in the Google Chrome competitor Mozilla Firefox over the course of two weeks, and 100 bugs overall. These are more vulnerabilities than were reported in any single month in 2025. Out of the vulnerabilities identified, 14 were classified as high-severity vulnerabilities, almost a fifth of the 73 high-severity Firefox vulnerabilities Mozilla fixed in 2025.
“In other words: AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds,” said the researchers.
The researchers were also able to identify some weaknesses in Opus. Though Claude did very well at identifying bugs, it performed comparatively poorly at exploiting them. Opus 4.6 was only able to actually turn the vulnerabilities it identified into an exploit in two cases, which, according to researchers, were “crude browser exploits” which would be unlikely to work in a real-world scenario due to existing safeguards.
However, some experts have pointed out the issues that leaning too heavily on AI for vulnerability identification can cause. Daniel Stenberg, a lead developer at software firm curl, said that his company has experienced “an explosion in AI slop reports” in a comment to The Wall Street Journal on the findings, adding that fewer than one in 20 bugs reported to the company in 2025 were actually real.
“The AI chatbots still easily hallucinate security problems,” Stenberg said.
The news comes as Anthropic is pivoting more closely into the world of cybersecurity. Earlier this month it launched Claude Code Security, which the company says can not only highlight vulnerabilities but also suggest targeted software fixes for human review, negatively impacting the share prices of some of the largest cybersecurity companies.
