Anthropic said Friday it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.
Of these, 14 have been placed in the high category, seven have been placed in the moderate category and one has been placed in the low category in severity. The issues were addressed in Firefox 148, released late last month. The vulnerabilities were identified over a two-week period in January 2026.
The artificial intelligence (AI) company said the number of high-severity bugs identified by its Cloud Opus 4.6 large language model (LLM) represents “about a fifth” of all high-severity vulnerabilities patched in Firefox in 2025.
Anthropic said the LLM detected a use-after-free bug in the browser’s JavaScript after “just” 20 minutes of searching, which was validated by a human researcher in a virtual environment to rule out the possibility of a false positive.
“By the end of this effort, we had scanned approximately 6,000 C++ files and submitted a total of 112 unique reports, including the high- and medium-severity vulnerabilities mentioned above,” the company said. “Most issues have been fixed in Firefox 148, the remainder will be fixed in upcoming releases.”
The AI upstart said it provided its cloud model with access to the full list of vulnerabilities submitted to Mozilla and tasked the AI tool with developing a workable exploit for them.
Despite testing several hundred times and spending nearly $4,000 in API credits, the company said Cloud Opus 4.6 was only able to convert the security flaw into an exploit in two cases.
This behavior indicates two important aspects, the company said: the cost of identifying vulnerabilities is cheaper than creating exploits for them, and the model is better at finding issues than exploiting them.
“However, the fact that the cloud could succeed in automatically developing a crude browser exploit, even if only in some cases, is worrying,” Anthropic stressed, adding that the exploit only works within the bounds of its test environment, in which some security features like sandboxing have been deliberately removed.
A key component included in the process is a working verifier to determine whether an exploit actually works, giving real-time feedback to the tool as it searches the codebase in question and allowing it to repeat its results until a successful exploit is produced.
One such exploit was written by Cloud for CVE-2026-2796 (CVSS score: 9.8), which is described as a just-in-time (JIT) miscompilation in the JavaScript WebAssembly component.
The revelation comes just weeks after the company released Cloud Code Security in a limited research preview as a way to fix vulnerabilities using an AI agent.
“We cannot guarantee that all agent-generated patches that pass these tests are good enough to immediately merge,” Anthropic said. “But functional verifiers give us more confidence that the produced patch will fix the specific vulnerability while preserving the functionality of the program – and therefore achieve what is considered the minimum requirement for a plausible patch.”
Mozilla said in a coordinated announcement that the AI-assisted approach had discovered 90 other bugs, most of which have been fixed. These included assertion failures that overlapped with issues traditionally found through fuzzing and separate classes of logic errors that fuzzers failed to catch.
“The scale of the findings demonstrates the power of combining rigorous engineering with new analysis tools to drive continued improvement,” the browser maker said. “We see this as clear evidence that large-scale, AI-assisted analysis is a powerful new contribution to the toolbox of security engineers.”
