During a test, Claude found its first bug in the Firefox web browser within about 20 minutes.
After Claude detected the first vulnerability, Anthropic reported it to Mozilla.
Mozilla confirmed that the bug was serious.
Anthropic recently tested its artificial intelligence model, Claude Opus 4.6, to see its hacking capabilities. During the test, the AI found its first bug in the Firefox web browser within about 20 minutes. Claude’s bug bonanza began when Anthropic’s security team decided to focus its software on a widely-used and complex web browser that has been closely studied for many years.
SurveyAfter Claude detected the first vulnerability, Anthropic reported it to Mozilla, Firefox’s parent company. Mozilla then confirmed that the bug was serious and contacted Anthropic to ask for more details, reports WSJ. ‘What else do you have? Send us more,’ said Brian Grinstead, an engineer with Mozilla.
Anthropic continued submitting the findings to Mozilla. Over a two-week period in January, Claude found more high-severity Firefox bugs than are usually reported globally in about two months, according to Mozilla.
Also read: OpenAI launches GPT 5.4 with better reasoning, coding and professional task support
In total, Claude found more than 100 bugs during the test, the report mentioned. Among them were 14 classified as ‘high severity.’ These types of vulnerabilities can allow attackers to carry out widespread attacks if they were combined with the right exploit code. For comparison, Firefox fixed 73 bugs rated as high severity or critical last year.
Anthropic researchers also asked Claude to generate exploit code. According to Logan Graham, the head of Anthropic’s Frontier Red Team, the AI performed better at identifying bugs than exploiting them. Claude produced two working exploits on a test version of Firefox, but other security protections in the browser would have blocked them in real-world conditions.
Also read: Anthropic CEO criticises OpenAI’s defense deal, questions safety claims
Some developers also note that AI systems sometimes produce incorrect bug reports. ‘The AI chatbots still easily hallucinate security problems,’ said Daniel Stenberg, Curl software’s lead developer. ‘But at the same time, there are quite capable AI-powered code analysers that find real things.’
Also read: Google faces lawsuit alleging Gemini AI manipulated man into suicide: Here’s what happened
Follow Us
Ayushi Jain
Ayushi works as Chief Copy Editor at Digit, covering everything from breaking tech news to in-depth smartphone reviews. Prior to Digit, she was part of the editorial team at IANS. View Full Profile
