Tech Explained: Here’s a simplified explanation of the latest technology update around Tech Explained: ‘Anthropic’s AI found more bugs in Firefox browser in 2 weeks than the world reports in two months’ in Simple Termsand what it means for users..
Just 20 minutes. That’s how long Anthropic’s most powerful AI model needed to find its first serious security flaw in Firefox – one of the world’s most popular web browsers. While Anthropic may have been ‘banned’ by Trump administration for use in military operations, Claude is showing is prowess in other areas – like catching bugs in software that may be used by hackers to inflict damage to probably millions. According to a report by The Wall Street Journal, when Anthropic’s team reported the first bug, Mozilla’s engineers didn’t just say thank you. They asked for an urgent call.“What else do you have? Send us more,” Brian Grinstead, an engineer at Mozilla, the not-for-profit organization that runs Firefox, was quoted as saying. Over a two-week stretch in January, Anthropic’s AI model — Claude Opus 4.6 — scanned Firefox’s code and turned up more than 100 bugs. According to Anthropic, of those, 14 were rated “high severity,” which means that in the wrong hands, they could have been used to launch large-scale attacks on Firefox’s millions of users.To understand: Firefox patched 73 high-severity or critical bugs in all of 2024. Claude found 14 in two weeks alone. Mozilla confirmed that Claude had uncovered more high-severity flaws in that short period than the entire global security research community typically reports in two months, the report claimed.“Claude Opus 4.6 discovered 22 vulnerabilities over the course of two weeks. Of these, Mozilla assigned 14 as high-severity vulnerabilities—almost a fifth of all high-severity Firefox vulnerabilities that were remediated in 2025. In other words: AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds,” Anthropic said.
Why Anthropic chose Mozilla Firefox
Anthropic’s security team chose Firefox deliberately. It is one of the most complex and heavily scrutinised pieces of software on the internet. Mozilla has been running a bug bounty program for more than 30 years, paying researchers up to $6,000 for each high-severity flaw they find, the report points.Anthropic’s team also asked Claude to build exploit code – the kind of tool a hacker would use to actually attack someone through a discovered vulnerability. While Claude did write two working exploits, it was only against a test version of Firefox. Firefox’s real-world security defenses would have blocked both of them, according to Logan Graham, who leads Anthropic’s Frontier Red Team — the group that tests Claude for potential risks.The team also made a deliberate choice not to flood Mozilla with every bug Claude found. Instead, they submitted only the ones that were confirmed and reproducible.