Firefox hardens security with Anthropic red team

This is one of the clearest real-world signals yet that LLMs are moving from security demo material to practical vuln discovery for major production codebases.

• –Mozilla says Anthropic delivered reproducible reports with minimal test cases, which matters because AI bug reports usually fail on verification quality rather than raw volume
• –The project surfaced 22 security-sensitive bugs plus 90 additional issues, suggesting AI-assisted review can still find meaningful gaps even in heavily fuzzed and audited software
• –Anthropic’s write-up adds an important caveat: Claude was much better at finding bugs than turning them into working exploits, which gives defenders a temporary edge
• –For developers, the bigger lesson is workflow design, not magic models: trusted verifiers, reproducible PoCs, and candidate patches are what make AI-generated findings operationally useful