Claude Opus 4.6 finds 22 Firefox bugs

This is one of the strongest signs yet that frontier models are becoming practical vulnerability-research tools, not just benchmark toppers. The bigger takeaway for developers is that AI security work now looks less like autocomplete and more like scalable bug hunting paired with human triage.

• –Anthropic says Claude scanned nearly 6,000 C++ files and generated 112 unique reports, which is the kind of search coverage small security teams rarely get on their own
• –Mozilla encouraged Anthropic to submit findings in bulk, suggesting maintainers are starting to adapt their workflows to AI-generated security research
• –Claude was far better at finding bugs than exploiting them, with only two crude exploit successes after about $4,000 in API credits, which still gives defenders a temporary edge
• –The post doubles as a pitch for AI-assisted patching and triage, especially with Anthropic tying the work to its Claude Code Security preview