Claude finds 22 Firefox flaws in two weeks

AI security research just moved from benchmark theater to production reality.

• –Anthropic says Claude scanned nearly 6,000 C++ files and generated 112 reports, with 22 landing as real vulnerabilities Mozilla accepted.
• –The important split is that Claude was far better at finding and patching bugs than weaponizing them, which gives defenders a temporary advantage.
• –This is bigger than Firefox: if top models can reliably surface serious flaws in hardened codebases, security review starts to look like an AI-native workflow.
• –Mozilla’s willingness to triage bulk AI-generated reports is almost as notable as the model output itself, because process changes will matter as much as raw capability.
• –Anthropic is already tying this work to Claude Code Security, suggesting vulnerability discovery is becoming a product category rather than just an internal research demo.