.png){kind=logo}
Artificial intelligence is quickly expanding into areas that were once dominated by human security researchers. A recent experiment involving Claude Opus 4.6 suggests that AI systems may soon play a larger role in identifying software vulnerabilities. During a controlled test, the model discovered a serious flaw in Mozilla Firefox within about 20 minutes.
The finding has sparked fresh debate in the cybersecurity community about AI’s role in reshaping vulnerability detection.
Researchers at Anthropic designed the experiment to evaluate whether an advanced AI model could identify software bugs in complex, widely used programs. They chose Firefox as the browser’s codebase has been examined extensively by security experts over the years.
Despite such scrutiny, Claude detected its first vulnerability in just 20 minutes.
Anthropic promptly reported the issue to Mozilla, the organisation behind Firefox. Mozilla engineers later confirmed that the vulnerability was serious and requested further details from researchers.
The initial finding was only the beginning. Over a two-week testing period in January, Claude continued analysing Firefox’s code and submitted multiple vulnerability reports.
According to Mozilla, the AI identified more high-severity bugs during this short window compared to what is typically reported globally in nearly two months.
The model identified more than 100 bugs, including 14 classified as high severity. The existing vulnerabilities require correct exploit code to allow attackers to conduct large-scale attacks against the system.
The scale of Claude’s findings is evident from the fact that Firefox fixed 73 high-severity or critical vulnerabilities during the previous year.
Also Read: Fake Claude Code Downloads Spread Malware, Target Developers
Anthropic researchers also asked the AI to generate exploit code for the vulnerabilities it identified. While Claude succeeded in producing two working exploits on a test version of Firefox, additional security protections would have prevented them from functioning in real-world conditions.
Experts say the results underline both the promise and limitations of AI-driven security tools. Some developers caution that AI systems still occasionally generate false reports or ‘hallucinate’ vulnerabilities.
However, the experiment signals a growing shift: AI may soon become a powerful assistant for cybersecurity teams searching for hidden flaws in complex software systems.
