(Credit: Nikolas Kokovlis/NurPhoto via Getty Images)
As more and more industries wake up to the threat of AI-based automation, new data from browser maker Mozilla shows that AI is proving proficient at identifying cybersecurity vulnerabilities in popular software.
According to Mozilla researchers, Anthropic’s AI model, Claude Opus 4.6, discovered 14 high-severity bugs and issued 22 CVEs over the course of two weeks—"almost a fifth of all high-severity Firefox vulnerabilities that were remediated in 2025," they say.
“In other words: AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds,” said the researchers.
The researchers also identified weaknesses in Opus. Though Claude did well at identifying bugs, it performed comparatively poorly at exploiting them. Opus 4.6 was able to turn the vulnerabilities it identified into an exploit in only two cases, which, according to researchers, were “crude browser exploits” unlikely to work in a real-world scenario due to existing safeguards.
However, some experts have pointed out the issues that can arise when leaning too heavily on AI for vulnerability identification. Daniel Stenberg, a lead developer at software firm curl, tells The Wall Street Journal that his company has experienced “an explosion in AI slop reports," adding that fewer than one in 20 bugs reported to the company in 2025 were actually real.
“The AI chatbots still easily hallucinate security problems,” Stenberg said.
The news comes as Anthropic is pivoting more closely into cybersecurity. Earlier this month, it launched Claude Code Security, which the company says can highlight vulnerabilities and suggest targeted software fixes for human review. (The news negatively impacting the share prices of some of the largest cybersecurity companies.)