When you want to talk about Anthropic without mentioning the Pentagon for once, they’ve got a pretty impressive story to tell.
Claude as Security Auditor
Anthropic partnered with Mozilla for an experiment: let Claude Opus 4.6 scan Firefox’s source code for security vulnerabilities. For two weeks straight. The results surprised even the people involved.
22 previously unknown vulnerabilities. 14 classified as high-severity — that’s nearly a fifth of all high-severity Firefox bugs that were fixed throughout 2025. In two weeks.
How It Worked
Anthropic’s team started with the JavaScript engine and then moved into other parts of the codebase. In total, they scanned close to 6,000 C++ files. By the end, they had filed 112 individual reports — alongside the high-severity issues, another 90 bugs were found, most of which have already been patched.
All critical vulnerabilities were addressed in Firefox 148. Mozilla has already announced plans to permanently integrate AI-powered code analysis into their internal security workflow.
What This Means
This is a pretty strong signal. Not because AI is replacing security researchers — we’re far from that. But because it shows that LLMs can find real, actual vulnerabilities in production code. Not toy examples, not CTF challenges, but in one of the most widely used pieces of software on the planet.
And it also shows something else: the most interesting applications of AI often happen where nobody’s looking. While the world debates Pentagon deals, Claude is quietly finding critical bugs in Firefox.
Let’s see which open-source project is next.
Sources: