Top AI Product

So Anthropic just dropped one of the most impressive AI-assisted security projects I’ve seen in a while. They pointed Claude Opus 4.6 at the Firefox codebase and let it hunt for bugs — and within just two weeks, it [uncovered 22 CVEs](https://blog.mozilla.org/en/firefox/hardening-firefox-anthropic-red-team/), 14 of which were rated high severity. That’s more security bugs than were reported in any single month throughout all of 2025.

Here’s the part that really got me: Claude found a Use After Free vulnerability in Firefox’s JavaScript engine within the first 20 minutes of scanning. Twenty minutes. The kind of memory safety bug that human security researchers might spend weeks chasing down. Anthropic’s Frontier Red Team then went on to scan close to 6,000 C++ files and submitted [112 independent bug reports](https://www.anthropic.com/news/mozilla-firefox-security) to Mozilla over the two-week engagement. Beyond the 22 security-sensitive issues, they also surfaced 90 additional bugs that Mozilla has mostly patched by now.

What makes this especially interesting is how the collaboration worked. Anthropic didn’t just dump a list of potential issues — they provided minimal test cases for each bug, letting Mozilla’s security team quickly verify and reproduce the findings. According to [Axios](https://www.axios.com/2026/03/06/anthropic-mozilla-claude-opus-bug-hunting), Logan Graham from Anthropic’s Frontier Red Team noted that Claude proved far better at finding bugs than exploiting them. The model did manage to write two working exploits for a test version of the browser, but Firefox’s layered defense mechanisms would have stopped them in production. One of those exploits targeted CVE-2026-2796, a JIT miscompilation in the WebAssembly component — Anthropic even published a [detailed reverse engineering writeup](https://red.anthropic.com/2026/exploit/) on that one.

All fixes shipped in Firefox 148 back on February 24th. The [Hacker News thread](https://news.ycombinator.com/item?id=47273854) blew up with 289 points and 95 comments, and for good reason — the security community is genuinely reckoning with what it means when an AI model can outpace traditional bug-hunting efforts at this scale. Coverage also landed on Axios, the Anthropic Blog, and Tildes within the same day.

Whether you’re excited or slightly unnerved by this, it’s hard to deny the results. Two weeks, nearly 6,000 files, 22 CVEs. The era of AI-powered security auditing isn’t theoretical anymore — Mozilla just showed us what responsible adoption looks like in practice.