AI systems already seem to be vastly superior to most humans at debugging existing codebases.
The latest evidence comes from Anthropic, which published a detailed account today of a collaboration with Mozilla in which Claude Opus 4.6 discovered 22 vulnerabilities in Firefox over the course of two weeks in February 2026. Of those, Mozilla classified 14 as high-severity — accounting for nearly a fifth of all high-severity Firefox vulnerabilities that were addressed across the entire year of 2025.
To put that number in context: Claude found more high-severity vulnerabilities in two weeks than were reported from any single month in 2025.
The project began as an internal evaluation exercise. In late 2025, Anthropic noticed that Claude Opus 4.5 was approaching a perfect score on CyberGym, a benchmark that tests whether AI models can reproduce known security vulnerabilities. Wanting a harder test, Anthropic built a dataset of prior Firefox CVEs (Common Vulnerabilities and Exposures) and asked Claude to see if it could reproduce them in older versions of the codebase. The results surprised the team — Opus 4.6 reproduced a high proportion of historical CVEs, each of which had originally taken substantial human effort to find.
But there was a possible confounding factor: some of those historical bugs might have been in Claude’s training data. So Anthropic took the harder step of pointing Claude at the current version of Firefox and asking it to find bugs that had never been reported before.
Within twenty minutes, Claude flagged a Use After Free vulnerability in Firefox’s JavaScript engine — a class of memory flaw that can allow attackers to overwrite data with arbitrary malicious content. Three Anthropic researchers independently validated the bug, and a report was filed in Bugzilla, Mozilla’s issue tracker, along with a candidate patch written by Claude.
By the time the first report was filed, Claude had already identified fifty additional unique crashing inputs. Over the full course of the project, Anthropic scanned nearly 6,000 C++ files and submitted 112 unique reports. Most issues have been fixed in Firefox 148.0, which has already shipped to hundreds of millions of users.
The choice of Firefox was deliberate. It is not only a complex, multi-million-line codebase but one of the most rigorously tested open-source projects in existence. Finding novel bugs in Firefox is a harder problem than finding them in less mature software. Anthropic has previously documented Claude finding more than 500 zero-day vulnerabilities across a range of open-source projects, but the Firefox collaboration represents a step up in difficulty and real-world significance.
This fits a broader pattern of increasing AI use at coding. Claude Code’s creator Boris Cherny has said he didn’t open an IDE for an entire month, with Opus 4.5 writing every line of code he shipped. A Google Principal Engineer said Claude Code built in an hour what her team had built in a year. And Claude Code now accounts for roughly 4% of all public GitHub commits, with projections suggesting that figure could reach 20% by end of 2026.
Anthropic also tested whether Claude could go further than finding bugs — specifically, whether it could build working exploits from the vulnerabilities it discovered. The results here were more limited, but still notable. Running several hundred exploit-generation attempts at a cost of approximately $4,000 in API credits, Claude was able to turn a discovered vulnerability into a functioning exploit in only two cases. Those exploits were crude — they only worked in a test environment with certain browser security features deliberately disabled — and Firefox’s sandbox architecture would have mitigated them in a real-world scenario. Still, the fact that Claude could automate any part of the exploit development pipeline, even occasionally, is a development the security community will want to take seriously.
The asymmetry between finding and exploiting is the key point Anthropic wants to emphasize. Claude is dramatically better at discovering vulnerabilities than at weaponizing them, which means defenders currently have a meaningful advantage. The company has used this framing to argue that now is precisely the time for developers to act, while AI is more useful for security research than for attacks.
The security implications extend beyond Firefox. Anthropic notes it has also used Opus 4.6 to find vulnerabilities in the Linux kernel, and says it plans to significantly expand its cybersecurity work — including developing tools to help maintainers triage bug reports and proposing patches directly. Mozilla researchers have since begun experimenting with Claude for security work internally.
The uncomfortable subtext of all this is that the gap between AI’s vulnerability-discovery capabilities and its exploitation capabilities is likely to narrow. Vibe-coded software has already been shown to carry some security risks, and as AI becomes more deeply embedded in the software development process, the attack surface expands even as AI tools improve defenders’ ability to find flaws. Anthropic is explicit about this tension: if future models close the gap between finding and exploiting vulnerabilities, the company says it will need to consider additional safeguards to prevent misuse. For now, the window in which AI is more useful to defenders than to attackers is open — but it may not stay open indefinitely.