Claude Opus 4.6 found nearly a fifth of 2025’s high-severity Firefox bugs in 14 days. Then it spent $4,000 trying to exploit them and mostly failed.
That’s the entire asymmetry. Anthropic’s AI agent scanned close to 6,000 C++ files in January 2026, submitted 112 unique reports to Mozilla’s Bugzilla, and surfaced 22 vulnerabilities — 14 of them high-severity. That’s roughly 20% of all high-severity Firefox vulnerabilities fixed in 2025, compressed into two weeks of automated analysis. But when the same team tried to weaponize those finds, hundreds of exploitation attempts produced just two crude proof-of-concept attacks — and both only worked in test environments with Firefox’s sandbox stripped out.
The discovery speed aligns with warnings from OpenAI’s Sam Altman that AI agents are finding cyber flaws faster than humans, but the exploitation data tells a different story. Defense scales. Offense doesn’t — at least not yet.
Claude found a year’s worth of Firefox bugs in two weeks — then couldn’t exploit any of them
The same company behind Anthropic’s refusal to work with the Pentagon just proved AI can find critical browser vulnerabilities faster than any human team. Claude Opus 4.6 identified its first Use-After-Free bug in 20 minutes. Most of the 22 CVEs landed in Mozilla’s queue within the January testing window, validated by human researchers who confirmed the model wasn’t hallucinating crashes.
But turning finds into working exploits? The team burned through $4,000 in API credits running hundreds of exploitation attempts. Two succeeded. Both were primitive file read/write attacks. And both required disabling the very sandboxing protections that make modern browsers defensible in the first place.
The cost gap is the story. Discovery is effectively free beyond initial setup — Claude chewed through Firefox’s codebase for pennies per file. Exploitation still costs thousands and requires human oversight at every step. That’s a 200x multiplier, minimum.
The triage crisis nobody’s pricing into the AI security narrative
Mozilla got 112 reports in two weeks. That’s not just bugs — it’s an avalanche of work for maintainers who can’t afford to miss a real vulnerability but lack the infrastructure to process AI-scale submissions efficiently. Brian Grinstead, a Mozilla engineer, noted the “heavy triage burden” and flagged “numerous non-security bugs that impacted user experience” mixed into Claude’s output. Real issues, yes. But also noise.
As Claude’s expanding access to production systems raises new security questions, the Firefox experiment reveals a more immediate problem: AI-generated workload. Anthropic hasn’t published a false positive rate. Mozilla hasn’t disclosed triage hours or rejection counts. We know 22 of 112 reports became CVEs — that’s a 20% hit rate if every report was unique, but no clarity on how many dead ends human reviewers had to chase.
Open-source projects operate on human timelines. AI doesn’t.
And if every AI lab is building similar tools — OpenAI’s red team, Google’s Project Zero equivalents, startups chasing bug bounties — how many 112-report dumps can Firefox, Chromium, or WebKit absorb before critical bugs get lost in the noise?
Why Firefox 148 matters more than the exploit failures
The honest limitation: CVE-2026-2796, rated CVSS 9.8 (critical), sounds terrifying. It only worked in controlled settings with sandboxing disabled. Real Firefox installations — the ones running on hundreds of millions of machines — weren’t vulnerable to Claude’s proof-of-concept attacks. The model found the flaw. It couldn’t bypass the defenses that matter.
But Firefox 148, released February 2026, still patched most of Claude’s finds and pushed them to users worldwide. That’s the real win. Not autonomous exploitation. Faster defender timelines.
Despite Mozilla’s recent AI backlash prompting a kill switch for AI features, the Firefox 148 patches demonstrate AI’s defensive value when properly supervised. Tom Graham from Anthropic framed the urgency plainly: if Claude could uncover undiscovered high-severity vulnerabilities this fast, it provides significant insights into where these capabilities are headed.
The asymmetry is the whole story. AI compressed a year of vulnerability discovery into 14 days. Mozilla’s triage team still operates on human timelines. If Claude can scan 6,000 files in two weeks, and every AI lab is building similar tools, the math gets ugly fast: cheap discovery floods open-source maintainers with work they can’t afford to ignore but lack resources to process efficiently. The real threat isn’t AI hackers. It’s AI-generated triage debt burying the humans who have to fix everything.
