A security cooperation project between Anthropic (a US artificial intelligence research and product company) and Mozilla (a global non-profit organization focused on promoting an open, safe and mutually beneficial Internet) shows the potential of artificial intelligence in detecting software vulnerabilities.
In two weeks, the Claude AI system found 22 security vulnerabilities in the Mozilla Firefox browser, of which 14 vulnerabilities were rated as highly serious.
According to information from the research team, the vulnerabilities were discovered thanks to the use of the Claude Opus 4.6 AI model. The testing process started from Firefox's JavaScript tool before expanding to many other parts of the source code.
Mozilla said most of the vulnerabilities have been patched in Firefox 148, the version released in February this year. Some remaining bugs are expected to be fixed in the next update.
The research team chose Firefox because this is an open source project with complex code structure and has been thoroughly tested for security.
The fact that AI can still detect many weaknesses in the system shows that this technology can become an effective tool to support network security experts.
However, Claude proved to be better at finding vulnerabilities than creating code to exploit them. The research team spent about $4,000 USD of API credit to test experimental mining methods but only succeeded in two cases.
Test results show that AI can play an important role in enhancing security for open source projects.
However, experts also warn that the use of AI in software development needs to be carefully controlled to avoid creating many substandard code changes.
