Mozilla Partners with Anthropic to Better Secure Firefox

Paul Thurrott
Mar 07, 2026
7

Mozilla and Anthropic announced that they are partnering to improve the security and stability of the Firefox web browser.

“A few weeks ago, Anthropic’s Frontier Red Team approached us with results from a new AI-assisted vulnerability-detection method that surfaced more than a dozen verifiable security bugs, with reproducible tests,” Mozilla’s Brian Grinstead and Christian Holler explain. “Our engineers validated the findings and landed fixes ahead of the recently shipped Firefox 148.”

As Mozilla explains, this isn’t a one-off: Unlike the previous AI-assisted bug reports it’s received, which included false positives that required unnecessary work on its part, the Anthropic bug reports were different. They focused on the Firefox JavaScript engine. And each included minimal test cases to help Mozilla quickly verify and reproduce each issue.

The results were so overwhelmingly positive that the two organizations began collaborating on the rest of the Firefox codebase within hours.

“In total, we discovered 14 high-severity bugs and issued 22 CVEs [common vulnerabilities and exposures] as a result of this work,” Mozilla says. “All of these bugs are now fixed in the latest version of the browser. In addition to the 22 security-sensitive bugs, Anthropic discovered 90 other bugs, most of which are now fixed.”

Anthropic says that it’s been using its AI models to identify high-severity vulnerabilities in complex software, and it’s found over 500 zero-day vulnerabilities in open source software so far.

“AI is making it possible to detect severe security vulnerabilities at highly accelerated speeds,” Anthropic says. “As part of this collaboration, Mozilla fielded a large number of reports from us, helped us understand what types of findings warranted submitting a bug report, and shipped fixes to hundreds of millions of users in Firefox 148.0. Their partnership, and the technical lessons we learned, provides a model for how AI-enabled security researchers and maintainers can work together to meet this moment.”

Anthropic Claude scanned almost 6,000 C++ files and submitted a total of 112 unique bug reports to Mozilla. Most of the bugs, including the most serious, were fixed in Firefox 148, and the rest will be fixed soon. Interesting stuff.

Tagged with

About author

Paul Thurrott

Paul Thurrott is an award-winning technology journalist and blogger with 30 years of industry experience and the author of 30 books. He is the owner of Thurrott.com and the host of three tech podcasts: Windows Weekly with Leo Laporte and Richard Campbell, Hands-On Windows, and First Ring Daily with Brad Sams. He was formerly the senior technology analyst at Windows IT Pro and the creator of the SuperSite for Windows from 1999 to 2014 and the Major Domo of Thurrott.com while at BWW Media Group from 2015 to 2023. You can reach Paul via email, Twitter or Mastodon.

View Articles

Currently on Forums
Visit the forums
- Déjà vu
  Posted by Paul Thurrott
  
  8
  comments
- I hate technology
  Posted by scoop
  
  9
  comments
- Intel Core Ultra 400 Desktop Leaks
  Posted by Scott
  
  1
  comment
- tuta.com announces Tuta Drine
  Posted by Christian Gaeng
  
  2
  comments
Podcasts
Podcast Hub
- First Ring Daily 1948: Tim to John
  
  Aired on April 21, 2026 by Brad Sams with 0 Comments
- First Ring Daily 1947: Dog Depot
  
  Aired on April 20, 2026 by Brad Sams with 0 Comments
- First Ring Daily 1946: Mulch Depot
  
  Aired on April 17, 2026 by Brad Sams with 1 Comment
- Windows Weekly 979: The Nespresso of the PC World
  
  Aired on April 16, 2026 by Paul Thurrott with 0 Comments
Join the crowd where the love of tech is real - become a Thurrott Premium Member today!

Explore Premium Benefits

Tagged with

Share post