Claude Opus 4.6 Found 100+ Firefox Bugs in Two Weeks — New WSJ Details on Mozilla AI Security Collaboration

The Wall Street Journal reports that Mozilla says Claude Opus 4.6 found more than 100 bugs in Firefox in just two weeks during a January 2026 engagement — 14 of them high-severity — which represents more bugs than Firefox typically receives in two months of conventional security reporting. This new reporting adds significant additional detail to Mozilla's earlier blog post about the Anthropic AI red team collaboration, confirming the specific model version (Claude Opus 4.6) and the compressed two-week timeline. The finding has prompted Mozilla to integrate AI-assisted analysis into its ongoing security workflow, while also raising concerns in the security community that the same AI capabilities could be turned toward exploitation at scale.

Key Takeaways

• Claude Opus 4.6 found 100+ Firefox bugs in 2 weeks (January 2026), 14 high-severity — exceeding Mozilla's typical two-month bug intake volume, per Mozilla via WSJ reporting\n· Specific model identified as Opus 4.6 (distinct from earlier Mozilla blog post wording); the engagement revealed logic error classes not previously surfaced by traditional fuzzing or security review\n· Mozilla and security experts note dual-use risk: AI tools increasingly adept at finding bugs may be equally capable of exploiting them in adversarial hands

Original source: Wall Street Journal / Techmeme