"By the end of this effort, we had scanned nearly 6,000 C++ files and submitted a total of 112 unique reports, including the high- and moderate-severity vulnerabilities mentioned above. Most issues have been fixed in Firefox 148, with the remainder to be fixed in upcoming releases."
"Anthropic said the LLM detected a use-after-free bug in the browser's JavaScript after 'just' 20 minutes of exploration, which was then validated by a human researcher in a virtualized environment to rule out the possibility of a false positive."
"Despite carrying out the test several hundred times and spending about $4,000 in API credits, the company said Claude Opus 4.6 was able to turn the security defect into an exploit only in two cases. This behavior signaled two important aspects: the cost of identifying vulnerabilities is cheaper than creating an exploit for them, and the model is better at finding issues than at exploiting them."
Anthropic identified 22 security vulnerabilities in Firefox through a partnership with Mozilla, comprising 14 high-severity, 7 moderate, and 1 low-severity issues addressed in Firefox 148. Claude Opus 4.6 detected a use-after-free bug in JavaScript within 20 minutes. The effort scanned nearly 6,000 C++ files and submitted 112 unique reports. When tasked with developing exploits from submitted vulnerabilities, Claude succeeded only twice despite hundreds of attempts and $4,000 in API costs. This reveals that vulnerability identification is more cost-effective than exploit creation, and the model excels at finding issues rather than exploiting them.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]