"Anthropic's team used Claude Opus 4.6 over the span of two weeks, starting in the javascript engine and then expanding to other portions of the codebase. According to the post, the team focused on Firefox because "it's both a complex codebase and one of the most well-tested and secure open-source projects in the world.""
"Notably, Claude Opus was much better at finding vulnerabilities than writing software to exploit them. The team ended up spending $4,000 in API credits trying to concoct proof-of-concept exploits, but only succeeded in two cases."
Anthropic partnered with Mozilla to conduct a security audit of Firefox using Claude Opus 4.6 over two weeks. The AI model identified 22 separate vulnerabilities, with 14 classified as high-severity. Most vulnerabilities were patched in Firefox 148 released in February, with remaining fixes scheduled for future releases. The team focused on Firefox due to its complexity and status as a well-tested, secure open-source project. Claude Opus proved significantly more effective at identifying vulnerabilities than creating proof-of-concept exploits, requiring $4,000 in API credits to successfully develop only two exploits. This demonstrates AI's substantial value for enhancing open-source security.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]