[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"kb-article-how-claude-opus-4-6-found-22-firefox-vulnerabilities-in-2-weeks-en":3,"ArticleBody_4aWaPWs3VNiiF10V5a8ztLMqb6w5Xc6Qf1CG4jc":103},{"article":4,"relatedArticles":72,"locale":62},{"id":5,"title":6,"slug":7,"content":8,"htmlContent":9,"excerpt":10,"category":11,"tags":12,"metaDescription":10,"wordCount":13,"readingTime":14,"publishedAt":15,"sources":16,"sourceCoverage":56,"transparency":57,"seo":61,"language":62,"featuredImage":63,"featuredImageCredit":64,"isFreeGeneration":68,"trendSlug":56,"niche":69,"geoTakeaways":56,"geoFaq":56,"entities":56},"69bd2b405dcedbf95be0c877","How Claude Opus 4.6 Found 22 Firefox Vulnerabilities in 2 Weeks","how-claude-opus-4-6-found-22-firefox-vulnerabilities-in-2-weeks","Anthropic and Mozilla ran a live‑fire experiment: could an AI model find serious, previously unknown vulnerabilities in one of the most tested browsers on earth?\n\nIn a focused two‑week sprint in January 2026, Claude Opus 4.6 uncovered 22 new Firefox vulnerabilities, all confirmed by Mozilla and assigned CVEs. Fourteen were rated high severity, seven moderate, and one low, with most fixes shipped to hundreds of millions of users in Firefox 148.[5][6][8]\n\n💡 **Why this matters:** Those 14 high‑severity bugs represent almost a fifth of all high‑severity Firefox vulnerabilities remediated in 2025, concentrated into a single AI‑augmented engagement.[5][6][8] That discovery rate forces security leaders to rethink how software will be attacked—and defended—over the next few years.\n\n---\n\n## 1. What Anthropic and Mozilla Actually Achieved\n\nInstead of testing Claude Opus 4.6 on synthetic benchmarks, Anthropic embedded it into a real security partnership with Mozilla, giving it targeted access to the Firefox codebase as a production‑grade testbed.[6][8]\n\nOver two weeks in January 2026, Claude identified 22 previously unknown Firefox vulnerabilities that Mozilla triaged, confirmed, and assigned CVEs.[5][6][8]\n\n- 14 high‑severity  \n- 7 moderate  \n- 1 low[5][8]\n\n📊 **Impact in context**\n\n- 22 new Firefox CVEs in 14 days  \n- 14 high‑severity issues—almost 20% of all high‑severity Firefox bugs patched in 2025[3][5][6][8]  \n- More Firefox vulnerabilities reported in February 2026 by Claude than in any single month of 2025 from all sources combined[6][7][9]\n\nMozilla shipped fixes for most of these vulnerabilities in Firefox 148, with the rest scheduled for upcoming releases, showing that AI‑found bugs can move rapidly from discovery to remediation at internet scale.[5][6][8]\n\n💼 **Strategic takeaway:** In a codebase that has been fuzzed, audited, and hardened for decades, one AI‑augmented sprint matched a substantial fraction of a full year’s human‑driven high‑severity discovery.[3][5][6][9] For most enterprise software, the untouched backlog is likely much larger.\n\n---\n\n## 2. How Claude Opus 4.6 Actually Found the Bugs\n\nClaude’s first major win came quickly: within 20 minutes, it identified a use‑after‑free vulnerability in Firefox’s SpiderMonkey JavaScript engine, later confirmed and patched by Mozilla.[3][5][8] That early success evolved into a systematic pipeline.\n\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215123935\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1704.53125px;\" viewBox=\"0 0 1704.53125 119\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215123935{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215123935 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215123935 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215123935 .error-icon{fill:#552222;}#diagram-1775215123935 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215123935 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215123935 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215123935 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215123935 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215123935 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215123935 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215123935 .marker{fill:#333333;stroke:#333333;}#diagram-1775215123935 .marker.cross{stroke:#333333;}#diagram-1775215123935 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215123935 p{margin:0;}#diagram-1775215123935 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215123935 .cluster-label text{fill:#333;}#diagram-1775215123935 .cluster-label span{color:#333;}#diagram-1775215123935 .cluster-label span p{background-color:transparent;}#diagram-1775215123935 .label text,#diagram-1775215123935 span{fill:#333;color:#333;}#diagram-1775215123935 .node rect,#diagram-1775215123935 .node circle,#diagram-1775215123935 .node ellipse,#diagram-1775215123935 .node polygon,#diagram-1775215123935 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215123935 .rough-node .label text,#diagram-1775215123935 .node .label text,#diagram-1775215123935 .image-shape .label,#diagram-1775215123935 .icon-shape .label{text-anchor:middle;}#diagram-1775215123935 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215123935 .rough-node .label,#diagram-1775215123935 .node .label,#diagram-1775215123935 .image-shape .label,#diagram-1775215123935 .icon-shape .label{text-align:center;}#diagram-1775215123935 .node.clickable{cursor:pointer;}#diagram-1775215123935 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215123935 .arrowheadPath{fill:#333333;}#diagram-1775215123935 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215123935 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215123935 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215123935 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215123935 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215123935 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215123935 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215123935 .cluster text{fill:#333;}#diagram-1775215123935 .cluster span{color:#333;}#diagram-1775215123935 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215123935 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215123935 rect.text{fill:none;stroke-width:0;}#diagram-1775215123935 .icon-shape,#diagram-1775215123935 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215123935 .icon-shape p,#diagram-1775215123935 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215123935 .icon-shape .label rect,#diagram-1775215123935 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215123935 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215123935 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215123935 .node .neo-node{stroke:#9370DB;}#diagram-1775215123935 [data-look=\"neo\"].node rect,#diagram-1775215123935 [data-look=\"neo\"].cluster rect,#diagram-1775215123935 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215123935 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215123935 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215123935 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M194.969,47L199.135,47C203.302,47,211.635,47,219.302,47C226.969,47,233.969,47,237.469,47L240.969,47\" id=\"diagram-1775215123935-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTk0Ljk2ODc1LCJ5Ijo0N30seyJ4IjoyMTkuOTY4NzUsInkiOjQ3fSx7IngiOjI0NC45Njg3NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M427.75,47L431.917,47C436.083,47,444.417,47,452.083,47C459.75,47,466.75,47,470.25,47L473.75,47\" id=\"diagram-1775215123935-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6NDI3Ljc1LCJ5Ijo0N30seyJ4Ijo0NTIuNzUsInkiOjQ3fSx7IngiOjQ3Ny43NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M737.75,47L741.917,47C746.083,47,754.417,47,762.083,47C769.75,47,776.75,47,780.25,47L783.75,47\" id=\"diagram-1775215123935-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6NzM3Ljc1LCJ5Ijo0N30seyJ4Ijo3NjIuNzUsInkiOjQ3fSx7IngiOjc4Ny43NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1032.938,47L1037.104,47C1041.271,47,1049.604,47,1057.271,47C1064.938,47,1071.938,47,1075.438,47L1078.938,47\" id=\"diagram-1775215123935-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTAzMi45Mzc1LCJ5Ijo0N30seyJ4IjoxMDU3LjkzNzUsInkiOjQ3fSx7IngiOjEwODIuOTM3NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1261,47L1265.167,47C1269.333,47,1277.667,47,1285.333,47C1293,47,1300,47,1303.5,47L1307,47\" id=\"diagram-1775215123935-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6MTI2MSwieSI6NDd9LHsieCI6MTI4NiwieSI6NDd9LHsieCI6MTMxMSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1472.438,47L1476.604,47C1480.771,47,1489.104,47,1496.771,47C1504.438,47,1511.438,47,1514.938,47L1518.438,47\" id=\"diagram-1775215123935-L_F_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_F_G_0\" data-points=\"W3sieCI6MTQ3Mi40Mzc1LCJ5Ijo0N30seyJ4IjoxNDk3LjQzNzUsInkiOjQ3fSx7IngiOjE1MjIuNDM3NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_F_G_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-A-0\" data-look=\"classic\" transform=\"translate(101.484375, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-93.484375\" y=\"-27\" width=\"186.96875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-63.484375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"126.96875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Firefox codebase\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-B-1\" data-look=\"classic\" transform=\"translate(336.359375, 47)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-91.390625\" y=\"-27\" width=\"182.78125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-61.390625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"122.78125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Claude Opus 4.6\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-C-3\" data-look=\"classic\" transform=\"translate(607.75, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-130\" y=\"-39\" width=\"260\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-100, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"200\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Crash inputs & hypotheses\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-D-5\" data-look=\"classic\" transform=\"translate(910.34375, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-122.59375\" y=\"-27\" width=\"245.1875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-92.59375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"185.1875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Human validation & VMs\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-E-7\" data-look=\"classic\" transform=\"translate(1171.96875, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-89.03125\" y=\"-27\" width=\"178.0625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-59.03125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"118.0625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Bugzilla reports\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-F-9\" data-look=\"classic\" transform=\"translate(1391.71875, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-80.71875\" y=\"-27\" width=\"161.4375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-50.71875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"101.4375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Mozilla triage\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-G-11\" data-look=\"classic\" transform=\"translate(1609.484375, 47)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-87.046875\" y=\"-27\" width=\"174.09375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-57.046875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"114.09375\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Firefox patches\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215123935-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215123935-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1699.53125\" y=\"114\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\nOver the two‑week engagement, Claude:[3][5][8]\n\n- Scanned nearly 6,000 C++ files  \n- Generated dozens of crashing inputs during early triage  \n- Contributed to 112 unique bug reports  \n- Proposed candidate patches that Mozilla engineers sometimes used as starting points[3][6][9]\n\n💡 **Quality, not just quantity**\n\nMozilla engineers noted that, unlike most low‑quality AI bug reports, Claude’s submissions typically included:[6][8][9]\n\n- Minimized test cases  \n- Detailed, step‑by‑step proofs of concept  \n- Candidate fixes mapped to specific files and functions  \n\nThis sharply reduced validation workload, letting the Firefox security team reproduce and assess issues far faster than with typical external reports.[6][8][9]\n\nSome vulnerabilities overlapped with issues reachable by existing fuzzers, while others were new classes of logic errors that fuzzing had failed to expose—even in heavily fuzzed code paths.[3][6][9]\n\n⚠️ **Key implication:** If Firefox, one of the most continuously fuzzed and reviewed browser codebases, still harbored this many serious issues, then typical enterprise applications—with less rigorous testing—almost certainly contain a larger, AI‑discoverable vulnerability backlog.[3][6][8][9]\n\n---\n\n## 3. What the Firefox Results Signal for Software Security\n\nAnthropic positions the Firefox collaboration as evidence that modern AI models can independently identify high‑severity vulnerabilities in mature, complex software at speeds that exceed traditional techniques.[6][9][10]\n\nMozilla’s data supports this: Claude’s 22 CVEs in February 2026 exceeded the monthly vulnerability count for any month in 2025, across all human and automated sources.[6][7][9] PCMag noted that Claude effectively found more high‑severity bugs in two weeks than human teams typically uncover over much longer periods.[9][10]\n\n📊 **Beyond Firefox**\n\nAnthropic reports that, beyond this project, Claude has surfaced more than 500 zero‑day vulnerabilities in other well‑tested open‑source software, focusing on complex, security‑sensitive components.[6][8]\n\nMashable notes that open‑source projects are particularly well‑suited to AI analysis because models can correlate:[2][4][6]\n\n- Full source code  \n- Rich version history  \n- Historical CVEs and patches  \n\nThat combination lets AI learn patterns of insecure coding and configuration that static tools miss.[2][4][6]\n\nMozilla engineers observed that Claude’s Firefox findings fell into two categories:[3][6][9]\n\n- Bugs overlapping with fuzzing‑accessible paths  \n- Novel logic and state‑handling errors beyond fuzzer coverage  \n\n💡 **Mini‑conclusion:** AI analysis is emerging as a powerful complement to fuzzing, SAST, and manual review—not a replacement. Security programs that orchestrate these methods together will gain the most from AI‑accelerated discovery.[3][6][9][10]\n\n---\n\n## 4. Limits, Exploit Tests, and Dual‑Use Concerns\n\nAfter confirming the 22 CVEs, Anthropic asked a harder question: could Claude also weaponize its own discoveries? Researchers provided Claude with details of the new Firefox bugs and asked it to craft practical exploits, including attempts to read and write local files on a target system, emulating a real attacker.[2][5][9]\n\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215124682\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 270.9609375px;\" viewBox=\"0 0 270.9609375 660.078125\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215124682{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215124682 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215124682 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215124682 .error-icon{fill:#552222;}#diagram-1775215124682 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215124682 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215124682 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215124682 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215124682 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215124682 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215124682 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215124682 .marker{fill:#333333;stroke:#333333;}#diagram-1775215124682 .marker.cross{stroke:#333333;}#diagram-1775215124682 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215124682 p{margin:0;}#diagram-1775215124682 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215124682 .cluster-label text{fill:#333;}#diagram-1775215124682 .cluster-label span{color:#333;}#diagram-1775215124682 .cluster-label span p{background-color:transparent;}#diagram-1775215124682 .label text,#diagram-1775215124682 span{fill:#333;color:#333;}#diagram-1775215124682 .node rect,#diagram-1775215124682 .node circle,#diagram-1775215124682 .node ellipse,#diagram-1775215124682 .node polygon,#diagram-1775215124682 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215124682 .rough-node .label text,#diagram-1775215124682 .node .label text,#diagram-1775215124682 .image-shape .label,#diagram-1775215124682 .icon-shape .label{text-anchor:middle;}#diagram-1775215124682 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215124682 .rough-node .label,#diagram-1775215124682 .node .label,#diagram-1775215124682 .image-shape .label,#diagram-1775215124682 .icon-shape .label{text-align:center;}#diagram-1775215124682 .node.clickable{cursor:pointer;}#diagram-1775215124682 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215124682 .arrowheadPath{fill:#333333;}#diagram-1775215124682 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215124682 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215124682 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215124682 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215124682 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215124682 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215124682 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215124682 .cluster text{fill:#333;}#diagram-1775215124682 .cluster span{color:#333;}#diagram-1775215124682 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215124682 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215124682 rect.text{fill:none;stroke-width:0;}#diagram-1775215124682 .icon-shape,#diagram-1775215124682 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215124682 .icon-shape p,#diagram-1775215124682 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215124682 .icon-shape .label rect,#diagram-1775215124682 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215124682 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215124682 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215124682 .node .neo-node{stroke:#9370DB;}#diagram-1775215124682 [data-look=\"neo\"].node rect,#diagram-1775215124682 [data-look=\"neo\"].cluster rect,#diagram-1775215124682 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215124682 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215124682 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215124682 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M143.555,62L143.555,66.167C143.555,70.333,143.555,78.667,143.555,86.333C143.555,94,143.555,101,143.555,104.5L143.555,108\" id=\"diagram-1775215124682-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTQzLjU1NDY4NzUsInkiOjYyfSx7IngiOjE0My41NTQ2ODc1LCJ5Ijo4N30seyJ4IjoxNDMuNTU0Njg3NSwieSI6MTEyfV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M112.145,166L107.298,170.167C102.451,174.333,92.757,182.667,87.91,190.333C83.063,198,83.063,205,83.063,208.5L83.063,212\" id=\"diagram-1775215124682-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6MTEyLjE0NTI4MjQ1MTkyMzA4LCJ5IjoxNjZ9LHsieCI6ODMuMDYyNSwieSI6MTkxfSx7IngiOjgzLjA2MjUsInkiOjIxNn1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M83.063,270L83.063,274.167C83.063,278.333,83.063,286.667,87.676,299.568C92.289,312.469,101.515,329.939,106.128,338.674L110.741,347.408\" id=\"diagram-1775215124682-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6ODMuMDYyNSwieSI6MjcwfSx7IngiOjgzLjA2MjUsInkiOjI5NX0seyJ4IjoxMTIuNjA5Mjc3NzA5ODk1NTUsInkiOjM1MC45NDU0MDk3OTAxMDQ0Nn1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M174.5,350.945L179.425,341.621C184.349,332.297,194.198,313.648,199.122,295.658C204.047,277.667,204.047,260.333,204.047,243C204.047,225.667,204.047,208.333,199.705,195.935C195.364,183.536,186.681,176.072,182.339,172.34L177.997,168.607\" id=\"diagram-1775215124682-L_D_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_B_0\" data-points=\"W3sieCI6MTc0LjUwMDA5NzI5MDEwNDQzLCJ5IjozNTAuOTQ1NDA5NzkwMTA0NDZ9LHsieCI6MjA0LjA0Njg3NSwieSI6Mjk1fSx7IngiOjIwNC4wNDY4NzUsInkiOjI0M30seyJ4IjoyMDQuMDQ2ODc1LCJ5IjoxOTF9LHsieCI6MTc0Ljk2NDA5MjU0ODA3NjkzLCJ5IjoxNjZ9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M143.555,499.078L143.555,505.245C143.555,511.411,143.555,523.745,143.555,535.411C143.555,547.078,143.555,558.078,143.555,563.578L143.555,569.078\" id=\"diagram-1775215124682-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTQzLjU1NDY4NzUsInkiOjQ5OS4wNzgxMjV9LHsieCI6MTQzLjU1NDY4NzUsInkiOjUzNi4wNzgxMjV9LHsieCI6MTQzLjU1NDY4NzUsInkiOjU3My4wNzgxMjV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(204.046875, 243)\">\u003Cg class=\"label\" data-id=\"L_D_B_0\" transform=\"translate(-10.921875, -12)\">\u003CforeignObject width=\"21.84375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>No\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(143.5546875, 536.078125)\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(-12.4765625, -12)\">\u003CforeignObject width=\"24.953125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Yes\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-A-0\" data-look=\"classic\" transform=\"translate(143.5546875, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-91.625\" y=\"-27\" width=\"183.25\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-61.625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"123.25\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Discovered CVEs\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-B-1\" data-look=\"classic\" transform=\"translate(143.5546875, 139)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-119.40625\" y=\"-27\" width=\"238.8125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-89.40625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"178.8125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Claude exploit attempts\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-C-3\" data-look=\"classic\" transform=\"translate(83.0625, 243)\">\u003Crect class=\"basic label-container\" style=\"fill:#f59e0b !important\" x=\"-75.0625\" y=\"-27\" width=\"150.125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-45.0625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"90.125\" height=\"24\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Task verifier\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-D-5\" data-look=\"classic\" transform=\"translate(143.5546875, 409.5390625)\">\u003Cpolygon points=\"89.5390625,0 179.078125,-89.5390625 89.5390625,-179.078125 0,-89.5390625\" class=\"label-container\" transform=\"translate(-89.0390625, 89.5390625)\">\u003C\u002Fpolygon>\u003Cg class=\"label\" style=\"\" transform=\"translate(-62.5390625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"125.078125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Working exploit?\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-E-9\" data-look=\"classic\" transform=\"translate(143.5546875, 600.078125)\">\u003Crect class=\"basic label-container\" style=\"fill:#ef4444 !important\" x=\"-84.8359375\" y=\"-27\" width=\"169.671875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-54.8359375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"109.671875\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Exploit sample\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215124682-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215124682-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"265.9609375\" y=\"655.078125\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\nDespite several hundred exploit‑generation trials and about $4,000 in API credits, Claude produced reliable, end‑to‑end exploits in only two cases.[5][8][9] One targeted CVE‑2026‑2796, a JIT miscompilation in Firefox’s JavaScript WebAssembly component.[5][9]\n\nMashable highlighted this asymmetry: Claude was highly effective at finding vulnerabilities but comparatively weak at automating full exploit chains, suggesting that—for now—AI is more beneficial for defense than for fully automated offensive operations.[2][4][5]\n\n⚠️ **But not purely defensive**\n\nInfoQ stresses the dual‑use reality: with enough steering and iteration, Anthropic did obtain working exploits for some bugs.[5][8][9] The same discovery capabilities that help defenders can also accelerate attacker workflows.\n\nAnthropic situates the Firefox work within its Frontier Red Team efforts and policy commitments, arguing that:[6][8][9]\n\n- AI‑assisted research should go through responsible disclosure channels  \n- Partnerships with maintainers (like Mozilla) are essential to keep net impact positive  \n- Safety controls such as task verifiers and rate limits must evolve with capability  \n\nSecurity commentators expect that as models improve, adversaries will adopt similar tools for vulnerability triage and exploit research, making time‑to‑patch and continuous monitoring even more critical risk metrics.[5][9][10]\n\n---\n\n## 5. How Security Teams Can Operationalize These Lessons\n\nThe Firefox experiment is not a stunt. Anthropic is productizing its techniques through Claude Code Security, a service that scans code for vulnerabilities and suggests targeted fixes for human review.[6][8][10]\n\n💼 **Partnership as a pattern**\n\nThe Mozilla engagement showcased an operating model security teams can emulate:[6][8]\n\n- Tight collaboration between AI researchers and maintainers  \n- Shared criteria for what counts as a reportable bug  \n- Rapid patch deployment once issues are confirmed  \n\nThis pattern can be replicated inside enterprises by pairing AI tools with in‑house AppSec engineers and clear triage rules.\n\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215125442\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1395.359375px;\" viewBox=\"0 0 1395.359375 95\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215125442{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215125442 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215125442 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215125442 .error-icon{fill:#552222;}#diagram-1775215125442 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215125442 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215125442 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215125442 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215125442 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215125442 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215125442 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215125442 .marker{fill:#333333;stroke:#333333;}#diagram-1775215125442 .marker.cross{stroke:#333333;}#diagram-1775215125442 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215125442 p{margin:0;}#diagram-1775215125442 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215125442 .cluster-label text{fill:#333;}#diagram-1775215125442 .cluster-label span{color:#333;}#diagram-1775215125442 .cluster-label span p{background-color:transparent;}#diagram-1775215125442 .label text,#diagram-1775215125442 span{fill:#333;color:#333;}#diagram-1775215125442 .node rect,#diagram-1775215125442 .node circle,#diagram-1775215125442 .node ellipse,#diagram-1775215125442 .node polygon,#diagram-1775215125442 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215125442 .rough-node .label text,#diagram-1775215125442 .node .label text,#diagram-1775215125442 .image-shape .label,#diagram-1775215125442 .icon-shape .label{text-anchor:middle;}#diagram-1775215125442 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215125442 .rough-node .label,#diagram-1775215125442 .node .label,#diagram-1775215125442 .image-shape .label,#diagram-1775215125442 .icon-shape .label{text-align:center;}#diagram-1775215125442 .node.clickable{cursor:pointer;}#diagram-1775215125442 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215125442 .arrowheadPath{fill:#333333;}#diagram-1775215125442 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215125442 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215125442 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215125442 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215125442 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215125442 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215125442 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215125442 .cluster text{fill:#333;}#diagram-1775215125442 .cluster span{color:#333;}#diagram-1775215125442 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215125442 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215125442 rect.text{fill:none;stroke-width:0;}#diagram-1775215125442 .icon-shape,#diagram-1775215125442 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215125442 .icon-shape p,#diagram-1775215125442 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215125442 .icon-shape .label rect,#diagram-1775215125442 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215125442 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215125442 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215125442 .node .neo-node{stroke:#9370DB;}#diagram-1775215125442 [data-look=\"neo\"].node rect,#diagram-1775215125442 [data-look=\"neo\"].cluster rect,#diagram-1775215125442 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215125442 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215125442 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215125442 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M142.172,35L146.339,35C150.505,35,158.839,35,166.505,35C174.172,35,181.172,35,184.672,35L188.172,35\" id=\"diagram-1775215125442-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTQyLjE3MTg3NSwieSI6MzV9LHsieCI6MTY3LjE3MTg3NSwieSI6MzV9LHsieCI6MTkyLjE3MTg3NSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M369.281,35L373.448,35C377.615,35,385.948,35,393.615,35C401.281,35,408.281,35,411.781,35L415.281,35\" id=\"diagram-1775215125442-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6MzY5LjI4MTI1LCJ5IjozNX0seyJ4IjozOTQuMjgxMjUsInkiOjM1fSx7IngiOjQxOS4yODEyNSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M568.828,35L572.995,35C577.161,35,585.495,35,593.161,35C600.828,35,607.828,35,611.328,35L614.828,35\" id=\"diagram-1775215125442-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6NTY4LjgyODEyNSwieSI6MzV9LHsieCI6NTkzLjgyODEyNSwieSI6MzV9LHsieCI6NjE4LjgyODEyNSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M782.922,35L787.089,35C791.255,35,799.589,35,807.255,35C814.922,35,821.922,35,825.422,35L828.922,35\" id=\"diagram-1775215125442-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6NzgyLjkyMTg3NSwieSI6MzV9LHsieCI6ODA3LjkyMTg3NSwieSI6MzV9LHsieCI6ODMyLjkyMTg3NSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M965.766,35L969.932,35C974.099,35,982.432,35,990.099,35C997.766,35,1004.766,35,1008.266,35L1011.766,35\" id=\"diagram-1775215125442-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6OTY1Ljc2NTYyNSwieSI6MzV9LHsieCI6OTkwLjc2NTYyNSwieSI6MzV9LHsieCI6MTAxNS43NjU2MjUsInkiOjM1fV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1193.219,35L1197.385,35C1201.552,35,1209.885,35,1217.552,35C1225.219,35,1232.219,35,1235.719,35L1239.219,35\" id=\"diagram-1775215125442-L_F_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_F_G_0\" data-points=\"W3sieCI6MTE5My4yMTg3NSwieSI6MzV9LHsieCI6MTIxOC4yMTg3NSwieSI6MzV9LHsieCI6MTI0My4yMTg3NSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_F_G_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-A-0\" data-look=\"classic\" transform=\"translate(75.0859375, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-67.0859375\" y=\"-27\" width=\"134.171875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-37.0859375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"74.171875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Codebase\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-B-1\" data-look=\"classic\" transform=\"translate(280.7265625, 35)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-88.5546875\" y=\"-27\" width=\"177.109375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-58.5546875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"117.109375\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>AI security scan\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-C-3\" data-look=\"classic\" transform=\"translate(494.0546875, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-74.7734375\" y=\"-27\" width=\"149.546875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-44.7734375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"89.546875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Findings list\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-D-5\" data-look=\"classic\" transform=\"translate(700.875, 35)\">\u003Crect class=\"basic label-container\" style=\"fill:#0ea5e9 !important\" x=\"-82.046875\" y=\"-27\" width=\"164.09375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-52.046875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"104.09375\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Human triage\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-E-7\" data-look=\"classic\" transform=\"translate(899.34375, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-66.421875\" y=\"-27\" width=\"132.84375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-36.421875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"72.84375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Patch dev\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-F-9\" data-look=\"classic\" transform=\"translate(1104.4921875, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-88.7265625\" y=\"-27\" width=\"177.453125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-58.7265625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"117.453125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>CI\u002FCD & release\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-G-11\" data-look=\"classic\" transform=\"translate(1315.2890625, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-72.0703125\" y=\"-27\" width=\"144.140625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-42.0703125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"84.140625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Monitoring\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215125442-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215125442-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1390.359375\" y=\"90\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\nGiven that Firefox is far more fuzzed and reviewed than typical enterprise applications, Anthropic’s results imply that internal codebases—especially legacy C\u002FC++ and complex JavaScript—are prime candidates for AI‑assisted review.[3][5][8]\n\nPractical first steps for organizations include:[6][8][9]\n\n- Targeting high‑risk components (parsers, auth flows, memory‑unsafe modules) for AI‑assisted audits  \n- Using Claude‑style tools to generate minimized test cases and candidate patches  \n- Integrating AI findings into CI pipelines and secure coding playbooks  \n\n⚠️ **Triage remains essential**\n\nAI‑generated bug reports can still include false positives or low‑impact issues. The Firefox case underlines the need for:[6][8][9][10]\n\n- A human triage layer staffed by experienced security engineers  \n- Severity scoring aligned with business risk  \n- Governance that treats AI as an accelerator, not a replacement, for secure development practices  \n\nMini‑conclusion: Mozilla’s experience suggests that embedding AI into established security workflows can dramatically expand coverage and speed without forcing wholesale changes to governance or release processes.[6][9][10]\n\n---\n\n## Conclusion: A Blueprint for AI‑Augmented Defense\n\nThe Anthropic–Mozilla experiment shows that Claude Opus 4.6 can uncover high‑severity vulnerabilities in a world‑class, heavily tested browser at speeds humans cannot match: 22 Firefox CVEs, including 14 high‑severity issues, found in two weeks and rapidly patched for hundreds of millions of users.[3][5][6][8][9]\n\nSecurity leaders should treat this as a blueprint. Pilot AI‑assisted code review on your most critical applications. Embed model findings into existing triage and patch workflows. Establish strong disclosure channels with vendors and open‑source maintainers. As AI makes vulnerability discovery cheaper and faster for everyone—including adversaries—organizations that operationalize these capabilities now will be positioned to benefit before attackers do.[5][6][9][10]","\u003Cp>Anthropic and Mozilla ran a live‑fire experiment: could an AI model find serious, previously unknown vulnerabilities in one of the most tested browsers on earth?\u003C\u002Fp>\n\u003Cp>In a focused two‑week sprint in January 2026, Claude Opus 4.6 uncovered 22 new Firefox vulnerabilities, all confirmed by Mozilla and assigned CVEs. Fourteen were rated high severity, seven moderate, and one low, with most fixes shipped to hundreds of millions of users in Firefox 148.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💡 \u003Cstrong>Why this matters:\u003C\u002Fstrong> Those 14 high‑severity bugs represent almost a fifth of all high‑severity Firefox vulnerabilities remediated in 2025, concentrated into a single AI‑augmented engagement.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa> That discovery rate forces security leaders to rethink how software will be attacked—and defended—over the next few years.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>1. What Anthropic and Mozilla Actually Achieved\u003C\u002Fh2>\n\u003Cp>Instead of testing Claude Opus 4.6 on synthetic benchmarks, Anthropic embedded it into a real security partnership with Mozilla, giving it targeted access to the Firefox codebase as a production‑grade testbed.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Over two weeks in January 2026, Claude identified 22 previously unknown Firefox vulnerabilities that Mozilla triaged, confirmed, and assigned CVEs.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>14 high‑severity\u003C\u002Fli>\n\u003Cli>7 moderate\u003C\u002Fli>\n\u003Cli>1 low\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>📊 \u003Cstrong>Impact in context\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>22 new Firefox CVEs in 14 days\u003C\u002Fli>\n\u003Cli>14 high‑severity issues—almost 20% of all high‑severity Firefox bugs patched in 2025\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>More Firefox vulnerabilities reported in February 2026 by Claude than in any single month of 2025 from all sources combined\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Mozilla shipped fixes for most of these vulnerabilities in Firefox 148, with the rest scheduled for upcoming releases, showing that AI‑found bugs can move rapidly from discovery to remediation at internet scale.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💼 \u003Cstrong>Strategic takeaway:\u003C\u002Fstrong> In a codebase that has been fuzzed, audited, and hardened for decades, one AI‑augmented sprint matched a substantial fraction of a full year’s human‑driven high‑severity discovery.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa> For most enterprise software, the untouched backlog is likely much larger.\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>2. How Claude Opus 4.6 Actually Found the Bugs\u003C\u002Fh2>\n\u003Cp>Claude’s first major win came quickly: within 20 minutes, it identified a use‑after‑free vulnerability in Firefox’s SpiderMonkey JavaScript engine, later confirmed and patched by Mozilla.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa> That early success evolved into a systematic pipeline.\u003C\u002Fp>\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215123935\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1704.53125px;\" viewBox=\"0 0 1704.53125 119\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215123935{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215123935 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215123935 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215123935 .error-icon{fill:#552222;}#diagram-1775215123935 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215123935 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215123935 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215123935 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215123935 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215123935 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215123935 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215123935 .marker{fill:#333333;stroke:#333333;}#diagram-1775215123935 .marker.cross{stroke:#333333;}#diagram-1775215123935 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215123935 p{margin:0;}#diagram-1775215123935 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215123935 .cluster-label text{fill:#333;}#diagram-1775215123935 .cluster-label span{color:#333;}#diagram-1775215123935 .cluster-label span p{background-color:transparent;}#diagram-1775215123935 .label text,#diagram-1775215123935 span{fill:#333;color:#333;}#diagram-1775215123935 .node rect,#diagram-1775215123935 .node circle,#diagram-1775215123935 .node ellipse,#diagram-1775215123935 .node polygon,#diagram-1775215123935 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215123935 .rough-node .label text,#diagram-1775215123935 .node .label text,#diagram-1775215123935 .image-shape .label,#diagram-1775215123935 .icon-shape .label{text-anchor:middle;}#diagram-1775215123935 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215123935 .rough-node .label,#diagram-1775215123935 .node .label,#diagram-1775215123935 .image-shape .label,#diagram-1775215123935 .icon-shape .label{text-align:center;}#diagram-1775215123935 .node.clickable{cursor:pointer;}#diagram-1775215123935 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215123935 .arrowheadPath{fill:#333333;}#diagram-1775215123935 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215123935 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215123935 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215123935 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215123935 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215123935 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215123935 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215123935 .cluster text{fill:#333;}#diagram-1775215123935 .cluster span{color:#333;}#diagram-1775215123935 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215123935 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215123935 rect.text{fill:none;stroke-width:0;}#diagram-1775215123935 .icon-shape,#diagram-1775215123935 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215123935 .icon-shape p,#diagram-1775215123935 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215123935 .icon-shape .label rect,#diagram-1775215123935 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215123935 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215123935 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215123935 .node .neo-node{stroke:#9370DB;}#diagram-1775215123935 [data-look=\"neo\"].node rect,#diagram-1775215123935 [data-look=\"neo\"].cluster rect,#diagram-1775215123935 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215123935 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215123935 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215123935 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215123935 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215123935_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M194.969,47L199.135,47C203.302,47,211.635,47,219.302,47C226.969,47,233.969,47,237.469,47L240.969,47\" id=\"diagram-1775215123935-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTk0Ljk2ODc1LCJ5Ijo0N30seyJ4IjoyMTkuOTY4NzUsInkiOjQ3fSx7IngiOjI0NC45Njg3NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M427.75,47L431.917,47C436.083,47,444.417,47,452.083,47C459.75,47,466.75,47,470.25,47L473.75,47\" id=\"diagram-1775215123935-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6NDI3Ljc1LCJ5Ijo0N30seyJ4Ijo0NTIuNzUsInkiOjQ3fSx7IngiOjQ3Ny43NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M737.75,47L741.917,47C746.083,47,754.417,47,762.083,47C769.75,47,776.75,47,780.25,47L783.75,47\" id=\"diagram-1775215123935-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6NzM3Ljc1LCJ5Ijo0N30seyJ4Ijo3NjIuNzUsInkiOjQ3fSx7IngiOjc4Ny43NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1032.938,47L1037.104,47C1041.271,47,1049.604,47,1057.271,47C1064.938,47,1071.938,47,1075.438,47L1078.938,47\" id=\"diagram-1775215123935-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTAzMi45Mzc1LCJ5Ijo0N30seyJ4IjoxMDU3LjkzNzUsInkiOjQ3fSx7IngiOjEwODIuOTM3NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1261,47L1265.167,47C1269.333,47,1277.667,47,1285.333,47C1293,47,1300,47,1303.5,47L1307,47\" id=\"diagram-1775215123935-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6MTI2MSwieSI6NDd9LHsieCI6MTI4NiwieSI6NDd9LHsieCI6MTMxMSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1472.438,47L1476.604,47C1480.771,47,1489.104,47,1496.771,47C1504.438,47,1511.438,47,1514.938,47L1518.438,47\" id=\"diagram-1775215123935-L_F_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_F_G_0\" data-points=\"W3sieCI6MTQ3Mi40Mzc1LCJ5Ijo0N30seyJ4IjoxNDk3LjQzNzUsInkiOjQ3fSx7IngiOjE1MjIuNDM3NSwieSI6NDd9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215123935_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_F_G_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-A-0\" data-look=\"classic\" transform=\"translate(101.484375, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-93.484375\" y=\"-27\" width=\"186.96875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-63.484375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"126.96875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Firefox codebase\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-B-1\" data-look=\"classic\" transform=\"translate(336.359375, 47)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-91.390625\" y=\"-27\" width=\"182.78125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-61.390625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"122.78125\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Claude Opus 4.6\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-C-3\" data-look=\"classic\" transform=\"translate(607.75, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-130\" y=\"-39\" width=\"260\" height=\"78\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-100, -24)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"200\" height=\"48\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table; white-space: break-spaces; line-height: 1.5; max-width: 200px; text-align: center; width: 200px;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Crash inputs & hypotheses\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-D-5\" data-look=\"classic\" transform=\"translate(910.34375, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-122.59375\" y=\"-27\" width=\"245.1875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-92.59375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"185.1875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Human validation & VMs\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-E-7\" data-look=\"classic\" transform=\"translate(1171.96875, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-89.03125\" y=\"-27\" width=\"178.0625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-59.03125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"118.0625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Bugzilla reports\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-F-9\" data-look=\"classic\" transform=\"translate(1391.71875, 47)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-80.71875\" y=\"-27\" width=\"161.4375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-50.71875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"101.4375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Mozilla triage\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215123935-flowchart-G-11\" data-look=\"classic\" transform=\"translate(1609.484375, 47)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-87.046875\" y=\"-27\" width=\"174.09375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-57.046875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"114.09375\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Firefox patches\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215123935-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215123935-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1699.53125\" y=\"114\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\u003Cp>Over the two‑week engagement, Claude:\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Scanned nearly 6,000 C++ files\u003C\u002Fli>\n\u003Cli>Generated dozens of crashing inputs during early triage\u003C\u002Fli>\n\u003Cli>Contributed to 112 unique bug reports\u003C\u002Fli>\n\u003Cli>Proposed candidate patches that Mozilla engineers sometimes used as starting points\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💡 \u003Cstrong>Quality, not just quantity\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Mozilla engineers noted that, unlike most low‑quality AI bug reports, Claude’s submissions typically included:\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Minimized test cases\u003C\u002Fli>\n\u003Cli>Detailed, step‑by‑step proofs of concept\u003C\u002Fli>\n\u003Cli>Candidate fixes mapped to specific files and functions\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This sharply reduced validation workload, letting the Firefox security team reproduce and assess issues far faster than with typical external reports.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Some vulnerabilities overlapped with issues reachable by existing fuzzers, while others were new classes of logic errors that fuzzing had failed to expose—even in heavily fuzzed code paths.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>Key implication:\u003C\u002Fstrong> If Firefox, one of the most continuously fuzzed and reviewed browser codebases, still harbored this many serious issues, then typical enterprise applications—with less rigorous testing—almost certainly contain a larger, AI‑discoverable vulnerability backlog.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>3. What the Firefox Results Signal for Software Security\u003C\u002Fh2>\n\u003Cp>Anthropic positions the Firefox collaboration as evidence that modern AI models can independently identify high‑severity vulnerabilities in mature, complex software at speeds that exceed traditional techniques.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Mozilla’s data supports this: Claude’s 22 CVEs in February 2026 exceeded the monthly vulnerability count for any month in 2025, across all human and automated sources.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-7\" class=\"citation-link\" title=\"View source [7]\">[7]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa> PCMag noted that Claude effectively found more high‑severity bugs in two weeks than human teams typically uncover over much longer periods.\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>📊 \u003Cstrong>Beyond Firefox\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Anthropic reports that, beyond this project, Claude has surfaced more than 500 zero‑day vulnerabilities in other well‑tested open‑source software, focusing on complex, security‑sensitive components.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Mashable notes that open‑source projects are particularly well‑suited to AI analysis because models can correlate:\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Full source code\u003C\u002Fli>\n\u003Cli>Rich version history\u003C\u002Fli>\n\u003Cli>Historical CVEs and patches\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>That combination lets AI learn patterns of insecure coding and configuration that static tools miss.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Mozilla engineers observed that Claude’s Firefox findings fell into two categories:\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Bugs overlapping with fuzzing‑accessible paths\u003C\u002Fli>\n\u003Cli>Novel logic and state‑handling errors beyond fuzzer coverage\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>💡 \u003Cstrong>Mini‑conclusion:\u003C\u002Fstrong> AI analysis is emerging as a powerful complement to fuzzing, SAST, and manual review—not a replacement. Security programs that orchestrate these methods together will gain the most from AI‑accelerated discovery.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>4. Limits, Exploit Tests, and Dual‑Use Concerns\u003C\u002Fh2>\n\u003Cp>After confirming the 22 CVEs, Anthropic asked a harder question: could Claude also weaponize its own discoveries? Researchers provided Claude with details of the new Firefox bugs and asked it to craft practical exploits, including attempts to read and write local files on a target system, emulating a real attacker.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215124682\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 270.9609375px;\" viewBox=\"0 0 270.9609375 660.078125\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215124682{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215124682 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215124682 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215124682 .error-icon{fill:#552222;}#diagram-1775215124682 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215124682 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215124682 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215124682 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215124682 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215124682 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215124682 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215124682 .marker{fill:#333333;stroke:#333333;}#diagram-1775215124682 .marker.cross{stroke:#333333;}#diagram-1775215124682 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215124682 p{margin:0;}#diagram-1775215124682 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215124682 .cluster-label text{fill:#333;}#diagram-1775215124682 .cluster-label span{color:#333;}#diagram-1775215124682 .cluster-label span p{background-color:transparent;}#diagram-1775215124682 .label text,#diagram-1775215124682 span{fill:#333;color:#333;}#diagram-1775215124682 .node rect,#diagram-1775215124682 .node circle,#diagram-1775215124682 .node ellipse,#diagram-1775215124682 .node polygon,#diagram-1775215124682 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215124682 .rough-node .label text,#diagram-1775215124682 .node .label text,#diagram-1775215124682 .image-shape .label,#diagram-1775215124682 .icon-shape .label{text-anchor:middle;}#diagram-1775215124682 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215124682 .rough-node .label,#diagram-1775215124682 .node .label,#diagram-1775215124682 .image-shape .label,#diagram-1775215124682 .icon-shape .label{text-align:center;}#diagram-1775215124682 .node.clickable{cursor:pointer;}#diagram-1775215124682 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215124682 .arrowheadPath{fill:#333333;}#diagram-1775215124682 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215124682 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215124682 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215124682 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215124682 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215124682 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215124682 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215124682 .cluster text{fill:#333;}#diagram-1775215124682 .cluster span{color:#333;}#diagram-1775215124682 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215124682 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215124682 rect.text{fill:none;stroke-width:0;}#diagram-1775215124682 .icon-shape,#diagram-1775215124682 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215124682 .icon-shape p,#diagram-1775215124682 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215124682 .icon-shape .label rect,#diagram-1775215124682 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215124682 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215124682 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215124682 .node .neo-node{stroke:#9370DB;}#diagram-1775215124682 [data-look=\"neo\"].node rect,#diagram-1775215124682 [data-look=\"neo\"].cluster rect,#diagram-1775215124682 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215124682 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215124682 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215124682 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215124682 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215124682_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M143.555,62L143.555,66.167C143.555,70.333,143.555,78.667,143.555,86.333C143.555,94,143.555,101,143.555,104.5L143.555,108\" id=\"diagram-1775215124682-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTQzLjU1NDY4NzUsInkiOjYyfSx7IngiOjE0My41NTQ2ODc1LCJ5Ijo4N30seyJ4IjoxNDMuNTU0Njg3NSwieSI6MTEyfV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M112.145,166L107.298,170.167C102.451,174.333,92.757,182.667,87.91,190.333C83.063,198,83.063,205,83.063,208.5L83.063,212\" id=\"diagram-1775215124682-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6MTEyLjE0NTI4MjQ1MTkyMzA4LCJ5IjoxNjZ9LHsieCI6ODMuMDYyNSwieSI6MTkxfSx7IngiOjgzLjA2MjUsInkiOjIxNn1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M83.063,270L83.063,274.167C83.063,278.333,83.063,286.667,87.676,299.568C92.289,312.469,101.515,329.939,106.128,338.674L110.741,347.408\" id=\"diagram-1775215124682-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6ODMuMDYyNSwieSI6MjcwfSx7IngiOjgzLjA2MjUsInkiOjI5NX0seyJ4IjoxMTIuNjA5Mjc3NzA5ODk1NTUsInkiOjM1MC45NDU0MDk3OTAxMDQ0Nn1d\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M174.5,350.945L179.425,341.621C184.349,332.297,194.198,313.648,199.122,295.658C204.047,277.667,204.047,260.333,204.047,243C204.047,225.667,204.047,208.333,199.705,195.935C195.364,183.536,186.681,176.072,182.339,172.34L177.997,168.607\" id=\"diagram-1775215124682-L_D_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_B_0\" data-points=\"W3sieCI6MTc0LjUwMDA5NzI5MDEwNDQzLCJ5IjozNTAuOTQ1NDA5NzkwMTA0NDZ9LHsieCI6MjA0LjA0Njg3NSwieSI6Mjk1fSx7IngiOjIwNC4wNDY4NzUsInkiOjI0M30seyJ4IjoyMDQuMDQ2ODc1LCJ5IjoxOTF9LHsieCI6MTc0Ljk2NDA5MjU0ODA3NjkzLCJ5IjoxNjZ9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M143.555,499.078L143.555,505.245C143.555,511.411,143.555,523.745,143.555,535.411C143.555,547.078,143.555,558.078,143.555,563.578L143.555,569.078\" id=\"diagram-1775215124682-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6MTQzLjU1NDY4NzUsInkiOjQ5OS4wNzgxMjV9LHsieCI6MTQzLjU1NDY4NzUsInkiOjUzNi4wNzgxMjV9LHsieCI6MTQzLjU1NDY4NzUsInkiOjU3My4wNzgxMjV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215124682_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(204.046875, 243)\">\u003Cg class=\"label\" data-id=\"L_D_B_0\" transform=\"translate(-10.921875, -12)\">\u003CforeignObject width=\"21.84375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>No\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\" transform=\"translate(143.5546875, 536.078125)\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(-12.4765625, -12)\">\u003CforeignObject width=\"24.953125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003Cp>Yes\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-A-0\" data-look=\"classic\" transform=\"translate(143.5546875, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-91.625\" y=\"-27\" width=\"183.25\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-61.625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"123.25\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Discovered CVEs\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-B-1\" data-look=\"classic\" transform=\"translate(143.5546875, 139)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-119.40625\" y=\"-27\" width=\"238.8125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-89.40625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"178.8125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Claude exploit attempts\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-C-3\" data-look=\"classic\" transform=\"translate(83.0625, 243)\">\u003Crect class=\"basic label-container\" style=\"fill:#f59e0b !important\" x=\"-75.0625\" y=\"-27\" width=\"150.125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#000 !important\" transform=\"translate(-45.0625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"90.125\" height=\"24\">\u003Cdiv style=\"color: rgb(0, 0, 0) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#000 !important\" class=\"nodeLabel \">\u003Cp>Task verifier\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-D-5\" data-look=\"classic\" transform=\"translate(143.5546875, 409.5390625)\">\u003Cpolygon points=\"89.5390625,0 179.078125,-89.5390625 89.5390625,-179.078125 0,-89.5390625\" class=\"label-container\" transform=\"translate(-89.0390625, 89.5390625)\">\u003C\u002Fpolygon>\u003Cg class=\"label\" style=\"\" transform=\"translate(-62.5390625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"125.078125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Working exploit?\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215124682-flowchart-E-9\" data-look=\"classic\" transform=\"translate(143.5546875, 600.078125)\">\u003Crect class=\"basic label-container\" style=\"fill:#ef4444 !important\" x=\"-84.8359375\" y=\"-27\" width=\"169.671875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-54.8359375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"109.671875\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Exploit sample\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215124682-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215124682-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"265.9609375\" y=\"655.078125\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\u003Cp>Despite several hundred exploit‑generation trials and about $4,000 in API credits, Claude produced reliable, end‑to‑end exploits in only two cases.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa> One targeted CVE‑2026‑2796, a JIT miscompilation in Firefox’s JavaScript WebAssembly component.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Mashable highlighted this asymmetry: Claude was highly effective at finding vulnerabilities but comparatively weak at automating full exploit chains, suggesting that—for now—AI is more beneficial for defense than for fully automated offensive operations.\u003Ca href=\"#source-2\" class=\"citation-link\" title=\"View source [2]\">[2]\u003C\u002Fa>\u003Ca href=\"#source-4\" class=\"citation-link\" title=\"View source [4]\">[4]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>⚠️ \u003Cstrong>But not purely defensive\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>InfoQ stresses the dual‑use reality: with enough steering and iteration, Anthropic did obtain working exploits for some bugs.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa> The same discovery capabilities that help defenders can also accelerate attacker workflows.\u003C\u002Fp>\n\u003Cp>Anthropic situates the Firefox work within its Frontier Red Team efforts and policy commitments, arguing that:\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>AI‑assisted research should go through responsible disclosure channels\u003C\u002Fli>\n\u003Cli>Partnerships with maintainers (like Mozilla) are essential to keep net impact positive\u003C\u002Fli>\n\u003Cli>Safety controls such as task verifiers and rate limits must evolve with capability\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Security commentators expect that as models improve, adversaries will adopt similar tools for vulnerability triage and exploit research, making time‑to‑patch and continuous monitoring even more critical risk metrics.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>5. How Security Teams Can Operationalize These Lessons\u003C\u002Fh2>\n\u003Cp>The Firefox experiment is not a stunt. Anthropic is productizing its techniques through Claude Code Security, a service that scans code for vulnerabilities and suggests targeted fixes for human review.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>💼 \u003Cstrong>Partnership as a pattern\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>The Mozilla engagement showcased an operating model security teams can emulate:\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Tight collaboration between AI researchers and maintainers\u003C\u002Fli>\n\u003Cli>Shared criteria for what counts as a reportable bug\u003C\u002Fli>\n\u003Cli>Rapid patch deployment once issues are confirmed\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This pattern can be replicated inside enterprises by pairing AI tools with in‑house AppSec engineers and clear triage rules.\u003C\u002Fp>\n\u003Cdiv class=\"mermaid-diagram not-prose my-6\" role=\"img\" aria-label=\"Diagram\">\n\u003Csvg id=\"diagram-1775215125442\" width=\"100%\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F2000\u002Fsvg\" class=\"flowchart\" style=\"max-width: 1395.359375px;\" viewBox=\"0 0 1395.359375 95\" role=\"graphics-document document\" aria-roledescription=\"flowchart-v2\">\u003Cstyle>#diagram-1775215125442{font-family:system-ui,-apple-system,sans-serif;font-size:16px;fill:#333;}@keyframes edge-animation-frame{from{stroke-dashoffset:0;}}@keyframes dash{to{stroke-dashoffset:0;}}#diagram-1775215125442 .edge-animation-slow{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 50s linear infinite;stroke-linecap:round;}#diagram-1775215125442 .edge-animation-fast{stroke-dasharray:9,5!important;stroke-dashoffset:900;animation:dash 20s linear infinite;stroke-linecap:round;}#diagram-1775215125442 .error-icon{fill:#552222;}#diagram-1775215125442 .error-text{fill:#552222;stroke:#552222;}#diagram-1775215125442 .edge-thickness-normal{stroke-width:1px;}#diagram-1775215125442 .edge-thickness-thick{stroke-width:3.5px;}#diagram-1775215125442 .edge-pattern-solid{stroke-dasharray:0;}#diagram-1775215125442 .edge-thickness-invisible{stroke-width:0;fill:none;}#diagram-1775215125442 .edge-pattern-dashed{stroke-dasharray:3;}#diagram-1775215125442 .edge-pattern-dotted{stroke-dasharray:2;}#diagram-1775215125442 .marker{fill:#333333;stroke:#333333;}#diagram-1775215125442 .marker.cross{stroke:#333333;}#diagram-1775215125442 svg{font-family:system-ui,-apple-system,sans-serif;font-size:16px;}#diagram-1775215125442 p{margin:0;}#diagram-1775215125442 .label{font-family:system-ui,-apple-system,sans-serif;color:#333;}#diagram-1775215125442 .cluster-label text{fill:#333;}#diagram-1775215125442 .cluster-label span{color:#333;}#diagram-1775215125442 .cluster-label span p{background-color:transparent;}#diagram-1775215125442 .label text,#diagram-1775215125442 span{fill:#333;color:#333;}#diagram-1775215125442 .node rect,#diagram-1775215125442 .node circle,#diagram-1775215125442 .node ellipse,#diagram-1775215125442 .node polygon,#diagram-1775215125442 .node path{fill:#ECECFF;stroke:#9370DB;stroke-width:1px;}#diagram-1775215125442 .rough-node .label text,#diagram-1775215125442 .node .label text,#diagram-1775215125442 .image-shape .label,#diagram-1775215125442 .icon-shape .label{text-anchor:middle;}#diagram-1775215125442 .node .katex path{fill:#000;stroke:#000;stroke-width:1px;}#diagram-1775215125442 .rough-node .label,#diagram-1775215125442 .node .label,#diagram-1775215125442 .image-shape .label,#diagram-1775215125442 .icon-shape .label{text-align:center;}#diagram-1775215125442 .node.clickable{cursor:pointer;}#diagram-1775215125442 .root .anchor path{fill:#333333!important;stroke-width:0;stroke:#333333;}#diagram-1775215125442 .arrowheadPath{fill:#333333;}#diagram-1775215125442 .edgePath .path{stroke:#333333;stroke-width:1px;}#diagram-1775215125442 .flowchart-link{stroke:#333333;fill:none;}#diagram-1775215125442 .edgeLabel{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215125442 .edgeLabel p{background-color:rgba(232,232,232, 0.8);}#diagram-1775215125442 .edgeLabel rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215125442 .labelBkg{background-color:rgba(232, 232, 232, 0.5);}#diagram-1775215125442 .cluster rect{fill:#ffffde;stroke:#aaaa33;stroke-width:1px;}#diagram-1775215125442 .cluster text{fill:#333;}#diagram-1775215125442 .cluster span{color:#333;}#diagram-1775215125442 div.mermaidTooltip{position:absolute;text-align:center;max-width:200px;padding:2px;font-family:system-ui,-apple-system,sans-serif;font-size:12px;background:hsl(80, 100%, 96.2745098039%);border:1px solid #aaaa33;border-radius:2px;pointer-events:none;z-index:100;}#diagram-1775215125442 .flowchartTitleText{text-anchor:middle;font-size:18px;fill:#333;}#diagram-1775215125442 rect.text{fill:none;stroke-width:0;}#diagram-1775215125442 .icon-shape,#diagram-1775215125442 .image-shape{background-color:rgba(232,232,232, 0.8);text-align:center;}#diagram-1775215125442 .icon-shape p,#diagram-1775215125442 .image-shape p{background-color:rgba(232,232,232, 0.8);padding:2px;}#diagram-1775215125442 .icon-shape .label rect,#diagram-1775215125442 .image-shape .label rect{opacity:0.5;background-color:rgba(232,232,232, 0.8);fill:rgba(232,232,232, 0.8);}#diagram-1775215125442 .label-icon{display:inline-block;height:1em;overflow:visible;vertical-align:-0.125em;}#diagram-1775215125442 .node .label-icon path{fill:currentColor;stroke:revert;stroke-width:revert;}#diagram-1775215125442 .node .neo-node{stroke:#9370DB;}#diagram-1775215125442 [data-look=\"neo\"].node rect,#diagram-1775215125442 [data-look=\"neo\"].cluster rect,#diagram-1775215125442 [data-look=\"neo\"].node polygon{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].node path{stroke:#9370DB;stroke-width:1px;}#diagram-1775215125442 [data-look=\"neo\"].node .outer-path{filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].node .neo-line path{stroke:#9370DB;filter:none;}#diagram-1775215125442 [data-look=\"neo\"].node circle{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].node circle .state-start{fill:#000000;}#diagram-1775215125442 [data-look=\"neo\"].icon-shape .icon{fill:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 [data-look=\"neo\"].icon-shape .icon-neo path{stroke:#9370DB;filter:drop-shadow(1px 2px 2px rgba(185, 185, 185, 1));}#diagram-1775215125442 :root{--mermaid-font-family:system-ui,-apple-system,sans-serif;}\u003C\u002Fstyle>\u003Cg>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 10 5 L 0 10 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"4.5\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"8\" markerHeight=\"8\" orient=\"auto\">\u003Cpath d=\"M 0 5 L 10 10 L 10 0 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"11.5\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"10.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpath d=\"M 0 0 L 11.5 7 L 0 14 z\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-pointStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 11.5 14\" refX=\"1\" refY=\"7\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11.5\" markerHeight=\"14\" orient=\"auto\">\u003Cpolygon points=\"0,7 11.5,14 11.5,0\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fpolygon>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleEnd\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"11\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleStart\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-1\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 1; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleEnd-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refY=\"5\" refX=\"12.25\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-circleStart-margin\" class=\"marker flowchart-v2\" viewBox=\"0 0 10 10\" refX=\"-2\" refY=\"5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"14\" markerHeight=\"14\" orient=\"auto\">\u003Ccircle cx=\"5\" cy=\"5\" r=\"5\" class=\"arrowMarkerPath\" style=\"stroke-width: 0; stroke-dasharray: 1, 0;\">\u003C\u002Fcircle>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossEnd\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"12\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossStart\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 11 11\" refX=\"-1\" refY=\"5.2\" markerUnits=\"userSpaceOnUse\" markerWidth=\"11\" markerHeight=\"11\" orient=\"auto\">\u003Cpath d=\"M 1,1 l 9,9 M 10,1 l -9,9\" class=\"arrowMarkerPath\" style=\"stroke-width: 2; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossEnd-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"17.7\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cmarker id=\"diagram-1775215125442_flowchart-v2-crossStart-margin\" class=\"marker cross flowchart-v2\" viewBox=\"0 0 15 15\" refX=\"-3.5\" refY=\"7.5\" markerUnits=\"userSpaceOnUse\" markerWidth=\"12\" markerHeight=\"12\" orient=\"auto\">\u003Cpath d=\"M 1,1 L 14,14 M 1,14 L 14,1\" class=\"arrowMarkerPath\" style=\"stroke-width: 2.5; stroke-dasharray: 1, 0;\">\u003C\u002Fpath>\u003C\u002Fmarker>\u003Cg class=\"root\">\u003Cg class=\"clusters\">\u003C\u002Fg>\u003Cg class=\"edgePaths\">\u003Cpath d=\"M142.172,35L146.339,35C150.505,35,158.839,35,166.505,35C174.172,35,181.172,35,184.672,35L188.172,35\" id=\"diagram-1775215125442-L_A_B_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_A_B_0\" data-points=\"W3sieCI6MTQyLjE3MTg3NSwieSI6MzV9LHsieCI6MTY3LjE3MTg3NSwieSI6MzV9LHsieCI6MTkyLjE3MTg3NSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M369.281,35L373.448,35C377.615,35,385.948,35,393.615,35C401.281,35,408.281,35,411.781,35L415.281,35\" id=\"diagram-1775215125442-L_B_C_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_B_C_0\" data-points=\"W3sieCI6MzY5LjI4MTI1LCJ5IjozNX0seyJ4IjozOTQuMjgxMjUsInkiOjM1fSx7IngiOjQxOS4yODEyNSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M568.828,35L572.995,35C577.161,35,585.495,35,593.161,35C600.828,35,607.828,35,611.328,35L614.828,35\" id=\"diagram-1775215125442-L_C_D_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_C_D_0\" data-points=\"W3sieCI6NTY4LjgyODEyNSwieSI6MzV9LHsieCI6NTkzLjgyODEyNSwieSI6MzV9LHsieCI6NjE4LjgyODEyNSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M782.922,35L787.089,35C791.255,35,799.589,35,807.255,35C814.922,35,821.922,35,825.422,35L828.922,35\" id=\"diagram-1775215125442-L_D_E_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_D_E_0\" data-points=\"W3sieCI6NzgyLjkyMTg3NSwieSI6MzV9LHsieCI6ODA3LjkyMTg3NSwieSI6MzV9LHsieCI6ODMyLjkyMTg3NSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M965.766,35L969.932,35C974.099,35,982.432,35,990.099,35C997.766,35,1004.766,35,1008.266,35L1011.766,35\" id=\"diagram-1775215125442-L_E_F_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_E_F_0\" data-points=\"W3sieCI6OTY1Ljc2NTYyNSwieSI6MzV9LHsieCI6OTkwLjc2NTYyNSwieSI6MzV9LHsieCI6MTAxNS43NjU2MjUsInkiOjM1fV0=\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003Cpath d=\"M1193.219,35L1197.385,35C1201.552,35,1209.885,35,1217.552,35C1225.219,35,1232.219,35,1235.719,35L1239.219,35\" id=\"diagram-1775215125442-L_F_G_0\" class=\" edge-thickness-normal edge-pattern-solid edge-thickness-normal edge-pattern-solid flowchart-link\" style=\";\" data-edge=\"true\" data-et=\"edge\" data-id=\"L_F_G_0\" data-points=\"W3sieCI6MTE5My4yMTg3NSwieSI6MzV9LHsieCI6MTIxOC4yMTg3NSwieSI6MzV9LHsieCI6MTI0My4yMTg3NSwieSI6MzV9XQ==\" data-look=\"classic\" marker-end=\"url(#diagram-1775215125442_flowchart-v2-pointEnd)\">\u003C\u002Fpath>\u003C\u002Fg>\u003Cg class=\"edgeLabels\">\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_A_B_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_B_C_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_C_D_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_D_E_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_E_F_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"edgeLabel\">\u003Cg class=\"label\" data-id=\"L_F_G_0\" transform=\"translate(0, 0)\">\u003CforeignObject width=\"0\" height=\"0\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" class=\"labelBkg\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"edgeLabel \">\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"nodes\">\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-A-0\" data-look=\"classic\" transform=\"translate(75.0859375, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-67.0859375\" y=\"-27\" width=\"134.171875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-37.0859375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"74.171875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Codebase\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-B-1\" data-look=\"classic\" transform=\"translate(280.7265625, 35)\">\u003Crect class=\"basic label-container\" style=\"fill:#22c55e !important\" x=\"-88.5546875\" y=\"-27\" width=\"177.109375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-58.5546875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"117.109375\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>AI security scan\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-C-3\" data-look=\"classic\" transform=\"translate(494.0546875, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-74.7734375\" y=\"-27\" width=\"149.546875\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-44.7734375, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"89.546875\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Findings list\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-D-5\" data-look=\"classic\" transform=\"translate(700.875, 35)\">\u003Crect class=\"basic label-container\" style=\"fill:#0ea5e9 !important\" x=\"-82.046875\" y=\"-27\" width=\"164.09375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"color:#fff !important\" transform=\"translate(-52.046875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"104.09375\" height=\"24\">\u003Cdiv style=\"color: rgb(255, 255, 255) !important; display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\" xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\">\u003Cspan style=\"color:#fff !important\" class=\"nodeLabel \">\u003Cp>Human triage\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-E-7\" data-look=\"classic\" transform=\"translate(899.34375, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-66.421875\" y=\"-27\" width=\"132.84375\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-36.421875, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"72.84375\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Patch dev\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-F-9\" data-look=\"classic\" transform=\"translate(1104.4921875, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-88.7265625\" y=\"-27\" width=\"177.453125\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-58.7265625, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"117.453125\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>CI\u002FCD & release\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003Cg class=\"node default  \" id=\"diagram-1775215125442-flowchart-G-11\" data-look=\"classic\" transform=\"translate(1315.2890625, 35)\">\u003Crect class=\"basic label-container\" style=\"\" x=\"-72.0703125\" y=\"-27\" width=\"144.140625\" height=\"54\">\u003C\u002Frect>\u003Cg class=\"label\" style=\"\" transform=\"translate(-42.0703125, -12)\">\u003Crect>\u003C\u002Frect>\u003CforeignObject width=\"84.140625\" height=\"24\">\u003Cdiv xmlns=\"http:\u002F\u002Fwww.w3.org\u002F1999\u002Fxhtml\" style=\"display: table-cell; white-space: nowrap; line-height: 1.5; max-width: 200px; text-align: center;\">\u003Cspan class=\"nodeLabel \">\u003Cp>Monitoring\u003C\u002Fp>\u003C\u002Fspan>\u003C\u002Fdiv>\u003C\u002FforeignObject>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003C\u002Fg>\u003Cdefs>\u003Cfilter id=\"diagram-1775215125442-drop-shadow\" height=\"130%\" width=\"130%\">\u003CfeDropShadow dx=\"4\" dy=\"4\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Cdefs>\u003Cfilter id=\"diagram-1775215125442-drop-shadow-small\" height=\"150%\" width=\"150%\">\u003CfeDropShadow dx=\"2\" dy=\"2\" stdDeviation=\"0\" flood-opacity=\"0.06\" flood-color=\"#000000\">\u003C\u002FfeDropShadow>\u003C\u002Ffilter>\u003C\u002Fdefs>\u003Ctext x=\"1390.359375\" y=\"90\" text-anchor=\"end\" fill=\"#6b7280\" stroke=\"#ffffff\" stroke-width=\"3\" paint-order=\"stroke\" font-size=\"11\" font-family=\"system-ui, sans-serif\" opacity=\"0.7\">coreprose.com\u003C\u002Ftext>\u003C\u002Fsvg>\n\u003C\u002Fdiv>\n\u003Cp>Given that Firefox is far more fuzzed and reviewed than typical enterprise applications, Anthropic’s results imply that internal codebases—especially legacy C\u002FC++ and complex JavaScript—are prime candidates for AI‑assisted review.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Practical first steps for organizations include:\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Targeting high‑risk components (parsers, auth flows, memory‑unsafe modules) for AI‑assisted audits\u003C\u002Fli>\n\u003Cli>Using Claude‑style tools to generate minimized test cases and candidate patches\u003C\u002Fli>\n\u003Cli>Integrating AI findings into CI pipelines and secure coding playbooks\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>⚠️ \u003Cstrong>Triage remains essential\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>AI‑generated bug reports can still include false positives or low‑impact issues. The Firefox case underlines the need for:\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>A human triage layer staffed by experienced security engineers\u003C\u002Fli>\n\u003Cli>Severity scoring aligned with business risk\u003C\u002Fli>\n\u003Cli>Governance that treats AI as an accelerator, not a replacement, for secure development practices\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Mini‑conclusion: Mozilla’s experience suggests that embedding AI into established security workflows can dramatically expand coverage and speed without forcing wholesale changes to governance or release processes.\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n\u003Chr>\n\u003Ch2>Conclusion: A Blueprint for AI‑Augmented Defense\u003C\u002Fh2>\n\u003Cp>The Anthropic–Mozilla experiment shows that Claude Opus 4.6 can uncover high‑severity vulnerabilities in a world‑class, heavily tested browser at speeds humans cannot match: 22 Firefox CVEs, including 14 high‑severity issues, found in two weeks and rapidly patched for hundreds of millions of users.\u003Ca href=\"#source-3\" class=\"citation-link\" title=\"View source [3]\">[3]\u003C\u002Fa>\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-8\" class=\"citation-link\" title=\"View source [8]\">[8]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Security leaders should treat this as a blueprint. Pilot AI‑assisted code review on your most critical applications. Embed model findings into existing triage and patch workflows. Establish strong disclosure channels with vendors and open‑source maintainers. As AI makes vulnerability discovery cheaper and faster for everyone—including adversaries—organizations that operationalize these capabilities now will be positioned to benefit before attackers do.\u003Ca href=\"#source-5\" class=\"citation-link\" title=\"View source [5]\">[5]\u003C\u002Fa>\u003Ca href=\"#source-6\" class=\"citation-link\" title=\"View source [6]\">[6]\u003C\u002Fa>\u003Ca href=\"#source-9\" class=\"citation-link\" title=\"View source [9]\">[9]\u003C\u002Fa>\u003Ca href=\"#source-10\" class=\"citation-link\" title=\"View source [10]\">[10]\u003C\u002Fa>\u003C\u002Fp>\n","Anthropic and Mozilla ran a live‑fire experiment: could an AI model find serious, previously unknown vulnerabilities in one of the most tested browsers on earth?\n\nIn a focused two‑week sprint in Janua...","security",[],1424,7,"2026-03-20T11:14:16.137Z",[17,22,26,30,32,36,40,44,48,52],{"title":18,"url":19,"summary":20,"type":21},"Anthropic’s Claude found 22 vulnerabilities in Firefox in two weeks","https:\u002F\u002Fwww.facebook.com\u002FComputerworld\u002Fposts\u002Fanthropics-claude-found-22-vulnerabilities-in-firefox-in-two-weeks\u002F1348794250618440\u002F","Anthropic’s Claude found 22 vulnerabilities in Firefox in two weeks. Fourteen of the security vulnerabilities detected were classified as high risk....","kb",{"title":23,"url":24,"summary":25,"type":21},"Claude AI discovered 22 Firefox flaws. Here's how many it figured out how to exploit.","https:\u002F\u002Fsea.mashable.com\u002Ftech\u002F42523\u002Fclaude-ai-discovered-22-firefox-flaws-heres-how-many-it-figured-out-how-to-exploit","Claude AI discovered nearly two dozen vulnerabilities in Firefox, the Mozilla web browser.\n\nAnthropic teamed up with Mozilla to test the security of its browser, allowing its AI tool to probe for vuln...",{"title":27,"url":28,"summary":29,"type":21},"How Claude Opus 4.6 Discovered 22 CVEs in the World’s Most Tested Browser","https:\u002F\u002Fdeshpandetanmay.medium.com\u002Fhow-claude-opus-4-6-discovered-22-cves-in-the-worlds-most-tested-browser-af6f8bcb53c9","Twenty minutes.\n\nThat’s how long it took Claude Opus 4.6 to find a Use-After-Free vulnerability in Firefox’s SpiderMonkey JavaScript engine. By the time Anthropic’s researchers had validated and filed...",{"title":23,"url":31,"summary":25,"type":21},"https:\u002F\u002Fmashable.com\u002Farticle\u002Fclaude-22-firefox-flaws-exploited",{"title":33,"url":34,"summary":35,"type":21},"Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model","https:\u002F\u002Fthehackernews.com\u002F2026\u002F03\u002Fanthropic-finds-22-firefox.html","Anthropic on Friday said it discovered 22 new security vulnerabilities in the Firefox web browser as part of a security partnership with Mozilla.\n\nOf these, 14 have been classified as high, seven have...",{"title":37,"url":38,"summary":39,"type":21},"Partnering with Mozilla to improve Firefox’s security","https:\u002F\u002Fwww.anthropic.com\u002Fnews\u002Fmozilla-firefox-security","Policy\n\n# Partnering with Mozilla to improve Firefox’s security\n\nMar 6, 2026\n\nAI models can now independently identify high-severity vulnerabilities in complex software. As we recently documented, Cla...",{"title":41,"url":42,"summary":43,"type":21},"Opus 4.6 found 22 vulnerabilities in Firefox in two weeks","https:\u002F\u002Fwww.reddit.com\u002Fr\u002FAnthropic\u002Fcomments\u002F1rn7o1a\u002Fopus_46_found_22_vulnerabilities_in_firefox_in\u002F","Opus 4.6 found 22 vulnerabilities in Firefox in two weeks\n\nBlog post: Partnering with Mozilla to improve Firefox’s security: https:\u002F\u002Fwww.anthropic.com\u002Fnews\u002Fmozilla-firefox-security...",{"title":45,"url":46,"summary":47,"type":21},"Anthropic Claude Opus AI model discovers 22 Firefox bugs","https:\u002F\u002Fsecurityaffairs.com\u002F189131\u002Fai\u002Fanthropic-claude-opus-ai-model-discovers-22-firefox-bugs.html","Pierluigi Paganini · March 09, 2026\n\nAnthropic used Claude Opus 4.6 to identify 22 Firefox vulnerabilities, most of which were high severity, all of which were fixed in Firefox 148, released in Januar...",{"title":49,"url":50,"summary":51,"type":21},"AI Model Discovers 22 Firefox Vulnerabilities in Two Weeks","https:\u002F\u002Fwww.infoq.com\u002Fnews\u002F2026\u002F03\u002Fclaude-ai-firefox-vulnerability\u002F","Mar 19, 2026 — by Steef-Jan Wiggers\n\nRecently, Claude Opus 4.6 found 22 security vulnerabilities in Firefox in just two weeks. Fourteen earned high-severity classifications, which is almost 20% of all...",{"title":53,"url":54,"summary":55,"type":21},"Anthropic's Claude Finds More Bugs in Firefox Than Human Teams | PCMag","https:\u002F\u002Fwww.pcmag.com\u002Fnews\u002Fanthropics-claude-finds-more-bugs-in-firefox-than-human-teams","As more and more industries wake up to the threat of AI-based automation, new data from browser maker Mozilla shows that AI is proving proficient at identifying cybersecurity vulnerabilities in popula...",null,{"generationDuration":58,"kbQueriesCount":59,"confidenceScore":60,"sourcesCount":59},116213,10,100,{"metaTitle":6,"metaDescription":10},"en","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1655196601100-8bfb26cf99e9?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxjbGF1ZGUlMjBvcHVzJTIwZm91bmQlMjBmaXJlZm94fGVufDF8MHx8fDE3NzQwMDUyNDR8MA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress",{"photographerName":65,"photographerUrl":66,"unsplashUrl":67},"Denny Müller","https:\u002F\u002Funsplash.com\u002F@redaquamedia?utm_source=coreprose&utm_medium=referral","https:\u002F\u002Funsplash.com\u002Fphotos\u002Flogo-JySoEnr-eOg?utm_source=coreprose&utm_medium=referral",false,{"key":70,"name":71,"nameEn":71},"ai-engineering","AI Engineering & LLM Ops",[73,81,88,96],{"id":74,"title":75,"slug":76,"excerpt":77,"category":78,"featuredImage":79,"publishedAt":80},"69fc80447894807ad7bc3111","Cadence's ChipStack Mental Model: A New Blueprint for Agent-Driven Chip Design","cadence-s-chipstack-mental-model-a-new-blueprint-for-agent-driven-chip-design","From Human Intuition to ChipStack’s Mental Model\n\nModern AI-era SoCs are limited less by EDA speed than by how fast scarce verification talent can turn messy specs into solid RTL, testbenches, and clo...","trend-radar","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1564707944519-7a116ef3841c?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxNnx8YXJ0aWZpY2lhbCUyMGludGVsbGlnZW5jZSUyMHRlY2hub2xvZ3l8ZW58MXwwfHx8MTc3ODE1NTU4OHww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-05-07T12:11:49.993Z",{"id":82,"title":83,"slug":84,"excerpt":85,"category":11,"featuredImage":86,"publishedAt":87},"69ec35c9e96ba002c5b857b0","Anthropic Claude Code npm Source Map Leak: When Packaging Turns into a Security Incident","anthropic-claude-code-npm-source-map-leak-when-packaging-turns-into-a-security-incident","When an AI coding tool’s minified JavaScript quietly ships its full TypeScript via npm source maps, it is not just leaking “how the product works.”  \n\nIt can expose:\n\n- Model orchestration logic  \n- A...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1770278856325-e313d121ea16?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxNnx8Y3liZXJzZWN1cml0eSUyMHRlY2hub2xvZ3l8ZW58MXwwfHx8MTc3NzA4ODMyMXww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-04-25T03:38:40.358Z",{"id":89,"title":90,"slug":91,"excerpt":92,"category":93,"featuredImage":94,"publishedAt":95},"69ea97b44d7939ebf3b76ac6","Lovable Vibe Coding Platform Exposes 48 Days of AI Prompts: Multi‑Tenant KV-Cache Failure and How to Fix It","lovable-vibe-coding-platform-exposes-48-days-of-ai-prompts-multi-tenant-kv-cache-failure-and-how-to-fix-it","From Product Darling to Incident Report: What Happened\n\nLovable Vibe was a “lovable” AI coding assistant inside IDE-like workflows.  \nIt powered:\n\n- Autocomplete, refactors, code reviews  \n- Chat over...","hallucinations","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1771942202908-6ce86ef73701?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxsb3ZhYmxlJTIwdmliZSUyMGNvZGluZyUyMHBsYXRmb3JtfGVufDF8MHx8fDE3NzY5OTk3MTB8MA&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-04-23T22:12:17.628Z",{"id":97,"title":98,"slug":99,"excerpt":100,"category":93,"featuredImage":101,"publishedAt":102},"69ea7a6f29f0ff272d10c43b","Anthropic Mythos AI: Inside the ‘Too Dangerous’ Cybersecurity Model and What Engineers Must Do Next","anthropic-mythos-ai-inside-the-too-dangerous-cybersecurity-model-and-what-engineers-must-do-next","Anthropic’s Mythos is the first mainstream large language model whose creators publicly argued it was “too dangerous” to release, after internal tests showed it could autonomously surface thousands of...","https:\u002F\u002Fimages.unsplash.com\u002Fphoto-1728547874364-d5a7b7927c5b?ixid=M3w4OTczNDl8MHwxfHNlYXJjaHwxfHxhbnRocm9waWMlMjBteXRob3MlMjBpbnNpZGUlMjB0b298ZW58MXwwfHx8MTc3Njk3NjU3Nnww&ixlib=rb-4.1.0&w=1200&h=630&fit=crop&crop=entropy&auto=format,compress&q=60","2026-04-23T20:09:25.832Z",["Island",104],{"key":105,"params":106,"result":108},"ArticleBody_4aWaPWs3VNiiF10V5a8ztLMqb6w5Xc6Qf1CG4jc",{"props":107},"{\"articleId\":\"69bd2b405dcedbf95be0c877\",\"linkColor\":\"red\"}",{"head":109},{}]