The Clock Is Ticking: AI Can Find Your Software Vulnerabilities, and It's Learning to Exploit Them
By: Casey Cannady : privacy hawk & technology architect
AI just found 22 vulnerabilities in Firefox in two weeks. It's better at finding bugs than exploiting them, for now. That gap is closing faster than anyone is prepared for.
The Framing You're Being Given
Here's the headline version of what Anthropic published on their Frontier Red Team blog this week:
"AI helped make Firefox more secure! Claude found bugs! Mozilla patched them! Isn't technology wonderful?"
That framing isn't wrong. It's just dangerously incomplete.
Yes, AI is finding vulnerabilities at speeds no human team can match. Yes, defenders currently have the advantage. Yes, patches are shipping. All true.
But buried in the same report is the sentence that should be keeping every developer, sysadmin, and software maintainer up at night:
"It is unlikely that the gap between frontier models' vulnerability discovery and exploitation abilities will last very long."
That's the story. Everything else is the brochure.
What Actually Happened (Without the PR Gloss)
Anthropic's team pointed Claude Opus 4.6 at Firefox, one of the most well-tested, security-hardened open-source codebases on the planet, and asked it to find novel vulnerabilities. Not historical CVEs. Not known issues. New ones.
Here's what happened:
- 20 minutes in, Claude identified a Use After Free vulnerability in Firefox's JavaScript engine
- By the end, Claude had scanned nearly 6,000 C++ files and submitted 112 unique bug reports
- 22 vulnerabilities were confirmed. 14 were classified high-severity, accounting for almost a fifth of all high-severity Firefox fixes for the entire year of 2025
- Fixes shipped to hundreds of millions of Firefox users in version 148
Let that sink in. A single AI agent, in two weeks, matched a meaningful fraction of what Mozilla's entire security research community identified over a full year.
That's not a party trick. That's a fundamental shift in how fast the vulnerability discovery pipeline moves.
The Number That Actually Matters
Everyone's focusing on the 22 CVEs. I want to talk about a different number: $4,000.
That's roughly what Anthropic spent in API credits running Claude hundreds of times to attempt to turn those vulnerabilities into working exploits.
At that cost, Claude succeeded in fully exploiting two of the bugs.
Here's why that's not reassuring: it's a warning.
Right now, finding bugs is cheap. Exploiting them is hard. That's the gap defenders are operating in. But Anthropic's own team is telling you directly: that gap is a temporary condition, not a permanent one.
The cost of discovery is already an order of magnitude lower than the cost of exploitation. As models improve, that exploitation cost drops. At some point (and nobody knows exactly when) those lines cross. When they do, the calculus of cyberattacks changes entirely.
The window to act is open. It will not stay open.
The Part the "AI Is Amazing" Coverage Skips
Let me break down what the surveillance-as-a-service crowd figured out years ago and apply it here: the technology doing the finding and the technology doing the attacking are the same technology.
The same capabilities that let Claude identify a memory corruption bug in 20 minutes are the same capabilities an adversary will eventually use to develop a working exploit in the same timeframe.
Anthropic's red team was transparent about this. The exploits Claude wrote only worked in a controlled environment with browser security features intentionally stripped out. Real-world exploitation is still hard. Sandboxes, mitigations, and defense-in-depth still matter.
But here's the uncomfortable truth about "defense in depth": it assumes defenders are moving at approximately the same speed as attackers. AI is about to break that assumption completely.
What This Means If You're Not a Security Pro
You don't need to understand memory allocation or JavaScript engine internals to grasp why this matters. Here's the plain version:
Software has bugs. Always has. Finding those bugs used to require expensive, rare human expertise and significant time. That scarcity gave the security community breathing room: time to find issues, disclose them responsibly, and patch them before attackers exploited them.
AI is eliminating that breathing room.
The good news: AI-powered defenders (like Anthropic's team) are finding and reporting these issues faster than ever. Mozilla patched 22 vulnerabilities that might have gone undetected for years.
The bad news: the same acceleration applies to attackers. The moment AI becomes reliably good at not just finding bugs but weaponizing them, the entire responsible disclosure model, the foundation of modern software security, faces an existential stress test.
What Should Actually Happen Now
Anthropic laid out their CVD (Coordinated Vulnerability Disclosure) principles and called on developers to act. I'll be more direct:
If you maintain software that people depend on, this is your wake-up call.
Not next quarter. Not when the budget allows. Now.
- Audit your attack surface: understand where your code is most exposed
- Adopt modern memory-safe languages where feasible; Rust exists for a reason
- Invest in your own AI-assisted security tooling; the defenders using these tools first have the advantage
- Build relationships with responsible disclosure researchers; Mozilla's partnership model with Anthropic is exactly right
- Assume your vulnerabilities are being found: by someone, right now, whether you know it or not
The security community has known for years that attackers operate asymmetrically: one successful breach vs. a thousand failed defenses. AI is about to make that asymmetry worse by an order of magnitude.
The question isn't whether AI will be used to develop exploits at scale. It's whether you'll have patched your software before that happens.
The Bottom Line
Stop celebrating that AI found 22 Firefox bugs.
Start asking: what happens when the same AI that found them can reliably weaponize them, and your software still isn't patched?
That's the question nobody in the press releases is asking. It's the only one that matters.
Source: Anthropic Frontier Red Team, Partnering with Mozilla to Improve Firefox's Security , March 6, 2026
Feel free to reach out: hello@caseycannady.com. Let's keep the conversation going about AI, cybersecurity, and what's actually coming.