Anthropic’s team got in touch with Firefox engineers after using Claude to identify security bugs in our JavaScript engine. Critically, their bug reports included minimal test cases that allowed our security team to quickly verify and reproduce each issue.
There’s not a lot of software in that size class, deps included. Browsers are some of the most ludicrously complex, heavy, buggy and messy badly specified heaps of software in existence. Mostly because of the way the web is and was plus microslop.
And they are used to parse and even execute tons of hostile script and media.
The number of bugs remaining must be astounding as is the bugs that have been going and fixed.