Hardening Firefox with Anthropic's Red Team

Posted by todsacerdoti 21 hours ago

Hardening Firefox with Anthropic's Red Team(www.anthropic.com)

The bugs are the ones that say "using Claude from Anthropic" here: https://www.mozilla.org/en-US/security/advisories/mfsa2026-1...

https://blog.mozilla.org/en/firefox/hardening-firefox-anthro...

https://www.wsj.com/tech/ai/send-us-more-anthropics-claude-s...

555 points | 153 commentspage 4

lloydatkinson 20 hours ago||

Anthropic feels like they are flailing around constantly trying to find something to do. A C compiler that didn't work, a browser that didn't work, and now solving bugs in Firefox.

gehsty 20 hours ago||

This makes sense - they are demonstrating the capability of their core product by doing so? They dont make browsers, c compilers, they sell ai + dev tools.

jdiff 19 hours ago|||

Seems like a poor advertisement for their product if their shining example of utility is a broken compiler that doesn't function as the README indicates.

gehsty 18 hours ago||

Impressive that it made a c compiler though? Or do we judge all programmers by their documentation now?

agentultra 3 hours ago||

All it took was all the C compilers they could scrape into their training set.

It’s not impressive in the sense that it’s doing what it was designed to.

It just happens that it generated a C compiler that kind of worked.

Someone came by later and used more AI on it to make it closer to a production grade C compiler like gcc/clang.

Saying, “it made a C compiler,” is not specific enough.

delfinom 20 hours ago|||

Capability of a product that makes non-working outputs at a premium?

I can hire an intern for that.

gehsty 18 hours ago||

Will cost you a lot more ;)

manbash 20 hours ago|||

I think it's a nice break from vibe-coding. It feels like a good direction in terms of use cases for LLM.

simonw 18 hours ago|||

What was Anthropic's "browser that didn't work"?

utopiah 17 hours ago||

I think they meant Cursor, cf https://news.ycombinator.com/item?id=46646777

saagarjha 19 hours ago|||

Solving bugs in Firefox is quite impressive.

ferguess_k 17 hours ago|||

However, the shape is there. And no one knows how good the thing is going to be after X months. We are measuring months here, not even years.

I believe there is a theoretical cap about the capability of LLM. I'm wondering what does it look like.

mmis1000 15 hours ago||

If it explore all these cases after a few month and made the tool itself obsolete, that sounds like a total win to me?

However that don't happen unless firefox just stop developing though. New code comes with new bug, and there must be some people or some tool to find it out.

Analemma_ 19 hours ago|||

I think OpenAI is flailing around too-- we're making an AI-generated shortform video app, we're rescinding restrictions on porn, we're making a... something... with Jony Ive-- but only Anthropic is flailing in a way beneficial to society instead of becoming a trillion dollar heroin dealer.

dartharva 14 hours ago||

That's what people back then must have talked about small offshoots like Google and Microsoft back when silicon valley was nascent

semiquaver 17 hours ago||

It’s just a stochastic parrot! Somehow all these vulnerabilities were in the training data! Nothing ever happens!

(/s if it’s not clear)

applfanboysbgon 11 hours ago|

What an irritating comment. Identifying bugs in code is, in fact, exactly something a stochastic parrot could do. Vulnerability research is already a massively automated industry, and there's even a very well-established term -- "script kiddies" -- for malicious teenagers who run scripts that automatically find vulnerabilities in existing services without any knowledge of how they work. Having a new form of automation can certainly be a useful tool, but is still in no way an indication of "intelligence" or any deviation from the expected programming of next token prediction guided by statistical probability.

semiquaver 10 hours ago||

Thank you very much for acting as a useful foil and proving my point.

applfanboysbgon 9 hours ago||

You didn't make a point, and still haven't. You screeched a bunch of buzzphrases sarcastically as if that were equivalent to making a point, which is about par for the course for the level of reasoning (ie. none) shown by people with the position you hold. You seem to take it for granted that just by asserting that LLMs aren't next-token-prediction-programs, that must be factually true, without making any kind of argument or reasoning for why that is the case. Of course, any attempt to reason at that position falls apart under trivial scrutiny, so it's no wonder you're averse to reasoning about it and settle for trite assertions.

shevy-java 16 hours ago|

Mozilla betting on AI.

I am concerned.