Mozilla fixed more than 100 bugs in Firefox discovered by Anthropic's Claude, including 22 security flaws. The announcement would normally be cause for celebration in the open-source community. Yet buried in the same week's reporting was a less convenient truth:about 10 per cent of Firefox browser crashes can be attributed to bit flips, unintentional changes in memory, rather than software errors.
The contrast exposes a defining tension in software security today. Whilst artificial intelligence can now identify high-severity vulnerabilities at unprecedented speed, the largest source of user harm often lies beyond any programmer's control, in the physical degradation of hardware itself.
Anthropic uncovered more than 500 previously unknown flaws across open-source projects whilst testing Claude Opus 4.6 last month, including 112 reports submitted to Mozilla over a two-week period.Claude Opus 4.6 discovered 22 vulnerabilities over the course of two weeks, with 14 assigned as high-severity, representing almost a fifth of all high-severity Firefox vulnerabilities that were remediated in 2025.Most issues have been fixed in Firefox 148, with the remainder to be fixed in upcoming releases.
From a fiscal responsibility standpoint, this is precisely the kind of smart resource allocation the tech industry should pursue.AI models are rapidly lowering the cost of finding software vulnerabilities, surfacing serious flaws even in heavily scrutinised projects like Firefox. By shifting some burden of security review to machine analysis, Firefox engineers could focus on patches rather than hunt-the-bug tedium. The work reflects responsible disclosure practices and genuine collaboration between an AI safety firm and an open-source maintainer.
Yet Svelto's findings pose a harder problem.In the last week, Mozilla received about 470,000 crash reports from Firefox users, which just covers those who opted in to crash reporting. Of those,about 25,000 look to be potential bit flips. That is roughly one crash every twenty potentially caused by bad or flaky memory.Bit flips can be caused by a variety of things, such as cosmic rays and Rowhammer attacks. But often the explanation is more mundane: flawed electronic components.
This reveals a genuine accountability gap. Electronics manufacturers face weaker incentives to prioritise quality control than software vendors do.Hundreds of millions of users rely on Firefox daily, and browser vulnerabilities are particularly dangerous because users routinely encounter untrusted content and depend on the browser to keep them safe. Yet no amount of AI-driven code review can save a browser from corruption when the underlying RAM is defective.
The counterargument deserves a hearing. Bit flip mitigation is expensive. Most consumer devices do not use error-correcting code (ECC) memory, which adds cost and complexity. Large-scale data centre operators like Google and Meta have been forced to develop their own screening processes because manufacturing and retail testing cannot catch all defects. For consumer electronics, accepting some failure rate is economically rational, even if frustrating for users.
There is no easy middle ground here. Better hardware quality costs money. Better security detection tools cost development time. Neither alone solves the problem.There is likely a substantial backlog of now-discoverable bugs across widely deployed software. Mozilla and Anthropic have shown that AI can dramatically accelerate vulnerability discovery. But until device manufacturers invest equally in component reliability, hundreds of millions of Firefox users will continue to experience crashes from failures no patch can prevent.
For users, the practical conclusion is clear: update toFirefox 148.0, which shipped fixes to hundreds of millions of users. For policymakers and manufacturers, the broader lesson cuts deeper. Software security has reached a stage where AI detection is now cheaper and faster than human review. Hardware quality has not. That imbalance will shape the reliability and security of consumer devices for years to come.