cybersecurity is about to get weird

Claude (Anthropic's AI model) found 22 zero-day vulnerabilities in Firefox, 14 of which were high severity, as part of a partnership with Mozilla. More significantly, Claude autonomously developed a working exploit for a complex WebAssembly/JavaScript binding use-after-free vulnerability in Firefox, achieving arbitrary read/write primitives in ~350 attempts for roughly $4,000 in compute costs. The post also covers AI-powered vulnerability benchmarking (CyberGym), where Claude Opus 4.6 achieved a 66.6% success rate vs. 7.4% for GPT-4.1 less than a year ago. Additionally, nation-state threat actors (APT36) are now using AI-generated 'vibecoded' malware in multiple languages to evade detection. Practical defensive advice includes MFA, hardware security keys, and keeping antivirus updated.