The Ghost in the Machine: Anthropic’s ‘Mythos’ AI Cracks macOS 26
Toggle Dark Mode
Security researchers at Palo Alto-based cybersecurity research firm Calif have used Anthropic’s Mythos AI model to penetrate Apple’s macOS security systems running on an M5 chip in a manner that’s never been achieved before.
Mythos is an early version of a powerful new Claude AI model that Anthropic has not yet made public, as the company’s engineers say the new model is simply too good at discovering security holes that can be exploited.
However, researchers with access to the model have used Mythos to help discover an escalation exploit for macOS that could potentially allow bad guys to gain control of your Mac, despite the operating system’s security features.
The Wall Street Journal reports that the Calif security researchers were so excited about their discovery and impressed by what Mythos had pulled off that they drove to the Apple Park headquarters to share their findings with the company.
Calif researchers say that unlike traditional malware, Mythos did not use a single attack vector in its hack, but rather took an entirely new approach, linking two distinct macOS bugs in an attempt to corrupt the targeted Mac’s memory.
Once it had corrupted the macOS memory, Mythos then was able to “gain access to parts of the device that should be inaccessible.” The hacks could be used alongside other attacks, compromising the Mac system as a whole.
An Apple spokesperson told the WSJ that it is currently reviewing and validating Calif’s findings.
“Security is our top priority, and we take reports of potential vulnerabilities very seriously,” Apple told the publication. However, Apple did not confirm whether it has patched the bugs Mythos used for its hack.
How Mythos Found a New Way Into macOS
The details as to how Calif was able to use Mythos in the attack are a bit fuzzy right now. As pointed out by Mactrast, this isn’t unusual, as details of security breaches by “white hat” hackers like this aren’t usually revealed until the relevant security flaws have been fixed.
What we do know is that Mythos did not pull off the attack on its own. The hack required the skills of hackers who worked alongside the Mythos AI system throughout vulnerability discovery and exploit development, according to the report. However, Mythos did help identify known bug classes and accelerate portions of the research process.
For its part, Anthropic did not create Mythos to be used for evil. It launched it as part of an initiative dubbed “Project Glasswing,” with the intention of the AI model being used to identify security flaws so they can be addressed before they are exploited.
Following the initial WSJ report, researchers have posted additional details, noting that the exploit is a “data-only kernel local privilege escalation chain” targeting macOS 26.4.1 running on Apple M5 hardware with Apple’s Memory Integrity Enforcement protections enabled. The latest version of macOS Tahoe available to the general public is version 26.5, which was released earlier this week, but it’s not clear if it includes a fix for this particular vulnerability.
The exploit directly targets Apple’s Memory Integrity Enforcement (MIE) system, which is built around ARM’s Memory Tagging Extension technology. MIE is a hardware-assisted mitigation designed to make memory corruption exploits harder to execute on modern Macs and future Apple Silicon devices.
The research team notes that this attack is the first publicly-demonstrated macOS kernel memory corruption exploit against Apple’s MIE protections. However, Apple has yet to confirm the team’s claims.
Researchers say the exploit starts with using an unprivileged local user account, escalating to root shell (granting full administrative control) using standard system calls, attacking two vulnerabilities, using several exploit techniques. The exploit chain was reportedly developed less than a week after the bugs were identified in late April.
