Security researchers have admitted that Anthropic's Mythos AI model has been able to hack macOS, bypassing Apple's security systems in a way never previously achieved.
Mythos is an early version of a new, more powerful Claude AI model software that is yet to be made public. Anthropic's engineers have warned that it is too good at finding security exploits to allow it into the wild.
Now, proof of its abilities has come in the form of an escalation exploit. If used correctly, the exploit could potentially allow a hacker to gain control of a Mac despite Apple's security measures.
Detailing the news, The Wall Street Journal says that the security researchers were "excited about their discovery." In fact, they were so impressed with what Mythos had done that they drove to Apple's Cupertino HQ to share their findings.
Chained attacks
The researchers, from a Palo Alto-based research outfit, say that Mythos didn't use a single attack vector in its hack. Instead, it linked two bugs macOS together in an attempt to corrupt the Mac's memory.
The macOS operating system has been hacked in a new wayOnce the macOS memory had been compromised, Mythos was then able to "gain access to parts of the device that should be inaccessible." It's also possible that, should the hacks then be used alongside others, the Mac as a whole could become compromised.
For its part, a company spokesperson told the WSJ that it is reviewing and validating the security team's findings.
"Security is our top priority, and we take reports of potential vulnerabilities very seriously," Apple reportedly said. However, Apple hasn't yet said whether it has patched the bugs Mythos used for its hack.
In fact, it isn't clear what Mythos did and didn't do right now. That shouldn't be all that surprising, with details likely to remain fuzzy until Apple has addressed the security flaws that were leveraged.
However, the report also notes that the attack couldn't be achieved by Mythos alone. Without the skills of the hackers working alongside the AI, it is believed the hack wouldn't have been possible.
As for Mythos, Anthropic intends for it to be used for good. Project Glasswing was launched to allow Mythos to be used as a way to identify security flaws so they can be addressed.
Researchers share additional technical details
Additional details published by the researchers after the initial Wall Street Journal report describe the exploit as a "data-only kernel local privilege escalation chain" targeting macOS 26.4.1 running on Apple M5 hardware with Apple's Memory Integrity Enforcement protections enabled.
According to the researchers, the exploit starts from an unprivileged local user account and escalates to a root shell using standard system calls, two vulnerabilities, and several exploit techniques. The team said the exploit chain was developed in roughly five days after bugs were identified in late April.
The exploit specifically targeted Apple's Memory Integrity Enforcement, or MIE, system built around ARM's Memory Tagging Extension technology. Apple introduced MIE as a hardware-assisted mitigation designed to make memory corruption exploits harder to execute on modern Macs and future Apple Silicon devices.
Memory corruption bugs still drive many of the most serious attacks against modern operating systems because they can let attackers access protected memory or run unauthorized code. Apple has spent years building hardware and software protections to make those attacks harder on newer Apple Silicon systems.
MIE was designed to reduce the reliability of those exploits by enforcing stricter memory protections directly at the hardware level. The researchers claim their exploit chain survived MIE protections on bare-metal M5 hardware with kernel MIE enabled.
The attack is the first public macOS kernel memory corruption exploit demonstrated against Apple's new MIE hardware protections, according to the team. Apple hasn't independently confirmed those claims or said whether it has patched the vulnerabilities involved.
Researchers involved in the project said Mythos didn't independently develop the exploit chain. Human researchers worked alongside the AI system throughout vulnerability discovery and exploit development.
Mythos did help identify known bug classes and accelerate parts of the research process. The team hasn't released the vulnerabilities, exploit code, or full technical report because Apple is still reviewing the findings.
