Researchers Bypass Advanced macOS Security Using Anthropic's Mythos AI

Security researchers have uncovered a method to bypass Apple's advanced macOS security protections using techniques identified while testing Anthropic's unreleased Mythos AI model. The researchers say the technique circumvents Memory Integrity Enforcement, a defense system Apple spent half a decade engineering to prevent memory corruption exploits.



Researchers at the Palo Alto-based security firm Calif combined two separate bugs with a handful of evasion techniques to corrupt the Mac's memory. This allowed the team to gain access to highly restricted areas of the operating system. The flaw functions as a privilege escalation exploit, meaning a malicious actor could potentially seize full control of a computer if they chain the vulnerabilities together with other initial attack vectors.


Apple is actively reviewing a 55-page technical report that Calif researchers delivered in person to the company's Cupertino headquarters this week. An Apple spokesperson confirmed the ongoing review of the findings, stating that security remains a top priority and the company takes reports of potential vulnerabilities very seriously.

The breach is particularly notable given Apple's intense efforts to harden its operating systems against modern hacking tools. When Apple introduced Memory Integrity Enforcement to its custom silicon and software stack, it described the technology as an industry-first, always-on safeguard designed to shut down memory-based exploits without impacting device performance. Former Google security researcher Michał Zalewski reviewed Calif's work and noted that the technique is significant precisely because macOS is widely considered one of the toughest targets for hackers. Zalewski added that while some of the hype surrounding the Mythos model may be overblown, it is absolutely possible to use these latest tools for meaningful vulnerability research and code auditing.

The exploit highlights the evolving role of artificial intelligence in cybersecurity. According to Calif chief executive Thai Duong, building the code that exploited the two macOS bugs took just five days using Anthropic's Claude. However, the effort still required significant human expertise to pull off. Duong pointed out that while Mythos excels at reproducing previously documented intrusion techniques and auditing code, the AI has not yet demonstrated the ability to invent entirely new methods on its own.

The findings, originally detailed by the Wall Street Journal, arrive as cybersecurity experts warn of a potential wave of software flaw discoveries driven by advanced large language models. The rapid pace of AI-assisted security research is already straining the ability of technology companies to patch weaknesses quickly. Earlier this year, Anthropic's AI identified over 100 high-severity vulnerabilities in the Firefox browser in just two weeks, a volume of discoveries that normally takes the broader security community several months to achieve.


This phenomenon has even begun to reshape federal policy. The surge in AI-assisted exploits is upending the White House's artificial intelligence strategy, pushing officials to reconsider their previously hands-off approach to AI development. The administration is reportedly considering an executive order that would grant the government oversight over the most sophisticated AI models.

Anthropic has kept Mythos under tight restrictions, limiting early access to a select group of partners rather than opening it to the public. Apple recently joined Anthropic's Project Glasswing program to deploy frontier AI systems defensively across its infrastructure. The effort aims to allow Apple's internal security teams to proactively scan codebases and harden macOS, iOS, and Safari before outside actors can exploit them.

The Calif researchers plan to withhold the technical specifics of their attack chain until Apple releases patches for the underlying issues.