In short
- The security firm claims to have developed a MacOS kernel that targets Apple’s M5 chip and Memory Integrity Enforcement system.
- The company says that Anthropic’s Claude Mythos AI vision system helped identify bugs and help with economic growth.
- Apple has not publicly responded to the allegations.
Apple devices have long been considered more difficult to hack due to the company’s tight integration with software security. Now, security insiders say a small team of researchers used Anthropic’s Claude Mythos image to create a vulnerability against Apple’s new M5 security system in less than a week.
In the Substack post printed On Thursday, the Vietnam-based Calif. said it had developed what it described as the first public MacOS hack that can survive Apple’s new Memory Integrity Enforcement, or MIE, security feature on M5 devices. Calif said he shared his findings with Apple during a meeting at the tech giant’s headquarters in California.
“We wanted to say it in person, instead of being buried in the flood that some of the Pwn2Own unfortunates have experienced,” said Calif. “Many respectable hackers avoid social interaction whenever possible, so this exercise may give us a slight edge in the eternal race for five minutes of fame and glory on Twitter.”
According to Calif, the “attack method” was discovered by accident after researchers discovered the bug on April 25, and then started using it by May 1.
The exploit chain requires macOS 26 running on the Apple M5. According to the company, the threat starts from an unauthorized local user account and reaches root access using ordinary phones. The operation is said to include two strikes and additional measures targeting the M5 non-metallic weapon with the MIE kernel.
Calif said the Mythos Preview helped identify vulnerabilities and help with overall development, but added that human expertise was needed to bypass Apple’s new MIE protections.
“One of our motivations was to test what is possible when the best models are combined with experts,” the company wrote. “Until kernel memory corruption uses the best protection for the week it is important, and it says the power of the pair.”
Memory leaks are still one of the most common ways that threats get into operating systems and software, as they can allow an attacker to compromise the software, steal data, or even monitor it. Apple’s MIE feature uses memory-based technology to make this more difficult.
Anthropic released a preview of Mythos in April after internal testing and external evaluations showed that the model could detect and exploit software threats at a level beyond previous AI models.
Instead of releasing it publicly, Anthropic prohibited opportunity to choose technology companies, banks, and researchers under it Project Glasswing nothing. That same month, it was also revealed that the US National Security Agency was to use The legend though continues argument between Anthropic and the Donald Trump administration.
Mozilla later claimed that Mythos was discovered 271 Vulnerabilities in Firefox during internal testing, by the UK’s AI Security Institute found the model can seamlessly handle multi-level cyberattack efforts.
Myriad users – a market forecasting platform powered by DecryptDastan’s parent company can’t believe that Claude Mythos is about to be released. only 10.5% chance of opening to the public as of June 30, as of this writing.
Calif called the Apple M5 application “a demonstration of what is to come.”
“Apple built MIE into the world of Mythos Preview,” wrote Calif. “We’re about to learn how the best mitigation technology on Earth exists during the first AI bugmageddon.”
Daily Debrief A letter
Start each day with top stories right here, including originals, podcasts, videos and more.
