Mythos AI and the Discovery of New macOS Security Vulnerabilities
Security firm Calif used Anthropic Mythos AI to uncover critical macOS security vulnerabilities that had previously gone undetected. Working with an early Claude Mythos Preview model, the team identified a sophisticated exploit chain targeting the memory of Apple’s desktop operating system. Rather than relying on a single weakness, Mythos helped researchers locate two distinct bugs and reason about how they could be combined into a practical attack. The resulting exploit, described as a data-only kernel local privilege escalation chain, allowed an unprivileged local user to gain root-level access on macOS 26.4.1 running on Apple’s M5 hardware. Calif produced a detailed 55-page report and personally delivered it to Apple’s headquarters so the company could validate and remediate the Apple security flaws. This episode highlights how advanced AI tools can reveal macOS security vulnerabilities even in systems with strong, modern defenses.
Bypassing Apple’s Memory Integrity Enforcement in an Unprecedented Way
The most striking achievement of the Anthropic Mythos AI–assisted research was its ability to bypass Apple’s Memory Integrity Enforcement protections. MIE, built on ARM’s Memory Tagging Extension, is designed to make memory corruption exploits far less reliable on modern Macs. Yet the exploit chain developed by Calif’s team survived MIE on bare-metal M5 hardware, starting from a standard unprivileged user account and escalating to a root shell using only system calls and the two newly found vulnerabilities. This represented a type of chained attack that Apple’s security systems had not previously seen in the wild. The researchers stressed that Mythos did not execute the attack on its own, but it rapidly identified relevant bug classes and suggested viable exploitation paths. Their work shows that even cutting-edge mitigations can be undermined when AI systems are capable of systematically exploring complex attack surfaces at machine speed.
Inside Project Glasswing: Controlled AI Security Research
Anthropic has deliberately kept Mythos AI out of public release because of its exceptional skill at discovering software flaws. Instead, the company launched Project Glasswing, a controlled program that grants access only to select partners such as Apple, Microsoft, Google, and vetted security firms. Under this framework, Claude Mythos Preview is used strictly for defensive AI security research, helping organizations identify and patch vulnerabilities before attackers can exploit them. Calif’s blog post notes that Mythos quickly pinpointed the macOS bugs because they belonged to known classes of memory corruption issues, and once it “learned” the pattern, it generalized to similar problems with ease. This controlled deployment model reflects a growing recognition that powerful AI tools can be dual-use technologies. By restricting Mythos to trusted environments, Anthropic aims to maximize its value for vulnerability discovery while minimizing the chances that its capabilities could be weaponized.
A New Frontier for AI-Assisted Vulnerability Discovery
The Mythos-powered macOS exploit signals a broader shift in how critical software flaws will be found in the future. In this case, AI did not replace human expertise; instead, it amplified it. Researchers relied on their own skills to validate, refine, and weaponize the bugs Mythos surfaced, emphasizing that the exploit could not have been achieved by the AI alone. However, the speed and thoroughness with which Mythos analyzed complex code and security mitigations demonstrate a new level of efficiency in vulnerability discovery. For defenders, this offers a powerful tool to preempt attackers by hardening systems faster than ever before. For Apple, the incident underscores that even highly hardened platforms require constant, AI-augmented scrutiny. As more organizations adopt AI-driven testing, the line between offensive and defensive research will blur, making governance, access control, and coordinated disclosure increasingly critical.