Anthropic Mythos AI Finds macOS Flaws B Anthropic’s Reportedly

An early version of Anthropic’s secretive Mythos AI model has helped security researchers at Calif, a Palo Alto-based cybersecurity firm, uncover two previously undocumented vulnerabilities in Apple’s macOS.

The bugs were chained together into a privilege escalation exploit capable of bypassing Apple’s state-of-the-art memory integrity enforcement, granting unauthorized access to parts of the system that are supposed to be completely off-limits.

Apple is now reviewing a 55-page report from Calif, with patches expected once findings are validated.

Mythos AI Found macOS Vulnerabilities

Discovered during testing sessions in April, the exploit combines two macOS bugs alongside several advanced techniques to corrupt the Mac’s memory, ultimately breaking into restricted system areas that normal processes cannot reach.

According to The Wall Street Journal, if the privilege escalation exploit were chained with additional attacks, it could enable a malicious actor to seize full control of the targeted Mac.

Calif’s researchers wrote custom software that links the two vulnerabilities together, producing an attack vector that macOS has never encountered in this form before.

Importantly, this is not a remotely deployable worm; the exploit still requires significant human expertise layered on top of what Mythos produced.

Calif CEO Thai Dong acknowledged as much, stating the attack “couldn’t have been pulled off by Mythos alone and leveraged the very human cybersecurity expertise of some of Calif’s hackers.”

Anthropic’s Mythos, formerly known as the Claude Mythos Preview, has been deliberately kept from public release due to its extraordinary and potentially dangerous capabilities for identifying software vulnerabilities.

The model is part of Anthropic’s broader Project Glasswing initiative, which grants approximately 40 select organizations, including Apple, Google, and Microsoft, controlled access to Mythos for defensive security research.

Anthropic has committed up to $100 million in usage credits to support the collaborative effort.

Mythos has already demonstrated its potential: prior to the macOS discovery, the model reportedly uncovered a bug in OpenBSD that had gone undetected for 27 years and identified vulnerabilities in Linux that could hijack machines.

Engineers at Anthropic have explicitly warned that the model’s proficiency in surfacing security flaws is too significant to be released without strict guardrails.

Calif researchers were so confident in their findings that they traveled in person to Apple’s headquarters in Cupertino to deliver the 55-page technical report directly.

An Apple spokesperson responded to The Wall Street Journal, stating: “Security is our top priority, and we take reports of potential vulnerabilities very seriously.”

Apple has not confirmed whether it has begun patching the reported vulnerabilities, but Calif CEO Thai Dong told the WSJ he believes “the bugs will likely be fixed pretty quickly.”

Full technical details of Calif’s discoveries will not be released publicly until Apple has addressed the underlying issues.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.