Anthropic’s Mythos AI Uncovers Critical macOS Vulnerabilities
In a groundbreaking development, security researchers at Calif, a Palo Alto-based cybersecurity firm, have leveraged Anthropic’s advanced AI model, Mythos, to identify two previously undocumented vulnerabilities within Apple’s macOS operating system. These vulnerabilities, when exploited in tandem, enable attackers to bypass Apple’s robust memory integrity protections, granting unauthorized access to restricted system areas.
The discovery emerged during intensive testing sessions in April 2026. Calif’s team combined the two macOS vulnerabilities with sophisticated techniques to corrupt system memory, effectively breaching areas that are typically inaccessible to standard processes. This privilege escalation exploit represents a novel attack vector, posing significant security risks to macOS users.
According to reports from The Wall Street Journal, if this exploit were integrated with additional attack methods, it could potentially allow malicious actors to gain full control over targeted Mac systems. Calif’s researchers developed custom software that links these vulnerabilities, creating an unprecedented attack pathway within macOS.
It’s important to note that while Mythos played a crucial role in identifying these vulnerabilities, the execution of the exploit required substantial human expertise. Calif’s CEO, Thai Dong, emphasized this collaboration, stating that the attack couldn’t have been pulled off by Mythos alone and leveraged the very human cybersecurity expertise of some of Calif’s hackers.
Anthropic’s Mythos AI, formerly known as the Claude Mythos Preview, has been intentionally withheld from public release due to its exceptional capability in identifying software vulnerabilities. As part of Anthropic’s Project Glasswing initiative, approximately 40 select organizations, including tech giants like Apple, Google, and Microsoft, have been granted controlled access to Mythos for defensive security research. Anthropic has committed up to $100 million in usage credits to support this collaborative effort.
Prior to the macOS discovery, Mythos demonstrated its prowess by uncovering a 27-year-old bug in OpenBSD and identifying vulnerabilities in Linux that could lead to system hijacking. These findings underscore the model’s potential in enhancing cybersecurity measures.
In response to the findings, Calif’s researchers personally delivered a comprehensive 55-page technical report to Apple’s headquarters in Cupertino. An Apple spokesperson acknowledged the report, stating, Security is our top priority, and we take reports of potential vulnerabilities very seriously. While Apple has not confirmed the initiation of patching processes, Calif’s CEO expressed confidence that the bugs will likely be fixed pretty quickly.
Full technical details of the vulnerabilities will remain confidential until Apple addresses the underlying issues, ensuring the security of macOS users worldwide.
