Security researchers say Anthropic’s Mythos AI—an early, not-public Claude model—was able to hack macOS by chaining two bugs to corrupt memory and reach parts of the device that should remain inaccessible. The exploit was described as a “data-only kernel local
When security researchers showed what Anthropic’s Mythos AI could do on macOS. they didn’t just publish a technical finding—they rushed it to Apple’s campus.. The Wall Street Journal says the team was “excited about their discovery. ” so impressed that they drove to Apple’s Cupertino HQ to share what they had found.
Mythos is an early version of a new, more powerful Claude AI model software that has not been made public.. Anthropic’s engineers have already warned that it is “too good at finding security exploits” to release widely.. Now the question is whether the model’s ability can be contained to the lab—because the researchers say an escalation exploit could let a hacker gain control of a Mac despite Apple’s security measures.
The researchers, from a Palo Alto-based research outfit, say Mythos didn’t rely on a single attack route.. Instead, it linked two bugs in macOS together to try to corrupt the Mac’s memory.. Once that memory had been compromised. Mythos was then able to “gain access to parts of the device that should be inaccessible.” They also note that. if the chained hacks were used alongside other weaknesses. the Mac as a whole could become compromised.
A company spokesperson told the WSJ that Apple is reviewing and validating the security team’s findings.. Apple also reportedly said: “Security is our top priority. and we take reports of potential vulnerabilities very seriously.” But Apple has not yet said whether it has patched the bugs used in the Mythos-assisted hack. and it also isn’t clear what Mythos did and didn’t do in the exact process—details the researchers say are likely to remain fuzzy until Apple addresses the flaws involved.
One element of tension runs through the account: Mythos is credited with accelerating parts of the work, but researchers say the hack couldn’t have been achieved by the AI alone. The report notes the skills of hackers working alongside the AI were believed to be necessary for the exploit to work.
The researchers later shared more technical details about the exploit chain.. They describe it as a “data-only kernel local privilege escalation chain” targeting macOS 26.4.1 running on Apple M5 hardware with Apple’s Memory Integrity Enforcement protections enabled.. In their account. the chain begins from an unprivileged local user account and escalates to a root shell using standard system calls. two vulnerabilities. and several exploit techniques.
They also say the chain was developed in roughly five days after bugs were identified in late April.. The exploit is framed around Apple’s Memory Integrity Enforcement. or MIE. a hardware-assisted mitigation built around ARM’s Memory Tagging Extension technology.. Apple introduced MIE to make memory corruption exploits harder to execute on modern Macs and on future Apple Silicon devices. aiming to enforce stricter memory protections at the hardware level and reduce the reliability of attacks.
The researchers claim their exploit chain survived MIE protections on bare-metal M5 hardware with kernel MIE enabled. calling it the first public macOS kernel memory corruption exploit demonstrated against Apple’s new MIE hardware protections.. Apple hasn’t independently confirmed those claims and has not said whether it has patched the vulnerabilities involved.
Researchers involved in the project also say Mythos didn’t independently develop the exploit chain.. Human researchers worked alongside the AI system throughout vulnerability discovery and exploit development.. Mythos. they say. helped identify known bug classes and accelerate parts of the process. but the team hasn’t released the vulnerabilities. exploit code. or a full technical report because Apple is still reviewing the findings.
Still, Anthropic’s intentions are part of the story too. The company says Mythos is meant to be used for good, pointing to Project Glasswing—launched so Mythos can help identify security flaws that can then be addressed.
Anthropic Mythos Claude macOS security Memory Integrity Enforcement MIE Apple M5 kernel exploit cybersecurity Project Glasswing