Anthropic’s unreleased Mythos AI model successfully breached macOS security by chaining two memory corruption vulnerabilities, bypassing Apple’s hardware-level Memory Integrity Enforcement (MIE) protections—a feat never publicly demonstrated before.
Breakthrough Exploit Chain Targets M5 Hardware
The exploit, described as a “data-only kernel local privilege escalation chain,” targeted macOS 26.4.1 running on Apple M5 hardware with MIE enabled. Researchers from a Palo Alto-based security firm developed the chain in approximately five days after identifying the bugs in late April.
Mythos did not operate autonomously. Human researchers worked alongside the AI to identify known bug classes and accelerate exploit development. The team emphasized that without their direct involvement, the attack would not have been possible.
MIE Bypass Marks First Public Demonstration
Apple’s MIE system, built on ARM’s Memory Tagging Extension technology, is designed to make memory corruption exploits harder by enforcing strict protections at the hardware level. The researchers claim their exploit chain survived MIE protections on bare-metal M5 hardware with kernel MIE enabled.
This marks the first public demonstration of a macOS kernel memory corruption exploit against Apple’s new MIE hardware mitigations. Apple has not independently confirmed the claims or disclosed whether it has patched the vulnerabilities involved.
Apple Reviewing Findings, Patches Unclear
An Apple spokesperson told The Wall Street Journal that the company is “reviewing and validating” the security team’s findings, adding that “security is our top priority.” However, Apple has not stated whether the bugs used in the attack have been addressed.
The researchers have not released the vulnerabilities, exploit code, or full technical report pending Apple’s review. Details are expected to remain limited until Apple resolves the security flaws that were leveraged.
Anthropic’s Dual-Use Dilemma
Anthropic has warned that Mythos is too effective at finding security exploits to release publicly. The company launched Project Glasswing to use the model ethically—identifying vulnerabilities so they can be patched before malicious actors exploit them.
The research underscores a growing tension in enterprise security: as AI models become more capable at discovering zero-day exploits, the line between defensive tool and offensive weapon narrows. For Apple, the implication is clear—hardware-level mitigations like MIE, while significant, are not impenetrable, and the arms race between AI-driven vulnerability discovery and platform hardening is accelerating.
— Originally reported by AppleInsider. Adapted and republished with editorial context for MacThreat.
