Researchers using Anthropic’s unreleased AI model, Mythos Preview, traveled to Apple Park in California earlier this week to hand-deliver a report detailing how they had cracked one of the company’s toughest new security features designed to prevent hackers from taking over modern Macs.
Bruce Dang and Dion Blazakis, two engineers from security firm Calif, claim to have discovered the first public exploit capable of bypassing Apple’s latest memory protection technology on M5-powered Macs.
The duo said they chose to deliver the findings in person rather than risk “getting buried in the submission flood,” according to a blog post published on Wednesday.
“Most respected hackers avoid human interaction whenever possible, so this physical strategy may give us a slight edge in the eternal race for five minutes of fame and glory on Twitter,” they said.
Exploit targets macOS kernel memory corruption
The report, which has not yet been fully released, details a macOS kernel memory corruption exploit targeting Apple’s new Memory Integrity Enforcement (MIE) system – a hardware-backed security feature introduced with the M5 and A19 chips to make sophisticated hacking techniques harder.
Apple designed MIE to prevent memory corruption attacks, a common class of vulnerabilities that can be used to gain control of devices.
As the researchers point out in a blog published on Thursday, it’s exactly these kinds of mitigation techniques that lead security experts to consider Apple devices to be the most secure consumer platform.”
The system works by attaching security “tags” to memory and checking whether software is accessing the correct region. If the tags do not match, the attack is supposed to fail before it can progress.
Calif claims its exploit chain still bypasses those protections.
The pair say the exploit targets macOS 26.4.1 running on M5 hardware with MIE enabled.
The attack reportedly begins from a normal user account and escalates privileges to root access, potentially giving an attacker full control over the machine.
The exploit is not remotely deployable and would still require local access to the targeted Mac, as well as advanced technical expertise.
Mythos finds macOS flaw in under a week
Calif claims that the exploit was developed in less than a week with assistance from Mythos Preview, Anthropic’s experimental AI model designed for vulnerability research. As the pair detail in their blog:
“Bruce Dang found the bugs on April 25th. Dion Blazakis joined Calif on April 27th. Josh Maine built the tooling, and by May 1st, we had a working exploit.”
Released earlier in April, Anthropic has said that Mythos won’t be released to the general public and is instead being trialed by an exclusive group of companies in an initiative dubbed “Project Glasswing.”
Calif’s parent company, Palo Alto Networks, is one among a handful of exclusive tech big tech firms, security companies, and financial institutions involved in what some have called “the Manhattan Project for AI.”
Humans still needed, but it saves time
In the case of the Mac exploit, the researchers say “Mythos Preview helped identify the bugs and assisted throughout exploit development,” while also acknowledging that experienced human researchers were necessary to complete the attack chain.
"Mythos discovered the bugs quickly because they belong to known bug classes. But MIE is a new best-in-class mitigation, so autonomously bypassing it can be tricky. This is where human expertise comes in.”
Calif engineers Bruce Dang and Dion Blazakis
The researchers say the exploit combines two vulnerabilities and several advanced techniques into what they describe as “the first public macOS kernel exploit on MIE hardware.”
Calif says it will publish the full 55-page report once Apple has issued a fix.
Has your password leaked?
This kind of kernel exploit against Apple silicon devices is widely considered one of the most technically difficult areas in cybersecurity, often requiring weeks or months of work by highly specialized researchers.
Apple has not publicly confirmed whether fixes are already in development. In a statement provided to the Wall Street Journal, the company said: “Security is our top priority, and we take reports of potential vulnerabilities very seriously.”
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked