9to5mac.com web signal

Anthropic Mythos cracks macOS M5 kernel in five days

anthropic apple cybersecurity ai-security apple anthropic cybersecurity

Key insights

  • Calif completed a working root-shell macOS M5 kernel exploit in five days using Anthropic's Mythos Preview model.
  • The data-only exploit chain bypasses Memory Integrity Enforcement using only standard unprivileged system calls on macOS 26.4.1.
  • Mythos generalized across the entire underlying bug class once trained on a single instance, multiplying potential attack vectors.

Why this matters

Exploit timelines measured in days rather than weeks change how Apple and enterprise security teams must staff and respond to kernel vulnerability disclosures. The generalization capability Mythos demonstrated means a single discovered bug instance can automatically expand into a full bug class attack surface, removing one of the traditional friction points in offensive research. For AI practitioners and founders building on frontier models, this is the clearest public evidence that current-generation AI is already enabling asymmetric security capabilities that outpace what most defensive programs are resourced to match.

Summary

Calif Security used Anthropic's Mythos Preview to build the first publicly disclosed macOS kernel exploit on Apple M5 silicon, completing a working root-shell payload in five days after finding the underlying bugs on April 25. The exploit is a data-only privilege escalation that bypasses Memory Integrity Enforcement, a control Apple spent five years developing, using only standard unprivileged system calls on macOS 26.4.1. Researchers disclosed to Apple in person at Cupertino before publishing. No patch exists yet. Essentially: (Calif, Anthropic) demonstrated that AI-assisted research can collapse exploit development timelines from weeks to days. - Mythos generalized across the full bug class after training on just the first instance, automatically expanding the attack surface beyond the initial finding. - The chain requires no special privileges, making it accessible to any local attacker on an unpatched M5 Mac. - Apple has no public fix as of publication, and the entire bug class remains open. The five-day timeline isn't an outlier to be explained away; it's the new baseline that defensive security programs have to plan around.

Potential risks and opportunities

Risks

  • Apple faces enterprise Mac fleet security audits and compliance findings if no patch ships within 30 days of the May 14 disclosure, particularly among financial services and defense contractor M5 deployments
  • Mythos's automatic bug-class generalization capability could enable less sophisticated actors to replicate the attack family if Calif's full technical writeup becomes widely available before a patch ships
  • macOS-dependent SaaS and security vendors whose products run privileged local agents on M5 hardware face unpatched local privilege escalation exposure with no vendor-supplied mitigation path through at least late May 2026

Opportunities

  • Endpoint detection vendors (CrowdStrike, SentinelOne, Jamf) can ship interim behavioral detection rules targeting the specific unprivileged syscall patterns Calif documented before Apple patches
  • Anthropic has an opening to formalize a responsible disclosure protocol and tiered access program for Mythos Preview in security research contexts, differentiating itself from competitors before a similar incident occurs with a less cooperative team
  • Apple's Platform Security team and third-party macOS security toolmakers (Objective-See, Kandji) gain near-term enterprise consulting and tooling revenue as organizations seek detection guidance ahead of an Apple patch

What we don't know yet

  • Whether Apple has a patch timeline or interim mitigation for M5 users on macOS 26.4.1 following the in-person Cupertino briefing on or around May 14
  • Whether Anthropic imposes access controls or vetting requirements on Mythos Preview for security-sensitive research use cases, and whether those controls existed when Calif conducted this work
  • How many additional instances within the generalized bug class Mythos identified that Calif has not yet publicly disclosed

Originally reported by 9to5mac.com

Read the original article →

Original headline: Calif Security Team Uses Anthropic Mythos Preview to Build First Public macOS M5 Kernel Exploit in Five Days, Bypassing Memory Integrity Enforcement