A cybersecurity team says it used Anthropic’s Mythos model to find two dangerous macOS flaws and build a working root exploit in five days, punching through Apple’s new memory defense before the company had even finished bragging about it. Apple has acknowledged the report, but the researchers are holding back technical details so the fix can land first.
The target is Memory Integrity Enforcement, or MIE, Apple’s hardware-backed memory safety system that was introduced last year and later extended to Macs with M5 chips. Apple says MIE builds on Arm’s Memory Tagging Extension, which tags chunks of memory with secret keys so mismatched accesses trigger a crash instead of a silent exploit. That is the sort of defense that usually forces attackers to burn more time, more money, and more patience than they like.
But Calif, the research group behind the demo, says Mythos helped it move fast once the team found the right class of bugs. One member found the initial errors on April 25, another joined on April 27, and by May 1 the group says it had a working chain that starts from an unprivileged local user, relies on ordinary system calls, and ends with a root shell on macOS 26.4.1 (25E253).
How Mythos sped up the root exploit
The interesting part is not that AI found bugs; that has become almost mundane. The real twist is that a model trained on one vulnerability class can generalize to adjacent weaknesses quickly enough to turn a weeks-long hunt into a five-day sprint. That’s bad news for defenders who still hope shiny new hardware tricks alone will buy them time.
Calif says Mythos was especially helpful once human researchers had framed the problem. In other words, the model did not replace expertise; it multiplied it. That aligns with a wider pattern in security research: AI is proving best at pattern matching, triage, and dead-end elimination, while humans still steer the attack and decide when a weird edge case is actually the good stuff.
Why Apple’s MIE defense still drew fire
Apple’s pitch around MIE is straightforward: make memory corruption much harder to weaponize by catching bad access at the hardware level. The company has already deployed it on iPhone 17, iPhone Air, and Macs with M5 chips, which makes the Calif result awkward for Apple even if the exploit is not being published in full. Security teams love to say a defense is ”best in class” right up until someone proves it has seams.
The researchers also say they took the findings directly to Apple Park. That’s the sensible play, and the restrained one: publish too early and you hand attackers a blueprint; wait, and you give defenders a patch window. Expect Apple to tighten the screws quickly, because a public demonstration that reaches root on the company’s newest protection layer is the sort of headline nobody in Cupertino wants twice.
The open question is whether this was a one-off win against a new defense, or a preview of how AI-assisted security research will now operate: faster, cheaper, and far less forgiving of hardware assurances. If Mythos can help crack one flagship protection scheme in under a week, vendors will need to assume their next ”unbreakable” feature is already being tested somewhere by a model and a very caffeinated human.