Anthropic Mythos successfully bypassed Apple’s MacOS security protection system in five days, triggering an Apple cybersecurity alert

US cybersecurity research company Calif researchers on the 15th confirmed that Anthropic’s not-yet-public AI model Mythos can bypass Apple’s macOS security mechanisms in unprecedented ways, successfully compromising Mac systems, drawing intense global attention to how AI technology could be used for cyberattacks.

What is Mythos? The powerful AI model Anthropic dares not to disclose

Mythos is an early version of Anthropic’s next-generation Claude AI model series and is not yet open to the public. At the time, Anthropic engineers said Mythos is exceptionally strong at identifying software security vulnerabilities—capable of exploiting weaknesses in “all mainstream operating systems and web browsers”—and could potentially trigger large-scale cyberattacks, so it was temporarily sealed within internal testing environments.

(Anthropic Mythos is too powerful! The White House is considering requiring new AI models to pass government security reviews before release)

Despite this, Mythos’ capabilities have already been validated through a real-world penetration test. Recently, it successfully broke through macOS’ multi-layer security defenses and infiltrated Mac systems that were previously believed to be rock-solid.

Cracking process took only five days! “Chained attack” method breaks Apple’s MIE defense line

The Wall Street Journal reported that this intrusion was led by Calif, a cybersecurity research organization based in Palo Alto, California, working alongside Mythos’ analysis capabilities and assisting from the side. The researchers started from a local account with no special privileges, used two separate program errors in macOS combined with multiple exploitation techniques, chained them into a complete attack chain, and ultimately obtained root access with the highest system privileges.

The most critical breakthrough in the attack was successfully bypassing Apple’s “memory integrity enforcement system (MIE).” As a protection mechanism built by Apple based on ARM hardware technology, it can effectively block memory from being attacked and is regarded as one of the toughest security defenses on Apple devices.

The research team claims this is also the first publicly documented “chained exploit” attack chain in history that can break through MIE protection on real devices equipped with M5 chips. What is worrying is that from discovering the vulnerabilities to completing the entire attack chain took only about five days.

Calif: AI isn’t all-powerful—human-machine collaboration is the key

However, Calif researchers emphasized in their report that although Mythos demonstrates astonishing vulnerability-hunting capabilities, without professional hackers synchronizing and coordinating operations, the intrusion would not have been possible. Therefore, Mythos acts more like a “powerful assistant tool” throughout the process rather than an entirely autonomous attack system.

As of now, Apple has not responded to the matter and has not been able to determine whether patches have already been released for the vulnerabilities exploited by Mythos.

Anthropic’s original intent: making AI a cybersecurity defense weapon

Anthropic emphasized that Mythos was not developed for malicious attacks, but to be used as an active defense tool. To that end, Anthropic launched the “Project Glasswing” initiative, aiming to authorize Mythos to help multiple parties identify system security vulnerabilities so they can be fixed before being discovered by malicious hackers.

However, this incident also reveals the double-edged nature of AI technology: the same powerful model can become a capable assistant for cyber defense, and under certain conditions it may also become a threat tool for cracking top-tier operating systems. As AI capabilities continue to improve, cybersecurity protection across all fronts has become an urgent priority.

This article first appeared on ChainNews ABMedia with the headline: Anthropic Mythos successfully breaks macOS security defenses in five days; Apple security alert raised.