Anthropic’s Mythos AI helped indie hackers bypass Apple’s Memory Integrity Enforcement, a hardware security system used in the M5 processors that power the latest MacBook Pros.
Apple spent five years developing MIE, but the hacking team at Calif, a small security startup based in Palo Alto, California, said it used Mythos Preview to find bugs in the M5 chip — and built a working exploit in just five days.
Apple’s most secure security system meets AI
Apple’s efforts to make the Mac virtually invulnerable to cyberattacks utilize custom silicon, memory protections and other methods to make the computers secure. However, the arrival of agentic AI is rapidly changing the rules of the cybersecurity arms race.
An alarming example: Anthropic’s Mythos AI helped researchers uncover and weaponize a privilege-escalation exploit against Apple’s latest M5-powered Macs in less than a week, something that once would have taken elite hackers months to accomplish.
The episode underscores a growing fear inside Silicon Valley. The same AI systems being built to defend software may also supercharge the discovery of the vulnerabilities that break it.
What Apple’s Memory Integrity Enforcement does
Apple’s Memory Integrity Enforcement works by tagging every memory allocation with a secret code. If anything attempts to access this part of the memory without the right tag, the hardware will block it and log an event.
Apple implemented its MIE system in the iPhone 17 as well as its M5 chips. The company’s own research suggests that MIE can disrupt every publicly known exploit chain, including the newly leaked Coruna and Darksword exploit kits.
Researchers at Apple spent five years building MIE. And a three-person team at Calif broke it in just five days.
Calif says the exploit is a data-only kernel local escalation chain targeting macOS 26.4.1. In other words, it starts with a normal user account and ends up giving the attacker full control of the machine.
Using a combination of two exploits and numerous evasion techniques, the attack works even when MIE is active. Calif released a 20-second proof-of-concept video late last week to show that the exploit works.
Here’s the video:
Anthropic’s Mythos didn’t just assist; it helped build the exploit
Anthropic’s Mythos Preview model played an active role in the process, according to Calif. It spotted bugs and even collaborated on exploit development from start to finish.
“Mythos Preview is powerful,” wrote Calif’s researchers on the company’s blog. “Once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class.”
The model quickly identified security loopholes because they belonged to a class Mythos previously mapped.
Still, bypassing Apple’s MIE wasn’t possible without human intervention. While AI did the pattern recognition at speed, humans provided the judgment.
Calif says a part of its motivation was to discover what AI and humans could achieve together. Maybe now they know.
Apple knows this is a big deal
“Security is our top priority, and we take reports of potential vulnerabilities very seriously,” an Apple spokeswoman told The Wall Street Journal, which reported on Calif’s work.
In a blog post, Calif said it went to an in-person meeting with Apple early last week. That suggests Apple is looking to fix the problem with the utmost urgency.
The Palo Alto startup says it will publish a 55-page technical report after Apple starts rolling out a fix for the exploit. But as of now, no patch has been released.
Last month, Anthropic released the preview version of Mythos after tests showed the model could identify and exploit security vulnerabilities better than most public AI systems.
But instead of making it available to everyone, Anthropic restricted access to a handful of companies and researchers participating in the Project Glasswing initiative. Anthropic launched Project Glasswing to give cybersecurity experts a new way to collaborate. It gives researchers early access to Claude Mythos Preview to help them identify (and hopefully patch) critical software vulnerabilities.
While companies like OpenAI are launching similar initiatives, Calif’s work points at something bigger. The Palo Alto-based startup says Apple’s MIE was built “in a world before Mythos Preview.”
Calif’s work illustrates how AI can have a gigantic impact on cybersecurity, for good or ill.
“We’re about to learn how the best mitigation technology on Earth holds up during the first AI bugmageddon,” Calif wrote.
Anurag Chawake is a tech-focused writer specializing in smartphones, apps and consumer technology. His interest in computers began during the Windows 98 era, eventually leading him to explore everything from operating systems to mobile devices and PC hardware. Anurag previously contributed to The Indian Express, covering Apple, Android, gaming and the broader technology landscape.
