Anthropic Mythos helped Calif build a macOS exploit in five days

May 15, 2026 admin

The team behind the first public macOS kernel memory corruption exploit on M5 silicon has shared fresh details on how Mythos Preview helped bypass a five-year Apple security effort in five days.

A bit of technical background

Last year, Apple introduced Memory Integrity Enforcement (MIE), a hardware-assisted memory safety system designed to make memory corruption exploits much harder to execute.

As Apple explained, MIE is basically built on Arm’s Memory Tagging Extension (MTE), which is a 2019 specification that works “as a tool for hardware to help find memory corruption bugs.”

Here’s Apple:

MTE is, at its core, a memory tagging and tag-checking system, where every memory allocation is tagged with a secret; the hardware guarantees that later requests to access memory are granted only if the request contains the correct secret. If the secrets don’t match, the app crashes, and the event is logged. This allows developers to identify memory corruption bugs immediately as they occur.

The problem is that Apple found that MTE wasn’t robust enough under certain circumstances, so it developed MIE and built it “into Apple hardware and software in all models of iPhone 17 and iPhone Air.”

To sum up, MIE is Apple’s hardware-assisted memory safety system. It is built on Arm’s MTE specification and uses the chip itself to help detect and block certain memory corruption attacks before they can be exploited.

You can learn more about MIE here.

Enter, the Calif team

Earlier today, The Wall Street Journal reported on the fact that security researchers at Calif had used Anthropic’s Mythos Preview model to expose a new macOS security vulnerability by linking together “two bugs and a handful of techniques to corrupt the Mac’s memory and then gain access to parts of the device that should be inaccessible.”

Now, the team behind the exploit has shared a few extra details on how they did it, including a 20-second video of the kernel memory corruption exploit in action.

In the post, they note that while Apple has focused most of its MIE efforts on iOS, the company has recently brought it to MacBooks as well with the M5 chip.

Here’s Calif:

Apple spent five years building [MIE]. Probably billions of dollars too. According to their research, MIE disrupts every public exploit chain against modern iOS, including the recently leaked Coruna and Darksword exploit kits.

Then, they comment on how they broke MIE on the M5 in just five days:

Our macOS attack path was actually an accidental discovery. Bruce Dang found the bugs on April 25th. Dion Blazakis joined Calif on April 27th. Josh Maine built the tooling, and by May 1st we had a working exploit.

The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled.

They explain they have a 55-page technical report on the hack, but they won’t release it until Apple ships a fix for the exploit.

But they do note in broad terms that Anthropic’s Mythos Preview model helped them identify the bugs and assisted them throughout the entire collaborative exploit development process:

Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class. Mythos discovered the bugs quickly because they belong to known bug classes. But MIE is a new best-in-class mitigation, so autonomously bypassing it can be tricky. This is where human expertise comes in.

Part of our motivation was to test what’s possible when the best models are paired with experts. Landing a kernel memory corruption exploit against the best protections in a week is noteworthy, and says something strong about this pairing.

In the post, they also mention that this discovery earned them a visit to Apple Park, where they shared their vulnerability research report with Apple directly.

They also noted that Apple’s MIE, like most security mitigations currently in use, was built “in a world before Mythos Preview,” adding that in a time when even small teams, with the help of AI, can make discoveries such as this one, “we’re about to learn how the best mitigation technology on Earth holds up during the first AI bugmageddon.”

To read Calif’s full post, follow this link.