Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security

Discover more Ransomware recovery kits software Antivirus & Malware HomeCyber Security News Anthropic’s Mythos AI Reportedly Found macOS Vulnerabilities that Could Bypass Apple Security By Guru Baran May 14, 2026 Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an early version of Anthropic’s secretive Mythos AI model to uncover two previously undocumented vulnerabilities in Apple’s macOS. The bugs were chained together into a privilege escalation exploit capable of bypassing Apple’s state-of-the-art memory integrity enforcement, granting unauthorized access to parts of the system that are supposed to be completely off-limits. Apple is now reviewing a 55-page report from Calif, with patches expected once findings are validated. Mythos AI Found macOS Vulnerabilities Discovered during testing sessions in April, the exploit combines two macOS bugs alongside several advanced techniques to corrupt the Mac’s memory, ultimately breaking into restricted system areas that normal processes cannot reach. According to The Wall Street Journal, if the privilege escalation exploit were chained with additional attacks, it could enable a malicious actor to seize full control of the targeted Mac. Calif’s researchers wrote custom software that links the two vulnerabilities together, producing an attack vector that macOS has never encountered in this form before. Importantly, this is not a remotely deployable worm; the exploit still requires significant human expertise layered on top of what Mythos produced. Calif CEO Thai Dong acknowledged as much, stating the attack “couldn’t have been pulled off by Mythos alone and leveraged the very human cybersecurity expertise of some of Calif’s hackers.” Anthropic’s Mythos, formerly known as the Claude Mythos Preview, has been deliberately kept from public release due to its extraordinary and potentially dangerous capabilities for identifying software vulnerabilities. The model is part of Anthropic’s broader Project Glasswing initiative, which grants approximately 40 select organizations, including Apple, Google, and Microsoft, controlled access to Mythos for defensive security research. Anthropic has committed up to $100 million in usage credits to support the collaborative effort. Mythos has already demonstrated its potential: prior to the macOS discovery, the model reportedly uncovered a bug in OpenBSD that had gone undetected for 27 years and identified vulnerabilities in Linux that could hijack machines. Engineers at Anthropic have explicitly warned that the model’s proficiency in surfacing security flaws is too significant to be released without strict guardrails. Calif researchers were so confident in their findings that they traveled in person to Apple’s headquarters in Cupertino to deliver the 55-page technical report directly. An Apple spokesperson responded to The Wall Street Journal, stating: “Security is our top priority, and we take reports of potential vulnerabilities very seriously.” Apple has not confirmed whether it has begun patching the reported vulnerabilities, but Calif CEO Thai Dong told the WSJ he believes “the bugs will likely be fixed pretty quickly.” Full technical details of Calif’s discoveries will not be released publicly until Apple has addressed the underlying issues. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Microsoft Teams Vulnerability Allows Hackers to Perform Spoofing Attacks Fake Moustache Bypasses Age Verification System Raising Online Safety Act Concerns Microsoft Research Shows AI Can Generate Realistic Command Lines and Process Telemetry New PamDOORa Backdoor Attacking Linux Systems to Steal SSH Credentials Google Enhances Android Mobile Security with New AI-Powered Protections Latest News Cyber Security News Critical Canon MailSuite Vulnerability Enables Remote Code Execution Attacks Cyber Security News TeamPCP and BreachForums Hackers Running $1,000 Contest for Supply Chain Attacks Cyber Security News Amazon Quick Bug Exposed AI Chat Agents to Users Blocked by Custom Permissions Cyber Security News New Critical Exim Mailer Allows Remote Attacker to Execute Arbitrary Code Cyber Security News Dell Support assist Updates Forces Windows Systems to BSOD Loop