Security Firm: AI Preview Assisted M5 macOS Exploit

Calif, a Vietnam-based security startup, reports it used a preview of Anthropic’s Claude Mythos to help develop a macOS kernel exploit that bypasses Apple M5’s Memory Integrity Enforcement (MIE) and escalates an unprivileged local account to root on macOS 26.

The company published a technical summary stating researchers found relevant bugs on April 25 and produced a working exploit by May 1. Calif describes the result as the first publicly demonstrated kernel memory corruption exploit that can survive MIE on M5 hardware.

Calif says the attack begins from an unprivileged local account on an M5 Mac running macOS 26. The chain combines two distinct vulnerabilities with additional techniques specific to bare-metal M5 hardware and kernel MIE enabled. The exploit uses standard system calls to move from a local user to root and includes steps intended to pass the memory-tagging checks that MIE performs.

Calif reported the findings to Apple in person at the company’s California headquarters and provided a live demonstration. The company wrote it chose an in-person meeting rather than submitting only an automated bug report to avoid the volume of automated reports Apple receives.

Calif credited a preview release of Anthropic’s Claude Mythos with helping to identify the vulnerabilities and assisting during exploit development, while adding that human researchers were required to assemble the final bypass. The company wrote that Mythos Preview “helped identify the vulnerabilities and assist throughout exploit development,” and said pairing the model with experts accelerated the work.

Calif also described the effort as a test of combining advanced analysis tools with skilled researchers. The company wrote, “Landing a kernel memory corruption exploit against the best protections in a week is noteworthy, and says something strong about this pairing.”

MIE uses memory-tagging technology, which attaches tags to memory regions and checks them at runtime to detect and block certain memory corruption errors. Calif’s technical summary states the exploit chain includes methods intended to survive those tag checks on M5 hardware.

Anthropic released a preview of Claude Mythos in April and restricted access to selected companies, banks and researchers under a program called Project Glasswing. Calif’s report notes internal and controlled evaluations of Mythos have found it capable of identifying large numbers of software flaws and completing complex simulated attack tasks; internal testing by some users identified hundreds of browser vulnerabilities that were later patched.

Apple has not issued a public response to Calif’s disclosure. Calif said it shared technical details with Apple during the meeting but did not include Apple’s reply or planned fixes in its public write-up.

The report documents the timeline, technical targets and the role of an AI preview in vulnerability discovery without presenting mitigation timelines from Apple. The company provided code-level details in its technical report and the demonstration to Apple but limited additional public disclosure in the initial post.