Security researchers at Calif, a Palo Alto-based cybersecurity firm, used an early version of Anthropic's Mythos AI to discover a new way to circumvent Apple's most advanced macOS security protections, The Wall Street Journal reported Thursday.

The exploit chains together two bugs and several techniques to corrupt a Mac's memory, then gain access to parts of the system that should be locked down. It is a privilege escalation exploit. If combined with other attack methods, a hacker could use it to seize control of the entire machine.

According to AppleInsider, the attack is the first public macOS kernel memory corruption exploit demonstrated against Apple's new MIE (Memory Integrity Extensions) hardware protections on M5 chips. Apple has not independently confirmed that claim.

A 55-Page Report, Hand-Delivered to Cupertino

Calif's team assembled a 55-page report and delivered it in person to Apple in Cupertino. An Apple spokesperson told the WSJ: "Security is our top priority, and we take reports of potential vulnerabilities very seriously." Apple is currently reviewing the report to validate the findings.

Calif CEO Thai Dong told the WSJ the attack "couldn't have been pulled off by Mythos alone" and leveraged the "very human cybersecurity expertise" of the firm's hackers. The full technical details will be released after Apple patches the underlying issues. Dong said he expects fixes to come "pretty quickly."

Project Glasswing in Action

Calif gained access to Mythos through Project Glasswing, the controlled initiative Anthropic launched to give select partners access to the model for defensive cybersecurity purposes. Apple, Microsoft, and Google are all Glasswing partners. Anthropic restricted access to Mythos rather than releasing it publicly after internal testing suggested the model could autonomously identify and exploit software vulnerabilities at a level beyond any previous public AI system.

The macOS finding is not an isolated case. MacDailyNews reported that Mythos has identified thousands of high-severity vulnerabilities across major operating systems and browsers. The Wall Street Journal's report specifically notes the researchers found the techniques during testing in April.

The Bigger Picture

This validates exactly the scenario Anthropic described when it launched Glasswing: AI models powerful enough to find zero-day vulnerabilities that human teams would miss or take months to discover. The question was always whether the defensive use case would outrun the offensive risk. Right now, with Mythos behind a wall and Calif delivering 55-page reports to Apple's security team, the answer looks cautiously positive.

But the window matters. Palo Alto Networks CTO Lee Klarich warned just last week that AI-driven cyberattacks will be the "new norm" within months. Every vulnerability Glasswing finds defensively is one that an adversary with a capable model could also find offensively. The race is live.

First reported by The Wall Street Journal (Robert McMillan). Additional reporting by 9to5Mac, AppleInsider, Decrypt, and MacDailyNews.