LLM-Assisted Exploit: Anthropic's Mythos Preview Helped Build First Public macOS Kernel Exploit on Apple M5 in Five Days
Security firm Calif has published a writeup detailing how Anthropic's Mythos Preview helped them build the first public macOS kernel memory corruption exploit on Apple's M5 silicon—in just five days. The exploit targets macOS 26.4.1 on bare-metal M5 with kernel Memory Integrity Enforcement (MIE) enabled.
Key Details
- Exploit type: Data-only kernel local privilege escalation (LPE)
- Target: macOS 26.4.1 on Apple M5, with kernel MIE enabled
- Timeline: Bruce Dang found the bugs April 25, Dion Blazakis joined April 27, Josh Maine built tooling, working exploit by May 1 — five days total
- Apple's MIE: Five years of hardware and software development to prevent memory corruption exploits; bypassed in five days with LLM assistance
- Mythos Preview generalizes: Once it learned the bug class, it found similar bugs on entirely new hardware targets
Calif's writeup states: "Apple spent five years building hardware and software to make memory corruption exploits dramatically harder. Our engineers, working together with Mythos Preview, built a working exploit in five days." They also note: "Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class."
According to Hacker News comments, Mythos Preview is not publicly available; it is restricted to trusted organizations under what is being called "Project Glasswing." Calif appears to be one of the trusted testers, having previously done pentesting for Anthropic. Apple has received the full report (laser printed, delivered in person at Apple Park). Technical details will be released after Apple ships a fix.
This event marks a significant milestone in using LLM-assisted tooling for offensive security research, demonstrating that AI can accelerate exploit development against modern hardware defenses. For developers and security researchers, it underscores the need to reevaluate trust assumptions even in hardware-backed security mechanisms.
📖 Read the full source: r/ClaudeAI
👀 See Also
Two Approaches to Reduce Data Leak Risk with AI Agents
A Reddit post outlines two methods for developers to control where their AI agent data goes: using your own API keys directly with providers like OpenAI or Anthropic to cut out middlemen, or running open-source models locally with tools like Ollama and OpenClaw.
AI Chatbots Leaking Real Phone Numbers: The PII Exposure Problem
Chatbots like Gemini, ChatGPT, and Claude are exposing real personal phone numbers due to PII in training data. DeleteMe reports a 400% increase in AI-related privacy requests in seven months.
AI Agent Security: Beyond Jailbreaks to Tool Misuse and Prompt Injection
AI agents that browse the web, execute commands, and trigger workflows face security risks from prompt injection and tool misuse, where untrusted content redirects legitimate tools like shell execution and HTTP requests.
Security vulnerabilities exposed in Lovable-showcased EdTech app
A security researcher found 16 vulnerabilities in a Lovable-showcased EdTech app, including critical auth logic flaws that exposed 18,697 user records without authentication. The app had 100K+ views on Lovable's showcase and real users from UC Berkeley, UC Davis, and schools worldwide.