Myth: macOS vulnerabilities discovered with AI Apfelpatient

Security researchers have used an early version of Anthropic's secret AI model Mythos to find a new method of bypassing Apple's protection mechanisms in macOS. Apple is currently reviewing the findings – and is getting its first concrete impression of what Mythos can deliver in the hands of ambitious security teams.

The matter is highly sensitive: Since its introduction, Mythos has been considered one of the most powerful AI models for security research – which is precisely why Anthropic strictly controls access to it. The fact that the system is now being used not only in research labs but on real Apple vulnerabilities fits into the picture that became clear with the joint cybersecurity project between Apple and Anthropic: AI models are taking on a growing share of vulnerability research – and Apple is one of the primary targets of this work.

What the Researchers Actually Discovered

The team at the California-based security company Calif – headquartered in Palo Alto – worked with an early version of Mythos in April and developed a piece of software that combines two bugs with a series of technical methods. The goal: to deliberately corrupt a Mac's memory and then access system areas that are normally locked (via WSJ).

The result is what's known as a privilege escalation exploit – a vulnerability in which an attacker illegitimately expands their rights on the target system. Combined with other attacks, such an exploit could be used to take full control of a Mac. The researchers compiled their findings in a 55-page report and delivered it to Apple in person in Cupertino.

What Apple Says

Apple has confirmed receipt of the report and is currently reviewing the findings. An Apple spokesperson told the Wall Street Journal that security is the company's top priority and that reports of potential vulnerabilities are taken seriously. Apple has not yet provided a technical assessment of whether the vulnerabilities described in the Calif report are actually suitable for real-world attacks.

Calif itself is holding back details of the approach for now. Only once Apple has fixed the underlying issues does the company plan to release more detailed information. Calif CEO Thai Duong expects Apple to close the flaws relatively quickly – an indication that the identified weak points appear serious but technically manageable.

Mythos Alone Wouldn't Have Made the Attack Possible

An important piece of context comes from Calif CEO Duong himself: The attack would not have been possible through Mythos alone, but also required the human cybersecurity expertise of several Calif employees. This is a relevant nuance in a debate where AI models are often portrayed as either miracle cures or threats. The actual insight lies in the combination: Mythos helps researchers form hypotheses faster and systematically search larger codebases – but assessing whether a bug is actually exploitable remains the task of human experts.

Why Mythos Is So Controversial

Anthropic introduced Mythos in April 2026 and deliberately granted access only to a tightly limited group of external researchers. The reasoning: The model's vulnerability research capabilities could cause massive damage in the wrong hands. This very risk was publicly discussed just a few weeks later, when it emerged that unauthorized parties allegedly gained access to Mythos – an incident that put Anthropic on the defensive and was also closely followed in Cupertino.

At the same time, Mythos has long been a tool for U.S. agencies: The NSA uses the model for cyber defense despite the publicly known dispute with the Pentagon. The Calif researchers operate in precisely this field of tension: between responsible security research and a tool whose distribution Anthropic actually wants to strictly contain.

What This Means for Apple

For Apple, the case shows what's becoming standard in the AI-driven security era: AI models find vulnerabilities that human researchers alone probably wouldn't have discovered – or at least not as quickly. Apple's patch cycles with regular security updates for iOS, macOS, and Safari are not becoming obsolete as a result – on the contrary, they're becoming more important, because the frequency of discovered vulnerabilities is likely to continue rising with every AI leap forward.

The fact that Calif delivered the report in person in Cupertino rather than through public coordinated disclosure platforms also shows the close relationship that professional security researchers maintain with Apple's Product Security team. Apple, in turn, benefits from the advance notice – the vulnerabilities can be closed before details become public.

A New Phase of Apple Security Research

What Calif is demonstrating with Mythos is foreseeably only the beginning. The more research teams gain access to corresponding AI models, the more often large platform providers like Apple are likely to be confronted with complex, AI-assisted exploit chains. For macOS users, this primarily means one thing: installing security updates promptly as soon as Apple rolls them out. Which specific patches in the coming weeks will be related to the findings documented here remains Apple's matter for now – but the signs suggest that the next macOS security round could turn out to be more extensive than usual.

Further protection guides on Apple security, AI-powered attacks, and macOS threats appear regularly in our cybersecurity series, which breaks down Apple-specific topics step by step.

AI Is Changing the Security Game – and Apple Sits in the Front Row

What was previously considered a theoretical risk has become concrete with the Calif report: AI models find gaps in systems like macOS that are harder to uncover through classical research. Apple addressed the issue early on with the Anthropic cooperation – and now stands on both sides simultaneously: as a platform provider that has to secure its software, and as a partner in an AI strategy that helps shape the very tools used to track down its vulnerabilities. (Image: Shutterstock / R.bussarin)