Anthropic developed an AI system so skilled at uncovering security weaknesses that the company chose not to release it to the general public. Instead, they granted access to a select group of security researchers and large organizations. That system, called Claude Mythos Preview, is now showing its capabilities in a very concrete way. Security researchers have used it to discover a serious vulnerability in Apple’s macOS, specifically on the latest M5 chip. This discovery raises important questions about the future of cybersecurity, the role of AI in finding bugs, and who gets to wield such powerful tools.
The Discovery of a macOS Kernel Exploit
A team of security researchers from a Palo Alto-based company named Calif used Mythos to find a critical flaw in Apple’s operating system. In a blog post published on Thursday, the researchers described what they found as the “first public macOS kernel memory corruption exploit on Apple M5.” This kind of exploit is especially dangerous because it targets the kernel — the core of the operating system that controls everything.
The exploit allows an unprivileged local user to gain complete access to the device. In practical terms, this means someone who already has limited access to a Mac (for example, through a compromised user account) could take full control of the machine. They could read private files, install malware, or steal credentials without any additional permissions.
The researchers explained that the exploit involves two distinct vulnerabilities and several techniques to chain them together. This is not a simple one-bug scenario. It required a sophisticated understanding of how macOS handles memory and how different weaknesses can be combined. This is where Mythos came into play.
How Mythos Assisted in Finding the Flaws
The key detail from the Calif blog post is that Anthropic’s Claude Mythos Preview helped the researchers find the bugs and also assisted with developing the exploit itself. The AI did not just point to a suspicious line of code. It actively contributed to the process of creating a working attack.
The post states: “Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class. Mythos discovered the bugs quickly because they belong to known bug classes.” This is a significant capability. Instead of needing to be trained on each specific vulnerability, Mythos can take knowledge from one type of flaw and apply it to similar ones. This generalization ability makes it far more efficient than traditional automated tools that only look for known patterns.
For the researchers at Calif, this meant they could focus on the higher-level strategy while Mythos handled the grunt work of identifying potential weak points. The collaboration between human expertise and AI speed accelerated the discovery process dramatically.
What Does This Mean for Vulnerability Research?
Traditionally, finding kernel exploits requires deep manual analysis of operating system code. Researchers spend weeks or months examining memory management routines, looking for race conditions, buffer overflows, or use-after-free errors. Mythos appears to shorten that timeline substantially. By learning from a class of problems, it can scan for similar patterns across large codebases quickly.
This raises a practical question for security teams: if an AI can find these bugs so efficiently, how many undiscovered vulnerabilities might exist in critical software? The answer is likely many. And the organizations that have access to tools like Mythos may have a significant advantage in finding and patching them before attackers do.
The Dual Role of Apple: Partner and Target
Apple is one of the select partners that received early access to Claude Mythos Preview. This puts the company in an interesting position. On one hand, Apple benefits from using Mythos to improve its own security. On the other hand, the same AI was used to find a serious flaw in Apple’s own product. This dual role highlights the complex dynamics of AI-driven security research.
Companies that develop powerful AI tools must decide who gets access. Anthropic chose to limit Mythos to a closed circle of researchers and large organizations. Apple is both a customer and a potential victim of the findings. This arrangement is not unusual in the security industry — many companies pay researchers to find bugs in their products. But the speed and scale of AI-assisted discovery could change the balance of power.
For Apple, the discovery of a kernel exploit on the latest M5 chip is a reminder that even cutting-edge hardware is not immune to software vulnerabilities. The M5 chip may offer performance improvements, but the operating system running on it still has code that can contain flaws. This incident underscores the need for continuous security testing, especially as AI tools become more capable.
Responsible Disclosure and Patch Timeline
One of the most pressing questions after the announcement is whether the vulnerability has already been patched. The answer is not entirely clear. Apple released macOS Tahoe 26.5 on Monday, and the release notes mention a fix for a bug submitted by Calif in collaboration with Claude and Anthropic Research. Calif is also credited in two other vulnerability reports in that update.
However, in its blog post, Calif stated that it met with Apple “early this week,” which suggests the fix may not yet be fully deployed. The researchers wrote: “Full technical details will be shared after Apple fixes the vulnerabilities and attack path.” This indicates that while some patches may have been included in Tahoe 26.5, the complete exploit chain might still be active.
An Apple spokesperson gave a standard response to the Wall Street Journal, saying: “Security is our top priority, and we take reports of potential vulnerabilities very seriously.” This is typical corporate language and does not provide specific details about the status of the fix.
For Mac users, this uncertainty is frustrating. If you have updated to macOS Tahoe 26.5, you may be partially protected, but it is possible that the full exploit path remains unpatched. The researchers are following responsible disclosure practices by withholding technical details until Apple has addressed all aspects of the vulnerability.
What If the Exploit Has Already Been Used in the Wild?
There is no public evidence that this specific exploit has been used by malicious actors before the patch. However, the possibility always exists. Sophisticated attackers may have independently discovered similar vulnerabilities. The fact that Mythos found it quickly suggests that other AI systems or skilled human researchers could also find it. Users should assume that any unpatched kernel vulnerability is a potential target for exploitation.
What This Means for Mac Users
If you own a Mac with an M5 chip, you might be wondering what steps to take. Here are some practical recommendations based on the current information.
- Keep macOS updated. Install any available updates immediately, including macOS Tahoe 26.5. Apple often includes security patches in these updates, and even partial fixes can reduce risk.
- Enable additional security features. macOS includes options like System Integrity Protection (SIP), FileVault encryption, and Gatekeeper. Make sure these are turned on. They may not prevent a kernel exploit, but they add layers of defense.
- Limit local user privileges. The exploit requires an unprivileged local user to execute. If you minimize the number of users with access to your Mac, and avoid running as an administrator for daily tasks, you reduce the attack surface.
- Monitor for unusual activity. Kernel exploits often leave traces in system logs. Tools like the Console app can help you spot unexpected crashes or suspicious processes. However, this requires some technical knowledge.
- Consider using a security tool. Third-party endpoint protection software can detect some exploit attempts, though kernel-level attacks are notoriously hard to catch. Look for tools that offer behavioral analysis rather than just signature-based detection.
For developers working on macOS applications, this discovery is a reminder that your app’s security assumptions may be invalidated by a kernel compromise. If an attacker gains root access, they can bypass any sandboxing or permissions your app relies on. Always design with the assumption that the underlying OS could be compromised.
You may also enjoy reading: Court grants Apple’s request to seek Samsung docs.
Implications for AI-Driven Cybersecurity
The success of Mythos in finding a real-world kernel exploit has broader implications for the cybersecurity industry. AI systems that can generalize across bug classes could dramatically accelerate the pace of vulnerability discovery. This is both good news and bad news.
On the positive side, organizations that have access to such tools can find and fix vulnerabilities faster than ever before. This could lead to more secure software overall, as bugs are patched before attackers can exploit them. The collaboration between Anthropic, Calif, and Apple is a model for how responsible disclosure can work with AI assistance.
On the negative side, the exclusivity of Mythos raises ethical concerns. If only a handful of large companies and researchers have access to this powerful tool, smaller organizations and open-source projects may be left vulnerable. Attackers may also develop similar AI capabilities, leading to an arms race. The question of who gets access to advanced AI security tools is one that the industry will need to address.
Will AI Replace Human Security Researchers?
Probably not entirely, but it will change their role. Mythos is a tool that augments human expertise, not a replacement. The researchers at Calif still needed to understand the vulnerabilities, chain them together, and develop the full exploit. The AI handled the initial discovery and some aspects of exploit development, but human judgment remained essential.
As AI systems become more capable, security researchers will likely shift their focus from manual code auditing to higher-level tasks like designing attack strategies, validating AI findings, and building defenses. The demand for skilled humans will not disappear, but the nature of the work will evolve.
The Broader Landscape of AI Security Tools
Anthropic is not the only company working on AI for vulnerability discovery. Other organizations, including Google’s Project Zero and various startups, are exploring similar approaches. What sets Mythos apart is its ability to generalize across problem classes. Most existing tools are trained on specific types of vulnerabilities and struggle with novel variations.
The decision to keep Mythos in a closed preview rather than releasing it publicly is a deliberate choice. Anthropic likely wants to control how the technology is used and prevent misuse. However, this also means that the broader security community cannot benefit directly from its capabilities. The tension between openness and safety is a recurring theme in AI development.
For companies evaluating whether to invest in AI-based security tools, the Mythos case offers a concrete example of the potential return. Finding a kernel exploit on a major platform like macOS is a significant achievement. However, the cost of access, the dependency on a single vendor, and the ethical considerations are factors to weigh carefully.
As a CISO at a large enterprise, you might see the value in partnering with Anthropic for early access. But you also need to consider what happens if the tool becomes unavailable or if your competitors gain similar capabilities. Diversifying your security toolkit and maintaining in-house expertise remains prudent.
Looking Ahead: The Future of AI in Zero-Day Discovery
The discovery of a macOS kernel exploit using Mythos is likely just the beginning. As AI systems improve, we can expect to see more vulnerabilities found faster, across more platforms. This could lead to a world where software is significantly more secure because bugs are caught early. But it could also mean that attackers, if they gain access to similar tools, can develop exploits at an unprecedented pace.
The responsible disclosure model demonstrated by Calif and Apple — where details are withheld until patches are available — is essential to prevent harm. But the timeline for patching remains a weak point. If AI can find a vulnerability in hours, but it takes weeks or months for a vendor to release a fix, there is a window of opportunity for attackers. The industry may need to rethink how quickly patches are developed and deployed.
For now, Mac users should stay vigilant. Keep your system updated, follow basic security practices, and pay attention to future announcements from Apple and security researchers. The collaboration between Anthropic, Calif, and Apple shows that AI can be a powerful force for good in cybersecurity, but it also highlights the challenges that come with such power.
