Security lab Calif says its researchers used Anthropic Mythos Preview to build what it calls the first public kernel memory-corruption exploit against a macOS 26.4.1 device running on Apple’s M5 hardware. The claim is significant, but it needs precise wording: this was a controlled local privilege-escalation research chain, not evidence that a remote attacker can automatically break every Mac with one prompt [1].
Calif says the work took five days and chained two Apple bugs, including one kernel memory-corruption issue, into a working exploit that bypassed Memory Integrity Enforcement on the tested system. The lab says it has reported the bugs to Apple and is withholding technical details until patches are available. That restraint matters because the public write-up does not give exploit steps, PoC code, CVE IDs, or a way for defenders to test direct exposure yet [1].
What This Actually Changes
The important takeaway is not that “macOS is broken.” Apple’s Memory Integrity Enforcement remains a serious mitigation layer, and Apple describes it as a hardware-and-software memory-safety design meant to make memory-corruption exploitation much harder on supported devices [2]. Calif’s result is narrower but still important: an AI-assisted research workflow helped move from vulnerability discovery to a functional exploit chain faster than most teams would expect.
Anthropic positions Mythos Preview as a model environment for high-end cyber reasoning and security research workflows, not a public consumer chatbot feature [3]. That distinction is critical. For defenders, the risk is not that ordinary prompts instantly produce reliable macOS kernel exploits. The risk is that specialized models can compress the time between bug discovery, exploitability analysis, and a working chain in the hands of capable researchers or well-resourced actors.
The practical response is measured: watch for Apple advisories tied to the reported bugs, apply macOS security updates quickly, and treat “AI found an exploit” headlines as incomplete until the affected versions, CVEs, and patch status are public. The broader pattern matches recent Gridinsoft coverage of AI-assisted malware testing, Claude-assisted cyber-espionage automation, and hardware-backed security bypass research: AI does not replace exploit expertise, but it can accelerate the parts of the workflow that used to consume days or weeks.
