Security

Claude Mythos model bypasses Apple's security system on M5 Macs

Researchers drove to Apple Park with a 55-page report after reaching root on an M5 Mac in five days with help from the closed Mythos AI model. The same model is now helping find hundreds of security bugs in Firefox.

Published 18 May 2026 7 min

Security researchers delivering a vulnerability report at Apple Park

Last week, researchers from Calif (a security research company) drove to Apple Park with a 55-page report on macOS running on Apple M5. In five days they had gone from an ordinary local user account to the system's highest privileges on an M5 Mac. They could run code and change parts of macOS that an ordinary user never reaches. While working through the exploit, they used Anthropic's Claude Mythos Preview model, which is closed to the public for safety reasons, to find bugs and build the exploit chain.

The attack targets Memory Integrity Enforcement (MIE), the hardware-assisted protection Apple brought to M5 Macs. Over roughly five years and billions invested, it was meant to shut the door on the kind of memory flaws hackers have used for decades to break into phones and computers.

The researchers say the protection was not broken but bypassed. The attack targets data and avoids the kind of memory manipulation MIE was built to stop. Two kernel vulnerabilities were chained together through ordinary system calls.

It moved fast. Calif researcher Bruce Dang found the bugs on April 25, 2026. Security researcher Dion Blazakis joined Calif on April 27, and by May 1 the team had a working exploit. Calif is still holding back the full technical report until the rest of the attack chain is closed.

Mythos is not broadly released. Calif was clear about what the model actually did: it did not invent new attack primitives, but it recognized familiar bug classes, helped draft and iterate exploit code, and sped up the work. macOS on Apple Silicon remains one of the hardest consumer targets in the world. In security circles the takeaway is not that AI hacked Apple, but that a small expert team got far more attempts per week on a problem that used to take months.

Anthropic researcher Nicholas Carlini on how many bugs he has found with Claude Mythos in recent weeks.

Anthropic researcher Nicholas Carlini puts it bluntly: he has found more bugs with the closed Mythos model in a few weeks than in the rest of his life combined.

On May 7, Anthropic's Alex Albert posted on X that the Firefox team, with help from Claude Mythos Preview, fixed more security bugs in April than in the previous 15 months combined.

Chart showing Firefox security bug fixes per month, with a sharp spike to 423 fixes in April 2026 — Alex Albert (Anthropic) shared Firefox figures: 423 security fixes in April 2026, more than the prior 15 months combined (420). Source: post on X, May 7, 2026.

Through March, the Firefox team had typically been closing 17 to 31 security bugs a month. In April the number hit 423.

For Apple, the question is how fast the hole can be closed and whether MIE needs to be redesigned. For open-source projects, the priority is using AI to find and fix flaws in their code while models like Mythos are still only available to a select few. Mythos has already helped uncover a 27-year-old flaw in OpenBSD (an open-source operating system). Once the same tools become widely available, the math changes: a small number of people can find security flaws in public code faster than maintainers can fix them, and projects may have to ask whether staying open source still makes sense.