Researchers reportedly bypassed Apple’s new M5 security protections using Anthropic Mythos.

Anthropic Mythos cracks Apple's new M5 security in days, claim researchers

A cybersecurity startup claims it used Anthropic's Claude Mythos AI model to build a working exploit against Apple's new M5 chip protections in less than a week, raising fresh concerns about AI-powered cyber threats.

by · India Today

In Short

  • Researchers reportedly bypassed Apple’s new M5 security protections using AI
  • Anthropic’s Mythos model helped identify bugs and exploit vulnerabilities quickly
  • Experts say AI-human collaboration is rapidly changing cybersecurity capabilities

One of the biggest selling points of Apple devices has long been the company’s tightly integrated approach to security. Apple’s control over both hardware and software has helped build a reputation for strong protection against cyber threats. But even Apple’s latest defenses now appear to be facing a new kind of challenge — one powered by AI.

Calif, a cybersecurity startup based in Palo Alto, used a preview version of Anthropic’s Claude Mythos model to build a working exploit against Apple’s new M5 chip protections in less than a week. Calif researchers linked together “two bugs and a handful of techniques” to corrupt the Mac’s memory and gain access to parts of the system that should normally remain inaccessible.

In a blog post published Thursday, Calif said it had developed what it describes as the first public macOS kernel memory corruption exploit capable of surviving Apple’s new Memory Integrity Enforcement, or MIE, protections on M5 hardware.

Apple introduced Memory Integrity Enforcement, or MIE, last year as a major advancement in hardware-assisted memory safety. The system uses the chip itself to detect and block certain memory corruption attacks before they can be exploited.

According to Calif, Apple spent nearly five years developing MIE and likely invested billions of dollars into the technology. The company claimed that MIE had already disrupted every known public exploit chain targeting modern iOS systems, including the recently leaked Coruna and Darksword exploit kits.

Researchers say exploit was built in less than a week

What makes the latest development even more striking is the speed at which the exploit was reportedly created. Calif said the discovery happened almost accidentally.

“Bruce Dang found the bugs on April 25th. Dion Blazakis joined Calif on April 27th. Josh Maine built the tooling, and by May 1st we had a working exploit,” the company wrote.

Calif noted that Anthropic’s Mythos Preview model played a major role throughout the process. According to the researchers, the AI system quickly identified vulnerabilities because the bugs belonged to known exploit categories.

“Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class,” the company wrote.

However, Calif added that bypassing Apple’s new MIE protections still required significant human expertise because the mitigation system itself was entirely new.

“This is where human expertise comes in,” the researchers explained.

AI-human collaboration raises new cybersecurity concerns

The company said the project was partly designed to test what becomes possible when advanced AI systems are paired with experienced cybersecurity researchers.

“Landing a kernel memory corruption exploit against the best protections in a week is noteworthy, and says something strong about this pairing,” Calif wrote.

Calif also revealed that it shared its findings directly with Apple during an in-person meeting at the company’s California headquarters.

“We wanted to report it in person, instead of getting buried in the submission flood that some unfortunate Pwn2Own participants just experienced,” the company said.

Anthropic restricted Mythos access after internal testing

Anthropic released the preview version of Mythos in April after internal testing and external evaluations reportedly showed the model could autonomously identify and exploit software vulnerabilities at a level beyond previous public AI systems.

Rather than release the model publicly, Anthropic restricted access to select technology companies, banks, and researchers under its Project Glasswing initiative.

The model’s capabilities have already raised eyebrows across the cybersecurity industry. Mozilla later said Mythos identified 271 vulnerabilities in Firefox during internal testing, adding to growing concerns about how rapidly AI-powered cyber capabilities are evolving.

- Ends

Apple and OpenAI deal for ChatGPT in trouble, report says lawyers may get involvedOpenAI is having trouble with Apple over the ChatGPT deal for iPhones. As per reports, the AI startup may be planning to take possible legal action, though a lawsuit is likely not on the cards. Here is everything you need to know.Armaan Agarwal, 15 May 2026Five witnesses called Sam Altman a liar: Musk and OpenAI clash in explosive final courtroom showdownClosing arguments in the Elon Musk vs OpenAI trial begin with explosive accusations, billion-dollar claims, and a fierce battle over OpenAI’s original mission and control of AGI.Om Gupta, 15 May 2026HCLTech bets on Sarvam AI, to invest $150 million at $1.5 billion valuationHCLTech is set to lead Sarvam AI's new funding round with a planned $150 million investment. The proposed deal would value the Bengaluru startup at $1.5 billion and signal a rare AI bet by an Indian IT services major.Armaan Agarwal, 15 May 2026