Security researchers recently disclosed that they used Anthropic's new generation artificial intelligence model Mythos to discover a new security bypass method in Apple's macOS system, successfully breaking through the memory security protection technology that Apple has focused on building in recent years. This discovery is regarded by the industry as an important challenge to Apple's image of "the world's most difficult desktop system to break into".

Calif, a security company from Palo Alto, California, said that when its team tested an early version of Mythos in April this year, based on the clues output by the model, it discovered and combined two independent vulnerabilities, supplemented by a series of attack techniques, to ultimately destroy the memory of the Mac device and obtain system areas that should not be accessed. This type of attack is classified as a "privilege escalation exploit" and, if combined with other attack chains, has the potential to give hackers complete control over a target computer.

Many security experts pointed out that this technology is of great significance because Apple has invested heavily in locking down the attack surface of macOS and has long been known for its strong security. After reviewing Calif's research, Michał Zalewski, a security researcher who once worked at Google, said that in the context of Apple's continuous strengthening of platform protection, such a vulnerability chain is particularly eye-catching, showing the dual evolution of attackers' techniques and tools.

Apple said it was reviewing the technical report submitted by Calif to verify the findings and emphasized that "security is our top priority and we take any reports of potential vulnerabilities very seriously." In recent years, Apple has also deployed and tested cutting-edge large-scale models internally to automatically discover and patch system vulnerabilities, trying to stay proactive in this new round of offensive and defensive competition driven by AI.

In the past few months, the ability of large models to mine software defects has increased dramatically, triggering concerns in the cybersecurity community about a "Bugmageddon": security vulnerabilities of an unprecedented magnitude will be discovered in a concentrated manner, which will not only put tremendous pressure on the technical teams responsible for patching, but also amplify cybersecurity risks in the short term. Earlier this year, another Anthropic model found more than 100 high-severity vulnerabilities for the Firefox browser in two weeks, roughly equivalent to the total findings of global researchers in two months.

Apple announced a technology called "Memory Integrity Enforcement (MIE)" in September last year, saying it was the result of five years of collaborative design across hardware and operating systems, aiming to significantly improve memory attack protection capabilities from the bottom up. However, according to Calif, with the assistance of Claude's model, the exploit code for two macOS vulnerabilities was developed in just five days, which highlights the efficiency improvement of AI in offensive security research.

Duong Thai, CEO of Calif and a senior security expert, emphasized that this attack was not "automated" by Mythos alone, but was combined with the experience and judgment of human security researchers. In his opinion, what Mythos is currently best at is reconstructing and expanding attack ideas in existing public documents. There has been no previous case of it independently creating new attack technologies, so this discovery is regarded by the team as "a new breakthrough in a certain sense."

Zalewski believes that although some of the publicity about Mythos from the outside world is "over-hyped", the latest generation of tools can already be used for "meaningful vulnerability research and code audits", which not only improves the efficiency of error detection, but also changes the working paradigm of traditional security research to a certain extent. In this incident, the candidate paths given by the tool and the analysis of human experts complemented each other, allowing the originally extremely difficult to reach vulnerability chain to finally take shape.

According to reports, the Calif research team was so excited about this discovery that they drove from Palo Alto to Apple's headquarters in Cupertino on Tuesday to report the 55-page technical report to Apple's security team in person, detailing the details of the vulnerability exploited and the attack process. The scene of company co-founders Bruce Dang and Duong Thai taking photos in the park has also become a symbolic scene of "human-machine collaboration to break through Apple's defense line."

In accordance with industry practice, Calif plans to release technical details after Apple completes the patch to avoid malicious exploitation of the vulnerability before it is patched. Duong predicts that as Apple attaches great importance to security, these flaws should be patched in a relatively short period of time.

The incident also had knock-on effects at the policy level. The White House had reservations or even opposition to Anthropic's plan to gradually expand external access to Mythos, fearing the two-way amplification effect of high-capability models in the field of network security. Controversy surrounding the safety of new generation AI models is pushing the Trump administration to reassess its previous relatively "laissez-faire" approach to AI development.

Federal officials are currently considering an executive order that would create clearer government oversight of cutting-edge AI models, including the assessment, review and necessary access restrictions for models with the ability to have significant security impacts. After the macOS vulnerability incident, how to use AI to improve defense capabilities while preventing it from being used to amplify the attack surface is becoming a core issue that the U.S. government, technology giants, and the security industry have to face together.