‘This work is a glimpse of what’s to come’: Security team explains how Anthropic Mythos helped build a working macOS exploit in five days

Calif researchers used Anthropic’s Mythos Preview to chain two bugs and techniques into a MacOS kernel exploit on the Apple M5
The exploit bypassed Apple’s new Memory Integrity Enforcement and achieved the root shell in five days despite years of Apple investment
Attack highlights the power of Mythos to reveal unknown flaws; Apple is reportedly working on a fix

Calif. cybersecurity researchers have explained how they used Anthropic’s (now) famous Mythos Preview AI tool to create a working macOS kernel memory corruption on Apple’s latest M5 silicon, warning that their work was a “glimpse of things to come” for hardware and software built “in a pre-Mythos Preview world.”

In September 2025, Apple introduced a new security feature designed to block hacking techniques that exploit software memory flaws.

Called Memory Integrity Enforcement (MIE), the feature uses hardware-level memory checks to prevent malicious code from accessing data it shouldn’t. It was released alongside the iPhone 17 series and the new A19 chips.

The execution model consists

In April 2026, Anthropic allowed a handful of tech companies, including Calif, to access the Mythos Preview so they could get a head start on everyone else and secure their environments.

The company claimed that Mythos was able to reveal unknown vulnerabilities and create working exploits and as such was too dangerous to just be released to the public.

Calif used Mythos to connect “two bugs and a handful of techniques to corrupt the Mac’s memory and then access parts of the device that should be inaccessible.” Commenting on their findings, the Calif team said Apple spent five years and “probably billions” of dollars building MIE, while they managed to crack it in five days.

“The exploit is a data-only local privilege escalation chain that targets macOS 26.4.1 (25E253),” Calif said in a Substack post. “It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The deployment path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled.”

Apparently, Apple is currently working on a fix. Probably also uses Mythos.