- California researchers used Anthropic’s Mythos Preview to chain two bugs and techniques in a macOS kernel exploit on Apple M5
- The exploit bypassed Apple’s new Memory Integrity Enforcement and managed to root the shell in five days despite years of investment from Apple.
- The attack highlights Mythos’ power to expose unknown flaws; Apple is reportedly working on a fix
California cybersecurity researchers have explained how they used Anthropic’s (now) famous Mythos Preview AI tool to create a macOS kernel memory corruption exploit running on Apple’s newest M5 silicon, warning that their work was a “glimpse of what’s to come” for hardware and software that was built “in a pre-Mythos Preview world.”
In September 2025, Apple introduced a new security feature designed to block hacking techniques that exploit software memory flaws.
The feature, called Memory Integrity Enforcement (MIE), uses hardware-level memory checks to prevent malicious code from accessing data it shouldn’t. It was launched alongside the iPhone 17 line and the new A19 chips.
Execution model persists
In April 2026, Anthropic allowed a handful of technology companies, including California, to access Mythos Preview, so they could get a leg up on everyone else and protect their environments.
The company claimed that Mythos was capable of exposing unknown vulnerabilities and creating functional exploits and, as such, was too dangerous to release to the general public.
Calif used Mythos to link “two bugs and a handful of techniques to corrupt the Mac’s memory and then gain access to parts of the device that should be inaccessible.” Commenting on their findings, the California team said that Apple spent five years and “probably billions” of dollars to build MIE, while they managed to break it down in five days.
“The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253),” Calif said in a Substack post. “It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting entry-level M5 hardware with the MIE kernel enabled.”
Apple is apparently currently working on a fix. You’re probably using Mythos too.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
