Apple’s operating systems are known for their security, especially compared to their competitors in mobile and computing. Now, security researchers at a Palo Alto-based company called Calif claim to have successfully hacked macOS after devising a privilege escalation exploit with the help of Anthropic’s Claude Mythos Preview. As The Wall Street Journal According to reports, the exploit could be used to access parts of the MacBook that should be inaccessible and thus allow the attacker to take control of a Mac computer.
Researchers worked with Mythos to identify vulnerabilities and assist in the development of the exploit. Mythos Preview was able to identify bugs quickly because they belonged to known classes. Human expertise was still needed to be able to engineer the exploit, but it shows that advanced AI systems could discover previously unknown bugs and attack paths and could be used by malicious actors to stage security breaches.
Apple takes the researchers’ findings seriously and said The Review: “Security is our top priority and we take reports of potential vulnerabilities very seriously.” In fact, researchers have already met with the company at Apple Park in Cupertino to discuss what they call the “first public macOS kernel memory corruption exploit on M5 silicon.” If the details they shared seem vague, that’s because they plan to release the full technical details of their findings once Apple fixes the vulnerabilities and attack path.
Anthropic is using Claude Mythos Preview for Project Glasswing, the initiative launched in April to prevent AI cyberattacks with AI. Glasswing participants, including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, can use Mythos to strengthen the security of their own projects. Mozilla, for example, previously announced that it found and fixed 271 vulnerabilities in its latest version of the Firefox browser with the help of Mythos.
Just a few days ago, OpenAI launched its own cybersecurity initiative in response to Glasswing and Mythos. OpenAI’s Daybreak uses its various AI models, including its specialized security agent Codex. It was designed around the principle that cyber defense should be integrated into software from the start and not limited to finding and fixing vulnerabilities.