Security researchers admitted that Anthropic’s Mythos AI model was capable of hacking macOS, bypassing Apple’s security systems in a way never before possible.
Mythos is an early version of a new, more powerful Claude AI model software that has not yet been released to the public. Anthropic engineers have warned that it is too good at detecting security vulnerabilities to let it spread in the wild.
Today, proof of his abilities comes in the form of a rock climbing feat. If used correctly, the exploit could potentially allow a hacker to take control of a Mac despite Apple’s security measures.
Detailing the news, The Wall Street Journal said security researchers were “excited about their discovery.” In fact, they were so impressed with what Mythos had done that they traveled to Apple’s Cupertino headquarters to share their findings.
Chain attacks
Researchers from a Palo Alto-based research group say Mythos did not use a single attack vector in its hack. Instead, it linked two macOS bugs in an attempt to corrupt the Mac’s memory.
The macOS operating system has been hacked in a new way
Once macOS memory was compromised, Mythos was then able to “access parts of the device that should be inaccessible.” It’s also possible that if the hacks were then used alongside others, the Mac as a whole could be compromised.
For his part, a company spokesperson told the WSJ that it reviews and validates the conclusions of the security team.
“Security is our top priority and we take reports of potential vulnerabilities very seriously,” Apple was quoted as saying. However, Apple has not yet indicated whether it has fixed the bugs used by Mythos in its hack.
In fact, it’s not clear what Mythos has and hasn’t done at this time. This shouldn’t be all that surprising, with details likely remaining unclear until Apple fixes the exploited security flaws.
However, the report also notes that the attack could not have been carried out by Mythos alone. Without the skills of hackers working alongside AI, it is believed the hack would not have been possible.
As for Mythos, Anthropic intends for it to be used wisely. The Glasswing project was started to allow Mythos to be used as a way to identify security vulnerabilities so they can be addressed.