LLM-Assisted Exploit: Anthropic's Mythos Preview Helped Build First Public macOS Kernel Exploit on Apple M5 in Five Days
Security firm Calif has published a writeup detailing how Anthropic's Mythos Preview helped them build the first public macOS kernel memory corruption exploit on Apple's M5 silicon—in just five days. The exploit targets macOS 26.4.1 on bare-metal M5 with kernel Memory Integrity Enforcement (MIE) enabled.
Key Details
- Exploit type: Data-only kernel local privilege escalation (LPE)
- Target: macOS 26.4.1 on Apple M5, with kernel MIE enabled
- Timeline: Bruce Dang found the bugs April 25, Dion Blazakis joined April 27, Josh Maine built tooling, working exploit by May 1 — five days total
- Apple's MIE: Five years of hardware and software development to prevent memory corruption exploits; bypassed in five days with LLM assistance
- Mythos Preview generalizes: Once it learned the bug class, it found similar bugs on entirely new hardware targets
Calif's writeup states: "Apple spent five years building hardware and software to make memory corruption exploits dramatically harder. Our engineers, working together with Mythos Preview, built a working exploit in five days." They also note: "Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class."
According to Hacker News comments, Mythos Preview is not publicly available; it is restricted to trusted organizations under what is being called "Project Glasswing." Calif appears to be one of the trusted testers, having previously done pentesting for Anthropic. Apple has received the full report (laser printed, delivered in person at Apple Park). Technical details will be released after Apple ships a fix.
This event marks a significant milestone in using LLM-assisted tooling for offensive security research, demonstrating that AI can accelerate exploit development against modern hardware defenses. For developers and security researchers, it underscores the need to reevaluate trust assumptions even in hardware-backed security mechanisms.
📖 Read the full source: r/ClaudeAI
👀 See Also
Declawed: An Advanced Community-Driven Malware Scanner for ClawHub SKILL.md Files
Declawed is a security tool for scanning SKILL.md files on ClawHub, detecting prompt injection, malicious content, and info stealers, utilizing community-driven rulesets.
Fake Claude site delivers PlugX malware via sideloading attack
A fake Claude website serves a trojanized installer that deploys PlugX malware through DLL sideloading, giving attackers remote access to compromised systems. The attack uses a legitimately signed G DATA antivirus updater to load malicious code.
OpenClaw User Shares Strategy for Balancing Agent Autonomy and Web Security
An OpenClaw user describes their current challenge: balancing agent autonomy with security, particularly regarding web access and prompt injection risks. They propose a solution using 'low trust' and 'high trust' agent segments with a human approval gate.
Security vulnerabilities exposed in Lovable-showcased EdTech app
A security researcher found 16 vulnerabilities in a Lovable-showcased EdTech app, including critical auth logic flaws that exposed 18,697 user records without authentication. The app had 100K+ views on Lovable's showcase and real users from UC Berkeley, UC Davis, and schools worldwide.