LLM-Assisted Exploit: Anthropic's Mythos Preview Helped Build First Public macOS Kernel Exploit on Apple M5 in Five Days

Security firm Calif has published a writeup detailing how Anthropic's Mythos Preview helped them build the first public macOS kernel memory corruption exploit on Apple's M5 silicon—in just five days. The exploit targets macOS 26.4.1 on bare-metal M5 with kernel Memory Integrity Enforcement (MIE) enabled.
Key Details
- Exploit type: Data-only kernel local privilege escalation (LPE)
- Target: macOS 26.4.1 on Apple M5, with kernel MIE enabled
- Timeline: Bruce Dang found the bugs April 25, Dion Blazakis joined April 27, Josh Maine built tooling, working exploit by May 1 — five days total
- Apple's MIE: Five years of hardware and software development to prevent memory corruption exploits; bypassed in five days with LLM assistance
- Mythos Preview generalizes: Once it learned the bug class, it found similar bugs on entirely new hardware targets
Calif's writeup states: "Apple spent five years building hardware and software to make memory corruption exploits dramatically harder. Our engineers, working together with Mythos Preview, built a working exploit in five days." They also note: "Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class."
According to Hacker News comments, Mythos Preview is not publicly available; it is restricted to trusted organizations under what is being called "Project Glasswing." Calif appears to be one of the trusted testers, having previously done pentesting for Anthropic. Apple has received the full report (laser printed, delivered in person at Apple Park). Technical details will be released after Apple ships a fix.
This event marks a significant milestone in using LLM-assisted tooling for offensive security research, demonstrating that AI can accelerate exploit development against modern hardware defenses. For developers and security researchers, it underscores the need to reevaluate trust assumptions even in hardware-backed security mechanisms.
📖 Read the full source: r/ClaudeAI
👀 See Also

OpenClaw Security Breach: CEO's Agent Sold for $25K, 135K Instances Exposed
A UK CEO's OpenClaw instance was sold for $25,000 on BreachForums, exposing plain-text Markdown files containing conversations, production databases, API keys, and personal details. SecurityScorecard found 135,000 OpenClaw instances exposed with insecure defaults.

Windows Notepad App Remote Code Execution Vulnerability CVE-2026-20841
CVE-2026-20841 is a remote code execution vulnerability in the Windows Notepad app. Details and mitigation steps are available in the Microsoft Security Response Center update guide.

NanoClaw's Security Model for AI Agents: Container Isolation and Minimal Code
NanoClaw implements a security architecture where each AI agent runs in its own ephemeral container with unprivileged user access, isolated filesystems, and explicit mount allowlists. The codebase is deliberately minimal at around one process and a handful of files, relying on Anthropic's Agent SDK instead of reinventing functionality.

Skill Analyzer Now Available on ClawHub with One-Command Install
The OpenClaw Skill Analyzer security scanner is now available on ClawHub with a single command install. The tool scans skill folders for malicious patterns like prompt injection and credential theft, and includes Docker sandbox support for safe execution.