Security researchers from Palo Alto-based firm Calif say they developed a macOS privilege escalation exploit with assistance from Anthropic’s Claude Mythos Preview, demonstrating how advanced AI systems can accelerate vulnerability research and exploit development.
According to reporting from The Wall Street Journal, the exploit targeted Apple’s macOS operating system and could potentially allow attackers to access protected parts of a Mac computer and gain elevated control over the device. The researchers described the work as the “first public macOS kernel memory corruption exploit on M5 silicon.”
The Calif team reportedly used Claude Mythos Preview to identify vulnerabilities and assist in building the exploit chain. Researchers said the AI system quickly recognized known classes of software bugs, helping narrow down attack paths that would otherwise require significant manual analysis. Human expertise was still required to design and validate the exploit, but the project highlighted how frontier AI models can increasingly contribute to advanced cybersecurity workflows.
Apple acknowledged the findings and said it is treating the report seriously. The company confirmed it met with the researchers at Apple Park in Cupertino to discuss the vulnerabilities. Technical details of the exploit have not yet been released publicly, as the researchers plan to disclose the information only after Apple issues fixes.
The exploit research is connected to Anthropic’s broader cybersecurity initiative known as Project Glasswing, launched in April to help organizations strengthen software security using AI systems. Through the program, approved partners receive access to Claude Mythos Preview for defensive security work, including vulnerability discovery and infrastructure protection.
Project Glasswing participants include Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Mozilla previously disclosed that it identified and patched 271 vulnerabilities in Firefox with assistance from Mythos.
The development comes shortly after OpenAI launched its own cybersecurity initiative, Daybreak, which combines several AI systems including a security-focused agent called Codex. OpenAI said the program is designed to integrate cyber defense directly into software development processes rather than focusing solely on post-release vulnerability fixes.
