Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool - MacRumors
Skip to Content

Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool

by

Anthropic recently announced Project Glasswing, an initiative that enables tech companies like Apple to use its new frontier AI model Claude Mythos Preview to find security vulnerabilities across operating systems and web browsers.

macOS Tahoe and iPhone
The Wall Street Journal today reported that researchers at cybersecurity firm Calif used Claude Mythos Preview to uncover a new macOS security vulnerability last month. Specifically, they used the model to write code that links together two macOS bugs in a way that resulted in what is known as a privilege escalation exploit.

The security researchers said the exploit would not have been possible with Mythos alone, as it still required their human expertise on top, but it nevertheless proves that AI can assist with discovering software vulnerabilities.

Apple said it was reviewing Calif's report to validate the findings.

"Security is our top priority, and we take reports of potential vulnerabilities very seriously," an Apple spokesperson told The Wall Street Journal.

It is unclear if Apple has already patched the exploit. Apple's security notes for the macOS 26.5 update released this week mention a fix for a kernel-level vulnerability, and it credits Calif and Anthropic for discovering it. Yet, the report said that Calif only met with Apple this week and suggested that a fix was still coming.

We have reached out to Apple for comment.

Related Roundup: macOS Tahoe
Tags: Anthropic, Apple Security
Related Forum: macOS Tahoe

Popular Stories

anthopic claude

Anthropic Launches Claude Opus 4.8 With Gains in Coding and Honesty

Thursday May 28, 2026 11:29 am PDT by
Anthropic today announced the launch of its latest AI model, Claude Opus 4.8. Anthropic claims the model is a "more effective collaborator" with improvements in agentic coding, multidisciplinary reasoning, agentic computer use, knowledge work, and agentic financial analysis. Testers have found Opus 4.8 to be "more reliable and sharper in its judgement" when doing agentic tasks, and the model ...
Read Full Article122 comments
claude fable 5

Anthropic Launches Claude Fable 5, Its First Public Mythos-Class Model

Tuesday June 9, 2026 3:08 pm PDT by
Anthropic today announced the launch of Claude Fable 5, a Mythos-class model that it says is safe for general use. According to Anthropic, Fable 5's capabilities exceed those of any model it has made generally available, and Fable has demonstrated "exceptional performance" for software engineering, knowledge work, vision, scientific research, and more. It outperforms Opus models on longer,...
Read Full Article44 comments
macOS Tahoe 26 Feature

Apple Releases macOS Tahoe 26.5.1 to Fix Shutdown Issue Affecting Enterprise Users on M5 Macs

Monday June 1, 2026 10:31 am PDT by
Apple today released macOS Tahoe 26.5.1, a small update to the macOS Tahoe operating system that came out last year. macOS Tahoe 26.5.1 comes three weeks after Apple released macOS Tahoe 26.5. Mac owners can download the software by opening the System Settings app and then navigating to the Software Updates section. According to Apple's release notes for the update, macOS Tahoe 26.5.1...
Read Full Article48 comments

Top Rated Comments

N
now i see it
4 weeks ago
If researchers can use ai tools to identify vulnerabilities- so can nation state hackers, and likely small time hackers too.
The arms race towards computing Armageddon has just begun.
Score: 13 Votes (Like | Disagree)
turbineseaplane Avatar
turbineseaplane
4 weeks ago

I love how this went from Ai discovers bugs to Ai can assist in finding bugs.

It’s the theme of the entire Ai industry right now. Over promised and under delivered
Lest we forget about “AI creating bugs”, which I guarantee you is happening.
Score: 6 Votes (Like | Disagree)
k1121j Avatar
k1121j
4 weeks ago
I love how this went from Ai discovers bugs to Ai can assist in finding bugs.

It’s the theme of the entire Ai industry right now. Over promised and under delivered
Score: 6 Votes (Like | Disagree)
G
gaggle
4 weeks ago

If researchers can use ai tools to identify vulnerabilities- so can nation state hackers, and likely small time hackers too.
The arms race towards computing Armageddon has just begun.
You're not wrong in your intuition that this levels the playing-field on finding exploits, but the end result should be the opposite: The more stress testing, the safer the code. And there languages and techniques that fundamentally evaporate entire classes of bugs, and if enough bugs are found in existing solutions it can prompt maintainers to perform such upgrades. It has a hint of evolution to it: The strong and adaptable solutions will survive. It doesn't have to a pretty journey, I'm not claiming it'll be rainbows and unicorns, but directionally not an armageddon.
Score: 5 Votes (Like | Disagree)
U
Unregistered 4U
4 weeks ago
“The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell.“

So, same thing still applies. Don’t download random files from the internet and open them. I mean, novel that they’re proud to say AI was involved (they wouldn’t have been able to do it without AI), but, like all security researchers, they’re just in it for their 5 minutes of fame. That it’s unable to cause anyone any distress without a attacker having physical access to the machine (OR access to an unwise person with physical access to the machine) is just kinda where we are with computing today. Nothing for them to really raise an alarm about.
Score: 4 Votes (Like | Disagree)
P
parameter
4 weeks ago
I'm going back to pencil and paper.
Score: 4 Votes (Like | Disagree)
Read All Comments