back to top
HomeTechAnthropic's Mythos Just Helped Find macOS vulnerability That Could Break Apple's Security...

Anthropic’s Mythos Just Helped Find macOS vulnerability That Could Break Apple’s Security Protections

- Advertisement -

Anthropic has been explicit about why Mythos isn’t public. The model is too good at finding security flaws repeatedly, in production systems that some of the best engineers in the world have been maintaining for years.

So instead of a public release, Anthropic built Project Glasswing. Around 40 organizations get controlled access. Anthropic committed $100 million in usage credits to support the effort. The list includes Apple, Google and Microsoft, companies that aren’t exactly short on security talent themselves.

One of those organizations is Calif, a Palo Alto cybersecurity firm. In April their researchers used techniques derived from Mythos to find two previously undocumented vulnerabilities in macOS. They chained them together into a privilege escalation exploit capable of bypassing Apple’s memory integrity enforcement, the part of the system that’s supposed to be completely off-limits to normal processes. Then they flew to Cupertino and handed Apple a 55-page report in person.

Apple is reviewing it. Patches are expected. And Mythos just added macOS to a list that already includes a 27-year-old OpenBSD bug and multiple Linux vulnerabilities nobody had caught before.

Not Mythos alone

Calif CEO Thai Dong was direct with the Wall Street Journal: the attack “couldn’t have been pulled off by Mythos alone and leveraged the very human cybersecurity expertise of some of Calif’s hackers.”

That distinction matters in both directions. It’s not a story about AI replacing security researchers, the exploit required serious human expertise layered on top of what the model produced. But it’s also not nothing. Mythos narrowed the search space, surfaced the vulnerabilities, and gave researchers a starting point that would have taken significantly longer to reach on their own. The combination found something Apple missed.

An unavoidable track record

Before Calif walked into Apple’s headquarters, Mythos had already surfaced a vulnerability in OpenBSD that had gone undetected for 27 years. It found exploitable weaknesses in Linux that human researchers had walked past for years without noticing.

That’s not a coincidence or a lucky find. That’s a pattern. And it’s exactly why Anthropic won’t release the model publicly, because it works consistently enough that putting it in the wrong hands is a genuinely serious consideration.

The $100 million in usage credits Anthropic committed to Project Glasswing starts to make more sense in that context. It’s an attempt to extract real defensive value from a capability that exists whether Anthropic monetizes it or not. Better to have Apple and Google finding their own flaws with it than to wonder who else might find those flaws first.

You May Like: OpenMythos: The Closest Thing to Claude Mythos You Can Run (And It’s Open Source)

The question this raises for the rest of the industry

Forty organizations have controlled access to Mythos. The rest of the security research industry doesn’t.

That gap is going to widen. If a model under strict access controls is already finding decades-old bugs in the most scrutinized codebases on the planet, the natural question is what happens when similar capabilities become more broadly available, whether through Anthropic eventually loosening access, a competitor releasing something comparable, or less scrupulous actors building toward the same destination through different means.

Calif’s CEO thinks Apple will patch these bugs quickly. That’s probably true. But the more durable question isn’t about these two specific vulnerabilities. It’s about what the security research industry looks like when this kind of capability stops being rare.

The 55-page report is sitting on a desk in Cupertino right now. Full technical details won’t be released until Apple ships patches. When they do, this will become one of the cleaner documented examples of what AI-assisted vulnerability research actually produces in practice, two real bugs in a real operating system that nobody found until a model that Anthropic won’t let the public touch helped look for them.

Don’t miss any Tech Story

Subscribe To Firethering NewsLetter

You Can Unsubscribe Anytime! Read more in our privacy policy

LEAVE A REPLY

Please enter your comment!
Please enter your name here

YOU MAY ALSO LIKE
OpenAI Built Its First AI Chip. It's Not Trying to Replace NVIDIA

OpenAI Built Its First AI Chip. It’s Not Trying to Replace NVIDIA.

0
When the news broke that OpenAI had built a custom chip, the instinct was to frame it as a NVIDIA story. Another lab trying to cut the cord, reduce dependence on H100s, claw back some margin from the company that's been printing money off the AI boom. That's not quite what's happening here. The chip is called Jalapeño, built with Broadcom, and it doesn't touch training at all. It's an inference chip, meaning it only runs models after they're already built, when a user sends a message and ChatGPT has to respond. The compute-heavy work of actually training those models still runs on NVIDIA hardware. OpenAI isn't replacing NVIDIA. It's going after a different part of the problem entirely, the part that happens millions of times a day, every time someone uses one of their products. That distinction matters because inference is where AI costs actually accumulate at scale. Training happens once per model. Inference never stops.
glm 5.2 ai open weights

GLM-5.2 Is the Closest an Open Model Has Come to Claude

0
What does it take for an open-weight model to stop chasing Claude and actually beat it? Every open-weight release for two years has told some version of the same story: closer, but not quite. The chart shrinks, the wording softens to "competitive with," and the conversation moves on until the next model repeats the cycle. GLM-5.2 breaks that pattern. The model is built to survive long, messy coding work, the kind that runs for hours without losing the thread. That's the pitch its maker is leading with. But scroll down their own benchmark table and something else is sitting there quietly: on a couple of standard math evals, this open model isn't approaching Claude Opus 4.8, GPT-5.5, or Gemini 3.1 Pro. It's beating all three, on the same table. It loses plenty of ground elsewhere, and that part matters just as much as the wins. But a model anyone can download under an MIT license, with no usage restrictions attached, coming out ahead of the lab everyone else measures themselves against, is worth pausing on before getting to what the rest of the numbers actually say.
Open-Source AI Tools Worth Trying Right Now

5 Open-Source AI Tools You Probably Haven’t Tried Yet

0
Every week brings another open source AI release, and most of them require setting up a Python environment. Find out the model card lied about VRAM requirements. By the time something actually runs, the appeal has mostly worn off. The five tools below skip most of that. One turns image and video generation into something closer to a desktop app. One gives DeepSeek an actual workspace instead of a browser tab. One builds UI prototypes using coding agents you probably already have installed. One quietly builds a memory system out of your own apps. And one is, literally, a desktop pet.