PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Researchers Claim Anthropic's Mythos Helped Crack macOS Security

The macOS exploit took five days to discover, but researchers say it could not have been pulled off by Mythos alone and also required the expertise of its human hackers.

Will McCurdy
 & Will McCurdy Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: NurPhoto via Getty Images)

Significant media attention has already been given to Anthropic’s can find bugs in existing software and platforms. In March, Mozilla researchers said that Anthropic’s Claude Opus 4.6 discovered 14 high-severity bugs and identified 22 CVEs over two weeks, outperforming Mozilla’s own human researchers.

Security researchers utilizing a trial version of Anthropic’s more powerful Mythos model are now claiming they have bypassed Apple macOS security technology. The researchers from Calif, a Palo Alto-based cybersecurity research firm, told The Wall Street Journal they used a “privilege escalation exploit,” which, when combined with another attack vector, could allow bad actors to gain control of a target’s device.

They told the Journal they wrote software that could link two separate bugs, in addition to a “handful of other techniques,” to “corrupt the Mac’s memory and then gain access to parts of the device that should be inaccessible.”

The exploit took five days to discover, but researchers noted that it could not have been pulled off by Anthropic’s Mythos alone and also required the expertise of its human hackers.

Recommended by Our Editors

Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
Google's Agentic AI Tool Gemini Spark Is Now Available. Here's How to Try It
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
I Used ChatGPT to Build Complex Spreadsheets Fast. Here’s How You Can, Too
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing
GitHub Copilot Costs Skyrocket As Users Are Pushed to Per-Token Billing

Apple said it is reviewing the report to test its findings. “Security is our top priority, and we take reports of potential vulnerabilities very seriously,” a spokesperson told the Journal.

Anthropic launched Mythos, then dubbed Project Glasswing, in April. However, it limited access to a select group of about 40 tech companies. Anthropic said Mythos had found thousands of high-severity vulnerabilities using the tool, including some “in every major operating system and web browser.” It also warned that, if such capabilities proliferate among bad actors, the consequences “could be severe.”

Michał Zalewski, a security researcher at Google, reviewed the Calif research, though he was not involved in the testing. He cautioned that, while some of the hype around Mythos is “overblown,” he told the Journal it is still possible to use Anthropic’s tools for “meaningful vulnerability research and code auditing.”

Despite reports about Mythos's capabilities, others have questioned whether the model is too powerful for public distribution. Gary McGraw, a former VP at cybersecurity firm Synopsys, recently told The New York Times: “The technology is not too dangerous to release," adding, "If you don’t release a tool like this—or you hoard it—you are not solving the real problem.”

About Our Expert

Will McCurdy

Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read the latest from Will McCurdy

Read full bio