Apple has long been known for strong data and device security. However, the company’s reputation has come under pressure after a cybersecurity startup claimed it uncovered major flaws in macOS protections using an advanced AI model. Calif said its researchers developed a working exploit targeting Apple’s latest M5 chip security system in less than a week. The company added that Anthropic’s Mythos Preview AI model helped create the program used to breach macOS security. Calif said it has already shared its findings with Apple. According to reports, the Cupertino-based tech giant is now reviewing the claims and examining the reported vulnerabilities for possible security weaknesses.
Calif, a Palo Alto-based research firm, said that they exploited Apple’s Memory Integrity Enforcement, which is also known as MIE. MIE is a hardware-backed security feature which is used to stop memory corruption attacks. The company described its exploit as the first public macOS kernel memory corruption attack capable of bypassing MIE protections on M5 hardware.
Calif also claims that it is officially the only company that has created a first publicly known programme that can attack macOS and make an actual dent in it or manipulate kernel memory while getting past the MIE security protections on Apple’s M5 chips.
Also read: Google may no longer give 15GB free storage to everyone: Here is the catch
According to Calif, the exploit linked two software bugs and several attack techniques to access restricted parts of the operating system. The company said the attack could eventually allow hackers to take control of a Mac device if paired with other exploits.
In its blog post, Calif explained how quickly the project moved. Researcher Bruce Dang reportedly found the bugs on April 25, while cybersecurity expert Dion Blazakis joined the company on April 27. Calif said Josh Maine then developed the required tools, leading to a working exploit by May 1st.
The company credited Anthropic’s Mythos Preview model for helping identify patterns in known exploit categories. However, Calif chief executive Thai Duong told The Wall Street Journal that human expertise remained critical because Apple’s MIE system was entirely new.
Also read: Google reportedly working on Gemini Spark, an always-on AI assistant: Here is what it may do
Apple confirmed to The Wall Street Journal that it is reviewing Calif’s report. A company spokesperson told the outlet, ‘Security is our top priority, and we take reports of potential vulnerabilities very seriously.’
Calif said it presented its 55-page findings directly to Apple during a meeting in Cupertino, California. The company plans to release technical details publicly after Apple addresses the vulnerabilities. Meanwhile, the case is adding to growing concerns about how advanced AI systems could reshape cybersecurity threats in the near future.