Security researchers, aided by Anthropic's Mythos, claim to have breached macOS
Apple's operating systems are known for their security, especially compared to their rivals in mobile and computing. Now, security researchers from a Palo Alto-based company called Calif claim they were able to breach macOS after designing a privilege escalation exploit with help from Anthropic's Claude Mythos Preview. As The Wall Street Journal reports, the exploit could be used to access parts of the MacBook that should be inaccessible and, thus, allows the attacker to take control of a Mac computer.
The researchers worked with Mythos to identify the vulnerabilities and to help them with the exploit's development. Mythos Preview was able to identify the bugs quickly, because they belonged to known classes. Human expertise was still necessary to be able to design the exploit, but this shows advanced AI systems could unearth bugs and attack paths that were previously unknown and could be used by bad actors to stage security breaches.
Apple is taking the researchers' findings seriously, and told The Journal: "Security is our top priority, and we take reports of potential vulnerabilities very seriously." In fact, the researchers already met with the company at Apple Park in Cupertino to discuss what they're calling the "first public macOS kernel memory corruption exploit on M5 silicon." If the details they shared sounded vague, it's because they're planning to release the full technical details of their findings after Apple fixes the vulnerabilities and attack path.
Anthropic uses Claude Mythos Preview for Project Glasswing, the initiative it launched in April to prevent AI cyberattacks with AI. Glasswing participants, including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, can use Mythos to strengthen the security of their own projects. Mozilla, for instance, previously announced that it found and patched 271 vulnerabilities in its latest release of the Firefox browser with help from Mythos.
Just a few days ago, OpenAI introduced its own cybersecurity initiative in response to Glasswing and Mythos. OpenAI's Daybreak uses its various AI models, including its specialized security agent Codex. It was designed around the premise that cyber defense should be built into software from the beginning and not just revolve around finding and fixing vulnerabilities.