One of the most notoriously difficult systems to breach! Apple’s MacOS system was "successfully infiltrated" by Anthropic’s next-generation Mythos model.

One of the most notoriously difficult systems to breach! Apple’s MacOS system was "successfully infiltrated" by Anthropic’s next-generation Mythos model.

```

Apple's carefully constructed security barrier has developed cracks. Security researchers, using Anthropic's unreleased next-generation AI model Mythos, successfully discovered a combination of vulnerabilities in the MacOS operating system, and within five days built an attack code capable of bypassing Apple's top security technologies—a breakthrough that is pushing discussions on global AI cybersecurity threats to new heights.

According to the Wall Street Journal on the 14th, researchers from Calif, a security research company based in Palo Alto, discovered two vulnerabilities in MacOS during tests of an early version of Mythos this April. Combining these vulnerabilities with various technical methods, they managed to break Mac memory and obtain system permissions that should not be accessible. This is a "privilege escalation exploit," which—when chained with other attack techniques—could allow hackers to fully control the target computer. Apple stated that it is reviewing Calif's submitted report and said, "Security is our top priority."

The backdrop to this event is global regulators and financial elites being highly vigilant about Mythos's capabilities. The International Monetary Fund has issued a dedicated article about cybersecurity threats posed by the latest AI models, specifically naming Mythos as potentially triggering "macro-financial shocks"; Bank of England Governor Bailey lamented, "What did I do wrong in my last life?"; European Central Bank President Lagarde warned that if it falls into the wrong hands, "the consequences will be unimaginable." Meanwhile, the White House is considering issuing an executive order to implement government oversight of the most advanced AI models.

Cracked in Five Days: How Mythos Broke Through Apple's Defenses

Apple's MacOS has long been considered one of the hardest operating systems in the world to breach. Last September, Apple launched a security technology called "Memory Integrity Enforcement" (MIE), describing it as the "culmination of five years of unprecedented design and engineering effort."

However, Calif's researchers, aided by Mythos, built attack code exploiting two MacOS vulnerabilities in just five days. The attack chains together the two vulnerabilities and various technical methods to break Mac memory and acquire protected system permissions. On Tuesday, researchers specially drove from Palo Alto to Apple's headquarters in Cupertino to personally submit a 55-page vulnerability report.

Still, Calif CEO Thai Duong emphasized that the attack was not accomplished solely by Mythos but heavily relied on the company’s security researchers' expertise. He noted, Mythos excels at replicating attack methods documented in existing materials, stating, "We have not yet seen it autonomously propose entirely new attack techniques; this (breakthrough) is, in a sense, something novel." Former Google security researcher Michał Zalewski, after reviewing Calif’s report, said that while some of the hype around Mythos is "exaggerated," the latest AI tools are indeed useful for "substantial vulnerability research and code auditing."

Duong expects Apple will soon fix the vulnerabilities, and Calif plans to publicly disclose attack details after Apple releases its patches.

Vulnerability Window Shrinks: AI Reshapes Cybersecurity Threat Landscape

This MacOS vulnerability event is the latest example of an AI model's leap in vulnerability discovery capability. According to Bloomberg Opinion columnist Parmy Olson, the window from software vulnerability disclosure to the emergence of usable attack tools has plummeted from an average of 771 days in 2018 to less than four hours today.

Anthropic's AI models have previously demonstrated vulnerability discovery abilities. Earlier this year, Anthropic's AI found over 100 high-risk vulnerabilities in the Firefox browser within two weeks—while it typically takes global sources two months to find a similar number. The IMF, in a blog post on May 7, directly named Mythos, saying it had discovered "vulnerabilities in every mainstream operating system and browser," warning that AI models can simultaneously produce vulnerabilities across numerous institutions, potentially causing "correlated failures" at the financial system level.

AI agents' automated attack capabilities pose severe challenges to the decades-old "responsible disclosure" mechanism. Bloomberg Opinion points out that Mythos's real threat is not mainly to big banks with top-tier IT security systems, but is an urgent warning for weak points like hospitals, small businesses, and small retailers—organizations long targeted by hackers and generally lacking the resources needed for rapid response.

Global Regulators Sound the Alarm: Chain Reaction from Wall Street to Central Banks

The shock caused by Mythos has spread to global financial regulators. US Treasury Secretary Bessent convened Wall Street executives in April to evaluate system defense readiness; the Treasury is currently seeking direct access to Mythos. Bessent stated, "I'm confident that everyone has now reached consensus and is working in the same direction to build risk resilience together."

At the IMF and World Bank Spring Meetings, the Mythos issue sparked widespread attention. European Central Bank President Lagarde warned that should this technology fall into the wrong hands, "the consequences will be unimaginable." Bank of England Governor Bailey admitted that in the face of unknown threats posed by Mythos, regulators still have limited understanding, making it difficult to judge how much progress has been made on known cybersecurity risks.

At present, Mythos is only accessible to around 40 primarily US-based institutions, including Amazon, Microsoft, and large banks like JPMorgan Chase. Many non-US financial institutions have not yet received access, raising concerns about the uneven levels of protection across the global financial system. The UK’s AI Safety Institute, which was among the first allowed to evaluate Mythos, confirmed that the model’s ability to launch complex cyber attacks indeed surpasses existing tools like ChatGPT and Gemini.

Meanwhile, the White House had previously opposed Anthropic gradually expanding access to Mythos. The powerful capabilities of the new AI model have prompted the US government to reconsider its relaxed stance on AI development; federal officials are now considering issuing executive orders to implement government regulation of the most advanced AI models.

Risk Warning and DisclaimerThe market involves risk, investments need caution. This article does not constitute personal investment advice, nor does it consider the special investment objectives, financial situation, or needs of individual users. Users should consider whether any opinions, views, or conclusions in this article are suitable to their particular circumstances. Invest accordingly, and bear responsibility for your own actions. ```