A security research team managed to bypass Memory Integrity Enforcement (MIE), a memory protection system that Apple developed over five years for its Macs. The feat was accomplished in just five days with the support of Claude Mythos Preview, an AI model from Anthropic not yet available to the public. The discovery represents a milestone in the speed of exploit development and reignites debates about security on Apple M5 chips.
MIE is a robust defense layer that combines Alocador Seguro of Apple, the enhanced version of Memory Tagging Extension (EMTE), and advanced mechanisms for protecting memory tag information. Apple invested approximately half a decade and billions of dollars in the project, aiming to hinder hardware-supported memory corruption attacks. Esse system has operated until now without public records of exploitation on machines with MIE enabled.
Discovery Accelerated Cronograma
The speed of development caught the attention of the security community. Bruce Dunn identified the first two flaws on April 25, 2026. Dion Brazakis joined the effort two days later, on April 27. Josh Main developed the necessary tools, and by May 1st a working exploit was ready, allowing root privileges to be obtained from an unprivileged account via a local kernel escalation chain.
The task was accomplished using only normal system calls and took about five days from start to finish. Especialistas in security estimate that a similar process would take weeks without the assistance of AI. Mythos Preview, as explained by Anthropic, made development possible in just a few hours, drastically reducing the time between discovering bugs and creating working exploits.
Papel of artificial intelligence
Claude Mythos Preview did not perform all work autonomously. The researchers clarified that AI helped quickly identify bugs belonging to known classes of vulnerabilities, working in combination with human expertise. The model trained on security patterns and common errors, accelerating the analysis and development of exploit chains.
Anthropic highlights a critical point: the same technology that speeds discovery for defenders also speeds up work for would-be attackers. Isso suggests that the speed of identifying vulnerabilities and creating exploits is increasing significantly on both sides of the digital security equation.
- Primeira Fault Discovered: April 25, 2026
- Segundo Researcher Joins: April 27, 2026
- Full functional Exploit: May 1, 2026
- Tempo total: approximately five days
- Estimated Acesso without AI: weeks
Model restricted Distribuição
Mythos Preview remains unavailable to the general public. Anthropic offers limited access through Projeto Glasswing, a program that seeks to strengthen the security of critical software. Parceiros founders like Apple herself are included in the program, with plans to expand access to more than 40 organizations that develop and maintain critical software infrastructures.
The research team, called Calif, prepared a 55-page technical report that was delivered directly to Apple on Apple Park. The company responded in a statement that “security is a top priority and we take reports of potential vulnerabilities seriously.” Full technical details and exploit code will only be published after Apple implements the necessary fixes.
Implicações for system security
The exploit was run on an Mac with macOS Tahoe 26.4.1 (25E253) equipped with the Apple M5 chip. Trata is the first publicly documented case of a successful macOS kernel exploit on MIE-enabled hardware. Esse made puts into perspective the evolution of operating system security and the emerging role of advanced AI models in vulnerability research.
The acceleration in exploit development reflects a broader trend in cybersecurity: AI tools are dramatically reducing the time between identifying weaknesses and creating working attacks. Defensores need to adapt to this new pace, developing faster patching and response methodologies.