Security firm Calif reported this week that its researchers successfully used a preview version of Anthropic's Claude Mythos AI to help craft a kernel exploit for Apple's macOS. The exploit reportedly targets the latest M5 series processors, raising new concerns about artificial intelligence's role in cyberattack development.
Calif, a California-based cybersecurity research firm known for its work in hardware-level vulnerabilities, detailed its findings in a technical whitepaper released Tuesday. The firm explained that its team provided the Claude Mythos AI with specific parameters and architectural information related to macOS kernel components. The AI then assisted in identifying potential logic flaws and generating code snippets that could bypass security protections.
This marks one of the first public instances where an advanced large language model has been directly implicated in the creation of a functional kernel-level exploit, moving beyond theoretical discussions. Anthropic's Claude Mythos is an experimental iteration of its Claude AI model, designed for advanced problem-solving and complex code generation tasks. Its current access is restricted to select research partners and beta testers.
Anthropic has not yet publicly commented on Calif's claims. However, the company has stated its commitment to AI safety and has policies in place to prevent its models from being used for malicious purposes, including the development of cyberweapons. The incident prompts questions about the enforceability of such policies when models are in private beta or when users find novel ways to prompt them for unintended outcomes.
A kernel exploit provides an attacker with the highest level of system control, often referred to as "ring 0" access. This allows for complete compromise of the operating system, enabling persistent malware installation, data exfiltration, and undetectable surveillance. Targeting Apple's M5 series processors is significant. These chips incorporate advanced security features, including hardware-enforced memory tagging and secure boot mechanisms, designed to thwart such low-level attacks. Calif did not release the full exploit code or technical specifics to the public, citing responsible disclosure practices. They have reportedly shared their findings directly with Apple's product security team.
The use of advanced AI in developing sophisticated exploits is a growing concern among cybersecurity experts. While AI has long been used for defensive purposes, its application in offensive operations presents a new class of threats. Security researchers have previously demonstrated AI's ability to identify vulnerabilities in code or suggest attack vectors. This reported instance, however, suggests a more direct and substantial role in exploit construction. Government agencies and international bodies have begun discussing regulations for AI systems, particularly those with dual-use potential. This incident adds urgency to those debates.
Apple has not yet issued a public statement regarding Calif's report or the claimed M5 kernel exploit. The company typically addresses security vulnerabilities through its regular software update cycles. Users are advised to keep their macOS systems updated to the latest available patches, as this remains the primary defense against known and emerging threats.