Cybersecurity researchers just hacked the hardware-level security of Apple’s M5 and A19 chips. For some context, these are high-level security chips that Apple spent more than half a decade building. Researchers hacked the chips in just 5 days.
There are 2 things Mac users should take away from this story. One, even the latest and most sophisticated security technologies on your Mac and iPhone can be breached. Two, this hack was done using an AI model that is currently restricted. However, this tech could eventually fall into the wrong hands. Here’s how the Calif MIE hack works, and what you can do to keep your Mac safe.
Supercharge your Mac’s security
Calif hackers combine human talent with frontier AI to hack into M15 chips
A lot of the security features that make Apple devices secure are built into Macs and iPhones at the hardware level. From time to time, cybersecurity researchers and academics come up with novel techniques to hack these hardware-level features. Usually, those hacks involve building expensive hardware and specific software, which means such breaches aren’t readily accessible or attractive to most cybercriminals and threat actors. This hack is different.
On May 14, Calif, a group of ethical hackers working with Anthropic and OpenAI, announced they had developed the first macOS kernel memory corruption exploit on Apple M5. The hack also works on iPhones powered by the A19.
Interestingly, Calif researchers did not build any hardware for this hack; they just coded their way into the kernel by first reading data from it, establishing details on the system, and running a series of commands.
To find this exploit, researchers used Anthropic’s Claude Mythos Preview. Mythos Preview is a powerful cybersecurity AI model that is not available to the public and is only used by tech companies.
How does the MIE M15 hack work?
The Calif hack on macOS computers using M15 chips targets your kernel. The kernel is the core of your operating system, and Apple goes the distance to guard it. Manipulating the memory of the kernel and having the ability to read and write it gives an attacker full control of your device.
These types of hacks used to be rare and reserved only for spyware campaigns like Pegasus and Predator. However, as spyware becomes more widely available, cybercriminals are adapting this type of malware for financial heists, as in the case of notnullOSX, tracked and discovered by the Moonlock Lab Team. While notnullOSX does not involve kernel memory exploits, it is a great example of how spyware is spilling into the criminal sector.
By definition, a kernel memory corruption exploit is a vulnerability that allows attackers to manipulate memory in the operating system’s kernel, potentially leading to unauthorized access or control over the system. Apple’s M15 and A19 chips manage the kernel memory through the Memory Integrity Enforcement (MIE) physically built into the chips.
Why should you care about sophisticated kernel memory corruption exploits?
In this cyberattack, researchers demonstrated that by using advanced AI models like Mythos Preview, paired with cybersecurity expertise, they can find bugs in the MIE and how it manages the kernel, and exploit them.
Calif ethical hackers’ full 55-page technical research on the hack is yet to be released. However, based on the video, we know the hack involves no hardware and is plain code. It first reads the kernel and system data, then runs a series of commands that appear to write on the kernel, reassigning memory space and manipulating the “tags and pointers” security system that Apple developed exclusively for their latest chips.
“The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253),” Calif researchers said.
The hack starts from an unprivileged local user, uses normal system calls, and ends with a root shell, they explained.
“The implementation path involves 2 vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled,” they added.
As mentioned, once an attacker can read and write to your kernel, they can control your OS. Kernel and memory exploits are very common and are used by threat actors in different cyberattacks.
The fact that Apple just released more than 130 security updates for macOS, iOS, iPads, Safari, and other Apple devices—with a significant percentage of these patching your kernel and memory security management system—speaks to how popular these exploits are becoming.
Calif researchers said that the full report will be available after Apple ships a fix.
What is Mythos Preview? Who built it? And is it something you should worry about?
This section is probably the biggest takeaway for average Mac users. Mythos Preview is a restricted, non-public, advanced frontier AI model, and probably an AI agent (no official confirmation on the agent bit yet). It was developed by Anthropic, the firm that built Claude. The model is not available to the public due to its capabilities.
Under the umbrella of the Glasswing project, Amazon Web Services (AWS), Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks use Mythos Preview as a cybersecurity tool.
Naturally, given the hush-hush nature of this model, there is no widely available public data on exactly how it works. However, some things are clear. The model appears to excel at finding bugs and zero-day vulnerabilities. These weaknesses in technology and systems can be used to launch attacks.
Its performance appears to be grand. For example, recently, Mythos Preview found a shocking 271 vulnerabilities in Mozilla’s web browser.
How emerging cybersecurity techniques compare to traditional methods
This type of technology may seem scary and novel, but it is not that far from how traditional cybersecurity works in concept and tools.
Traditional cybersecurity tools, used by the community to test software and hardware and secure online resources, cover a wide range, from automated digital surface scanners to automated vulnerability finders and much more. Usually, vulnerability finders work with a database of existing vulnerabilities and cross-check those against the digital surface.
What AI does, and what AI agents using cybersecurity tools via the Model Content Protect (MCP)—a framework that allows an agent to connect to different tools—do is accelerate and enhance the discovery of these vulnerabilities and other bugs. The AI also enhances traditional security. It can ingest the full code of a project and find logic errors or bugs that traditional methods that examine step-by-step processes do not.
As a side note, there is no public documentation that confirms that Mythos Preview actually uses MCP.
While Anthropic says that “AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” this is not necessarily a bad thing for your security. The more vulnerabilities that trailblazing AI models find and eventually one day patch automatically, the stronger your Mac will be.
Will cybercriminals use AI models in their cyberattacks?
Yes. Cybercriminals already use AI in many ways, and they are experimenting with autonomous AI cybersecurity tools and AI agents. You can read the latest Google Threat Intelligence AI report to learn more about how threat actors are using AI.
The fact that criminals are using AI gives the cybersecurity community more reasons to continue developing AI security.
Other than the companies mentioned above, Anthropic extended access to Mythos Preview through Project Glasswing to a group of over 40 additional organizations that also use it as a cybersecurity tool. “They can use the model to scan and secure both first-party and open-source systems,” Anthropic explains in its official Project Glasswing page.
At the end of the day, AI, even the most advanced and autonomous models, is a digital tool. Its performance hinges on and is limited by who is using the tool. What does this mean? Think of Mythos Preview as a very restricted, hard-to-access F1 race car. Sure, it’s fast and high-tech, but it takes a special driver not to crash it and make its run count.
As Calif researchers explained in their disclosure, it takes a lot of human-in-the-loop expertise to use Mythos Preview successfully.
How to stay safe from AI-powered cyberattacks
From a tech and human-centered cybersecurity awareness perspective, there are several things you can do to stay safe from AI cyberattacks.
Get Moonlock. It will stop attackers targeting your Mac.
No matter how advanced the threat targeting your Mac is, whether or not it uses AI to find a vulnerability and exploit it, at some point, malicious code, malware, or shady files will come into play. This is what the Moonlock antivirus app was built for: to detect malware and suspicious activity and shut it down.
Once downloaded, the Moonlock app will run silently in the background, checking every file you interact with. That includes emails and Terminal scripts for malware signatures. Moonlock can tell when things don’t add up, and can do so without impacting your privacy or your Mac’s performance.
If Moonlock finds a threat, it will simply notify you and move it to Quarantine. There, it is fully isolated and cannot harm your computer or access your data and files. You can check Quarantine in your own time, learn more about the threats your Mac encountered, and remove them completely from your computer.
Check out and test-drive Moonlock for free for 7 days.
Learn more about trailblazing AI cybersecurity models
From an end Mac user perspective, panicking over advanced AI like Mythos Preview and what it can do is not very helpful.
While criminals do use AI, and the tech is a matter of concern, the cybersecurity community uses the same tools. By learning more about advanced AI in cybersecurity, you can shed light on the issue, see through the hype, and separate the myths from reality to understand what you can do to keep your Mac safe from AI threats.
At the Moonlock Blog, we cover AI threat campaigns almost weekly. We offer simple tips and advice on how you can keep safe.
Final thoughts
Mythos Preview and the Calif MEI M15 hack represent a new era in cybersecurity. It’s an era in which advanced AI is combined with human talent to carry out never-before-seen hacks.
AI is undoubtedly a double-edged sword. But, then again, so is every technological innovation that comes along. Follow the tips in this report and continue to learn more about how your technology works to live a calmer and safer digital life.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac and macOS are trademarks of Apple Inc.
