Mythos finds macOS privilege bug

Anthropic said on April 7 that its Claude Mythos Preview model had identified and exploited zero-day vulnerabilities across major operating systems and browsers during internal testing, and Apple is among the companies using the system in a defensive security program. Anthropic did not publicly detail the macOS flaws, but said more than 99% of the vulnerabilities it has found remain unpatched and are being handled through coordinated disclosure. Apple’s public security guidance says it does not discuss or confirm security issues until an investigation is complete and patches are generally available. The reporting around the macOS case centers on one of the clearest examples so far of an AI system being used to surface a privilege-escalation path in a closed commercial operating system. ### How did the macOS bug come to light? Anthropic said in its April 7 technical write-up that Mythos Preview could “identify and then exploit zero-day vulnerabilities in every major operating system and every major web browser” when directed to do so. The company said the bugs it found were often subtle, sometimes decades old, and in many cases too sensitive to describe publicly before patches are available. (red.anthropic.com) Project Glasswing, announced the same day, named Apple as a launch partner alongside Amazon Web Services, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Microsoft, Nvidia and Palo Alto Networks. Anthropic said those partners would use Mythos Preview in defensive security work and that it had extended access to more than 40 additional organizations that build or maintain critical software infrastructure. (red.anthropic.com) ### What is a privilege-escalation flaw on macOS? Apple’s own security documentation describes macOS as having multiple privilege models, including inherited BSD permissions, capability-based mechanisms and mandatory access controls added in newer releases. In practical terms, a privilege-escalation bug is a flaw that lets code or a user obtain rights beyond those originally granted, potentially turning a limited foothold into broader system control. (anthropic.com) Apple’s bounty guidelines make clear how seriously it treats that class of issue. The company says reports must include a clear explanation of the security mechanism bypassed, a reliable proof of concept or working exploit, and reproducible steps. For some kernel-level privilege-escalation categories, Apple requires proof that a researcher obtained a designated “target flag” through the escalation path. (developer.apple.com) ### Why aren’t the technical details public yet? Apple says on its security releases page that it does not disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are generally available. That policy is standard for coordinated vulnerability disclosure, where researchers hold back exploit details to avoid giving attackers a roadmap before users can update. (security.apple.com) Anthropic used similar language in its Mythos disclosure. The company said it was “limited in what we can report” because over 99% of the vulnerabilities it had found were not yet patched, and that public discussion of those bugs would be irresponsible before vendors had time to respond. ### What does this show about Mythos itself? Anthropic’s system card for Mythos Preview says the model showed a “large increase in capabilities” and would not be made generally available. (support.apple.com) Instead, the company said it was restricting the model to a defensive cybersecurity program with a limited set of partners. Anthropic also said Project Glasswing would commit up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organizations. (red.anthropic.com) The company framed that effort as a way to give defenders earlier access to a model it believes can outperform all but the most skilled human researchers at finding and exploiting software vulnerabilities. That characterization is Anthropic’s, not an independent measurement across the industry. (www-cdn.anthropic.com) ### How would Apple handle a report like this from here? Apple’s April 16 support guidance tells researchers who discover security or privacy vulnerabilities in Apple products to report them through Apple Security Research. Apple’s bounty rules say a complete report must be the first actionable submission, include reliable reproduction steps and, for multi-step attacks, provide the full exploit chain in one report. (anthropic.com) Apple’s security releases page is where any eventual fix would be documented. As of May 13, Apple had posted recent advisories for macOS Tahoe 26.5, macOS Sequoia 15.7.7 and macOS Sonoma 14.8.7, while reiterating that it publishes details only after fixes are available. (support.apple.com 1) (support.apple.com 2)