// Alert

Claude threat report

// ClaudeMEDIUM

EGW.News reported on 15 May 2026 that researchers at Palo Alto-based firm Calif used Anthropic's Claude Mythos Preview, distributed through Project Glasswing, to help discover and chain two previously unknown bugs in macOS 26.4.1 on Apple M5 silicon into a working data-only kernel local privilege escalation. The exploit reportedly bypasses Apple's hardware-backed Memory Integrity Enforcement (MIE), allowing an unprivileged local user to corrupt kernel memory and obtain root. Calif states it produced a working chain in five days and hand-delivered a 55-page report to Apple, which has issued a partial fix in macOS Tahoe 26.5 with a complete patch still pending. The researchers note human expertise was still required to complete the attack chain. The report is relevant to Claude because it demonstrates Mythos being used to accelerate offensive vulnerability discovery against a major OS.

// Get alerts for Claude