First Public M5 Kernel Exploit Uses Anthropic's Mythos to Bypass Five Years of Apple Security

Researchers disclosed the first public macOS kernel memory corruption exploit on M5 silicon that survives Apple's Memory Integrity Enforcement (MIE). The team used Anthropic's Mythos Preview to bypass five years of Apple security hardening in just five days, raising significant questions about AI-assisted vulnerability discovery.

Five-Day Development Timeline from Discovery to Working Exploit

The researchers completed the exploit in less than a week:

April 25, 2026: Initial bugs discovered
April 27, 2026: Dion Blazakis joined the team
May 1, 2026: Working exploit completed
May 14, 2026: Public disclosure announced

The exploit starts from an unprivileged local user account and escalates to a root shell using standard system calls. It targets macOS 26.4.1 (25E253) and works on bare-metal M5 hardware with kernel MIE enabled.

Mythos AI Generalized Attack Techniques Across Bug Classes

According to the researchers, "Mythos Preview is powerful: once it has learned how to attack a class of problems, it generalizes to nearly any problem in that class, and discovered the bugs quickly because they belong to known bug classes."

The exploit uses:

Two vulnerabilities and several exploit techniques
Data-only kernel local privilege escalation chain
Methods that survive Apple's Memory Integrity Enforcement, a major security feature introduced to prevent exactly this type of attack

Responsible Disclosure Despite Public Announcement

The researchers have prepared a 55-page technical report on the hack but won't release it until Apple ships a fix for the exploit. This represents responsible disclosure despite the public announcement.

The story reached 238 points on Hacker News with 41 comments. Multiple tech outlets covered the story including 9to5Mac, AppleInsider, and Yahoo Tech.

Key Takeaways

Researchers disclosed the first public M5 kernel exploit that bypasses Apple's Memory Integrity Enforcement
Anthropic's Mythos Preview helped develop the exploit in just five days after initial bug discovery on April 25, 2026
The exploit escalates from unprivileged local user to root shell on macOS 26.4.1 with kernel MIE enabled
Mythos AI generalized attack techniques across bug classes to quickly discover vulnerabilities
A 55-page technical report will remain private until Apple ships a security fix

Five-Day Development Timeline from Discovery to Working Exploit

The researchers completed the exploit in less than a week:

April 25, 2026: Initial bugs discovered

April 27, 2026: Dion Blazakis joined the team

May 1, 2026: Working exploit completed

May 14, 2026: Public disclosure announced

Mythos AI Generalized Attack Techniques Across Bug Classes

The exploit uses:

Two vulnerabilities and several exploit techniques

Data-only kernel local privilege escalation chain

Methods that survive Apple's Memory Integrity Enforcement, a major security feature introduced to prevent exactly this type of attack

Responsible Disclosure Despite Public Announcement

The story reached 238 points on Hacker News with 41 comments. Multiple tech outlets covered the story including 9to5Mac, AppleInsider, and Yahoo Tech.

Key Takeaways

Researchers disclosed the first public M5 kernel exploit that bypasses Apple's Memory Integrity Enforcement

Anthropic's Mythos Preview helped develop the exploit in just five days after initial bug discovery on April 25, 2026

The exploit escalates from unprivileged local user to root shell on macOS 26.4.1 with kernel MIE enabled

Mythos AI generalized attack techniques across bug classes to quickly discover vulnerabilities

A 55-page technical report will remain private until Apple ships a security fix