Apple Spent Years Building Its New Security Wall. AI Helped Break Through It In Five Days
Apple has spent years trying to make its devices harder to compromise. With its latest generation of iPhones and Macs, the company introduced one of its most ambitious defensive systems yet: Memory Integrity Enforcement, a hardware-backed protection designed to stop some of the most dangerous exploit chains before they can take control of a device.
It was meant to represent the next era of Apple security.
Then a three-person team, assisted by Anthropic’s Mythos AI, reportedly bypassed it in five days.
The team behind the exploit, Calif, a small security startup based in Palo Alto, says it used Mythos Preview to find bugs in Apple’s M5 chip and develop a working exploit against the latest M5-powered Macs. Apple spent five years developing Memory Integrity Enforcement, known as MIE. Calif says it took less than a week to demonstrate that even Apple’s most advanced protections are now facing a radically different threat landscape.
The result is not just another vulnerability disclosure. It is a warning about the future of cybersecurity in an age where AI systems can accelerate the work of skilled human hackers.
At the centre of the story is Apple’s new security architecture. Memory Integrity Enforcement works by assigning secret tags to memory allocations. If software tries to access protected memory without the right tag, the hardware blocks the attempt and logs the event. In theory, this makes many memory corruption attacks far harder to execute.
Apple has implemented MIE in the iPhone 17 and in its new M5 chips, which power the latest MacBook Pros. The company’s own research has suggested that the system can disrupt every publicly known exploit chain, including exploit kits known as Coruna and Darksword.
That makes Calif’s claim especially significant.
The startup says it developed a data-only kernel local escalation chain targeting macOS 26.4.1. In practical terms, that means the exploit begins with access to a normal user account and ends with the attacker gaining full control of the machine. According to Calif, the attack uses a combination of two exploits and multiple evasion techniques, and continues to work even with MIE active.
The company has released a short proof-of-concept video to demonstrate the exploit, but has not yet published the full technical details. A 55-page technical report is expected only after Apple begins rolling out a fix.
The most unsettling part of the disclosure is not simply that the researchers found a way around Apple’s defence. It is how quickly they say they did it, and the role AI played in the process.
Calif says Anthropic’s Mythos Preview model was not merely a passive assistant. It helped identify bugs, map the problem space and contribute across the exploit development process. According to the company, once Mythos had learned how to attack one class of problems, it could generalise that knowledge across similar vulnerabilities.
That is where the story becomes much bigger than Apple.
For decades, high-end exploit development has been a rare and expensive discipline. Breaking through a modern device’s defences required deep technical expertise, patience and time. Hardware-backed mitigations like Apple’s MIE were designed with that world in mind: one where elite attackers might eventually find a path through, but where doing so would be difficult enough to limit the number of people capable of the work.
Agentic AI threatens to change that balance.
If AI systems can rapidly identify patterns, test hypotheses and assist in exploit development, then the speed of vulnerability discovery may increase dramatically. Human expertise still matters. Calif has made clear that human judgement was essential to the process. But the division of labour is changing. AI can do the repetitive pattern recognition at speed, while humans focus on strategy, interpretation and decision-making.
That combination may prove powerful for defenders. It could help researchers identify flaws faster, patch critical systems earlier and strengthen software before attackers exploit it. But it could also help offensive teams move faster than vendors, maintainers and security operations teams can respond.
That is the central dilemma now facing the cybersecurity industry. The same technology that could help protect the internet may also make it easier to break.
Apple appears to be taking the report seriously. The company has reportedly met with Calif in person, and said it treats potential vulnerabilities as a serious priority. No patch has yet been released, according to the information currently available, which means the technical details remain under wraps while Apple works on a fix.
Anthropic, meanwhile, has limited access to Mythos Preview. The model was released as part of Project Glasswing, an initiative designed to give selected cybersecurity researchers early access to advanced AI tools for vulnerability discovery. The stated goal is to help experts find and fix critical software flaws before they can be abused.
That restricted access matters. If a tool like Mythos were widely available without controls, it could reshape offensive security overnight. Even with limited access, Calif’s experiment suggests the cybersecurity industry may already be entering a new phase.
The lesson is not that Apple’s security has failed. MIE may still represent a major advance in device protection. It may still block many known exploit chains and raise the cost of attack. But Calif’s work suggests that even the strongest modern mitigations were designed for a world that is disappearing quickly.
A defence that once might have taken months to study can now be interrogated by AI-assisted teams in days. A vulnerability class that once required years of specialised knowledge may become more accessible to people with the right model, the right prompts and enough technical judgement to guide the process.
That raises urgent questions for every major software and hardware company. How do you design security for a world where AI can rapidly map entire classes of weaknesses? How do you triage reports when automated discovery scales faster than human response? How do you stop defensive AI from becoming offensive acceleration?
For Apple, the immediate task is clear: verify the exploit, build a fix and protect users. For the wider industry, the challenge is more profound. Security teams will need to assume that attackers are no longer moving at human speed alone.
The phrase “AI bugmageddon” may sound theatrical, but it captures a real anxiety now spreading across the technology sector. AI is not just changing how people write code. It is changing how people break code, test defences and search for weaknesses in systems once thought to be among the most secure in the world.
Apple spent five years building Memory Integrity Enforcement. A small team, working with an advanced AI model, says it bypassed it in five days.
That imbalance is the story.
And it may only be the beginning.
Photo Credit: DepositPhotos.com