Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool

[MacRumors]

Anthropic recently announced Project Glasswing, an initiative that enables tech companies like Apple to use its new frontier AI model Claude Mythos Preview to find security vulnerabilities across operating systems and web browsers.

The Wall Street Journal today reported that researchers at cybersecurity firm Calif used Claude Mythos Preview to uncover a new macOS security vulnerability last month. Specifically, they used the model to write code that links together two macOS bugs in a way that resulted in what is known as a privilege escalation exploit.

The security researchers said the exploit would not have been possible with Mythos alone, as it still required their human expertise on top, but it nevertheless proves that AI can assist with discovering software vulnerabilities.

Apple said it was reviewing Calif's report to validate the findings.

"Security is our top priority, and we take reports of potential vulnerabilities very seriously," an Apple spokesperson told The Wall Street Journal.

It is unclear if Apple has already patched the exploit. Apple's security notes for the macOS 26.5 update released this week mention a fix for a kernel-level vulnerability, and it credits Calif and Anthropic for discovering it. Yet, the report said that Calif only met with Apple this week and suggested that a fix was still coming.

We have reached out to Apple for comment.

Article Link: Apple Alerted to macOS Security Vulnerability Uncovered With AI Tool

 

[Shalev Lazarof]

Great to hear.

 

[I7guy]

Just finished the WSJ article. Bugmaggeden.

 

[Astuces iOS]

Look useful ai ok I take it... but can we remove image playground?

 

[now i see it]

If researchers can use ai tools to identify vulnerabilities- so can nation state hackers, and likely small time hackers too.
The arms race towards computing Armageddon has just begun.

 

[masterin]

Bug bounty programs will get complicated… if AI found the vulnerability who gets the reward? 🤑 The user? The model owner? George RR Martin? 🤔

 

[thebitguru]

Bug bounty programs will get complicated… if AI found the vulnerability who gets the reward? 🤑 The user? The model owner? George RR Martin? 🤔

I would say the user should. They are already paying for the model, and the model vendor is charging whatever was reasonable for them.

 

[parameter]

I'm going back to pencil and paper.

 

[AppleWes]

If researchers can use ai tools to identify vulnerabilities- so can nation state hackers, and likely small time hackers too.
The arms race towards computing Armageddon has just begun.

I'm sure it's been tested but also if one AI is placed "head to head" against another, or maybe I've just seen too many SiFi moves. 🤪🤖

 

[H2SO4]

If researchers can use ai tools to identify vulnerabilities- so can nation state hackers, and likely small time hackers too.
The arms race towards computing Armageddon has just begun.

I suspect they'll be able to use AI tools also to create vulnerabilities.

 

[btrach144]

Companies will need to increase their agility on resolving these findings. It’s going to create a backlog that’ll last for years if they move at their current pace.

 

[gaggle]

If researchers can use ai tools to identify vulnerabilities- so can nation state hackers, and likely small time hackers too.
The arms race towards computing Armageddon has just begun.

You're not wrong in your intuition that this levels the playing-field on finding exploits, but the end result should be the opposite: The more stress testing, the safer the code. And there languages and techniques that fundamentally evaporate entire classes of bugs, and if enough bugs are found in existing solutions it can prompt maintainers to perform such upgrades. It has a hint of evolution to it: The strong and adaptable solutions will survive. It doesn't have to a pretty journey, I'm not claiming it'll be rainbows and unicorns, but directionally not an armageddon.

 

[turbineseaplane]

The security researchers said the exploit would not have been possible with Mythos alone, as it still required their human expertise on top, but it nevertheless proves that AI can assist with discovering software vulnerabilities.

Good to know we are still needed ... for today at least.

 

[k1121j]

I love how this went from Ai discovers bugs to Ai can assist in finding bugs.

It’s the theme of the entire Ai industry right now. Over promised and under delivered

 

[turbineseaplane]

I love how this went from Ai discovers bugs to Ai can assist in finding bugs.

It’s the theme of the entire Ai industry right now. Over promised and under delivered

Lest we forget about “AI creating bugs”, which I guarantee you is happening.