Researchers Claim Anthropic's Restricted Mythos AI Was Used to Breach macOS

What happened

On May 15, security researchers claimed they had compromised macOS using Claude Mythos, a restricted Anthropic AI model designed to find and exploit software vulnerabilities, according to Engadget. Apple, which is both the maker of macOS and a partner in Anthropic’s Project Glasswing cybersecurity initiative, is reportedly taking the claims seriously.

The allegation comes on the heels of an embarrassing access control failure. In late April, Anthropic confirmed it was investigating unauthorized access to Mythos through a third-party vendor environment. According to The Verge, a small group of unauthorized users gained access to the model—reportedly by guessing its online location using information about Anthropic’s other models exposed in a breach of Mercor, a vendor that works with the company. Anthropic said at the time that it had not detected breaches of its own systems beyond the vendor environment.

Mythos was unveiled in early April as part of Project Glasswing, a coalition that includes Apple, Amazon, Google, Microsoft, NVIDIA, and others. Anthropic said the model had already found thousands of high-severity vulnerabilities in every major operating system and web browser, and it was shared with select partners precisely because it was considered too dangerous for public release.

Why it matters

If the macOS claim holds up, it would mark one of the first confirmed cases of a restricted, offense-capable AI model being used to breach a major consumer operating system. The incident highlights the dual-use dilemma: the same tools built to harden software can be turned against it if they leak.

The episode also spotlights supply-chain risk. Anthropic’s own partners rely on third-party vendors to host and develop models, yet that vector appears to have exposed Mythos within days of its announcement. For Apple, the situation is particularly awkward. The company joined Project Glasswing to get ahead of AI-powered threats, only to find its own platform allegedly compromised by the very model it was meant to help evaluate.

Public reaction

Online discussion has been split between awe at Mythos’s reported capabilities and anxiety about its misuse. A widely viewed Reddit thread in r/OpenAI noted that Mythos appeared to land above trendline predictions for advanced AI, though commenters quickly pushed back on the statistical significance of that claim. Others raised broader concerns about the wisdom of building models powerful enough to exploit “every major operating system” when access controls have already failed once.

What to watch

Several critical details remain unconfirmed. It is unclear whether the researchers who claim the macOS breach obtained Mythos through the April unauthorized access incident, or through legitimate preview channels. Anthropic has not publicly detailed what macOS vulnerability was allegedly exploited, and Apple has not independently confirmed a successful intrusion. The next moves by both Anthropic and Apple—particularly any changes to Mythos access controls or partner agreements—will be telling.

Sources

• Engadget: Security researchers, aided by Anthropic's Mythos, claim to have breached macOS
• Decrypt: Apple Mac M5 System Exploited With Anthropic's Claude Mythos AI, Researchers Claim
• 9to5Mac: Anthropic unveils powerful Mythos AI model, working with Apple in cybersecurity initiative
• AOL: Anthropic investigating possible breach of its Mythos AI model
• The Verge: Anthropic’s Mythos breach was humiliating
• KQED: After a Potential Mythos Breach, Why Do Developers Use Such Powerful AI Models?