Brief IA

Claude Mythos and Calif Breach Mac M5 Security

🤖 Models & LLM·Tom Levy·

Claude Mythos and Calif Breach Mac M5 Security

Claude Mythos and Calif Breach Mac M5 Security
Key Takeaways
1The Calif team managed to bypass the Memory Integrity Enforcement protection of M5 Macs in just five days.
2Apple invested five years in developing this protection, introduced with the A19 chips of the iPhone 17.
3The AI Mythos assisted the researchers, speeding up the process without replacing human expertise.
💡Why it mattersThis breakthrough calls into question the effectiveness of long-term investments in hardware security in the face of AI.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

A Breakthrough in Cybersecurity on macOS M5

The Calif research team has recently made a significant advancement in cybersecurity by developing the first public kernel exploit on macOS M5. This achievement has allowed them to bypass Memory Integrity Enforcement (MIE), a protection that Apple had touted as a major security breakthrough. While the AI Claude Mythos assisted the team, it was the human researchers who led the operation.

Apple dedicated five years and likely several billion dollars to the design of MIE, which was introduced in September 2025 with the A19 chips of the iPhone 17 and extended to MacBooks equipped with the M5 chip. This technology relies on ARM's Memory Tagging Extension, which assigns a hardware tag to each memory allocation, causing a crash in case of a mismatch. Apple claimed that this protection rendered all known exploit chains obsolete, including the Coruna and Darksword kits.

An Exploit Achieved in Five Days

On May 14, 2026, the Calif team, led by Thai Duong, published a detailed account of their exploit on their Substack blog. The vulnerabilities were identified on April 25, and the functional exploit was finalized on May 1. In just five days, the team managed to obtain a root shell from a non-privileged user account using only standard system calls.

A 55-page technical report was submitted to Apple Park, accompanied by a 20-second video demonstrating the execution of the exploit on a MacBook M5 running macOS 26.4.1. Calif has not published the report or the source code, as Apple is currently reviewing it. No CVE has been assigned as of May 15.

The Impact of AI in Security Research

Although AI Mythos played a role in identifying bugs and developing the exploit, the design of the attack chain and the bypassing of MIE were carried out by human researchers. What is notable is the speed at which the exploit was developed. While Apple took five years to design MIE, the Calif team managed to circumvent it in five days with the help of AI.

Historically, exploits of this magnitude took months of work. For example, Kaspersky's Triangulation operation in 2023 required several quarters of investigation, and NSO Group's spyware Pegasus relied on zero-click vulnerabilities accumulated over years.

This situation raises questions about the viability of long-term investments in hardware security. The European Cyber Resilience Act, which imposes security obligations on manufacturers, will need to take this new dynamic into account.

In France, approximately 1.2 million professional MacBooks are active. Teams like Quarkslab and Synacktiv are working on similar research. An Apple patch is expected, but the next generation of MIE will have to contend with tools that did not exist at the time of its initial design.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.