Key Takeaways
Security researchers have found a new method to bypass Apple Inc.'s advanced security measures, using an AI-assisted process to uncover two distinct bugs in the macOS operating system. The discovery by security firm Calif, aided by an early version of Anthropic's Mythos AI, marks a significant development in a new arms race between AI-powered offense and defense in cybersecurity.
"The technique is noteworthy because Apple has put so much effort into locking down MacOS," said Michał Zalewski, a former Google security researcher who reviewed Calif's research. Apple, which uses its own AI models to test for vulnerabilities, is reviewing the 55-page report. "Security is our top priority, and we take reports of potential vulnerabilities very seriously," a company spokeswoman said.
Researchers at the Palo Alto-based firm say their software links the two bugs to corrupt the Mac's memory, allowing access to parts of the device that should be inaccessible. This "privilege escalation" exploit, if combined with other attacks, could allow a hacker to seize control of the computer. The team built the code to exploit the vulnerabilities in just five days.
The finding adds weight to the growing concern among cybersecurity experts of a "Bugmageddon," a potential flood of newly discovered software vulnerabilities found by advanced AI models from firms like Anthropic and OpenAI. This could overwhelm corporate technology departments responsible for patching them and create an unprecedented level of cybersecurity risk, which has reportedly caused the White House to reconsider its approach to AI development and oversight.
The attack was not the work of AI alone. Thai Duong, chief executive of Calif, clarified that the exploit required the expertise of his human hackers. He noted that while Mythos is excellent at replicating attacks that have been documented before, "We haven’t seen cases where it comes up with new attack techniques." This successful exploit was a blend of human ingenuity and AI-driven analysis.
The vulnerabilities circumvented Apple's Memory Integrity Enforcement (MIE), a technology the company introduced last September as the "culmination of an unprecedented design and engineering effort, spanning half a decade." Calif researchers were so confident in their findings that they drove to Apple's Cupertino headquarters to present the report in person.
The use of AI to find such a high-level exploit in a hardened target like macOS has significant implications for the entire software industry. It suggests that the cost and time required to find critical vulnerabilities could decrease dramatically, forcing companies to invest more heavily in automated security testing and AI-based defensive measures.
For Apple, the news is a direct challenge to its reputation for security. The company's stock, trading at approximately 30 times forward earnings, showed little immediate reaction, but a successful exploit against its flagship operating system could impact consumer confidence. Calif plans to release the full details of the attack once Apple has patched the issues, which Duong expects will happen quickly.
This article is for informational purposes only and does not constitute investment advice.
