For five years, Apple engineers worked in near-total secrecy to build what they believed was an impenetrable wall around the memory of their most advanced silicon. It was a massive investment in hardware security designed to kill off an entire class of cyberattacks. It took a security firm and a preview version of an AI model just five days to tear it down.
In a striking demonstration of how generative AI is shifting the balance of power in cybersecurity, the Palo Alto-based firm Calif has successfully bypassed Memory Integrity Enforcement (MIE), the hardware-level protection integrated into Apple’s M5 and A19 chips. The breach, which effectively proves that AI sfonda le difese Apple, was achieved using Mythos Preview, a cutting-edge model from Anthropic.
The exploit represents a pivotal moment in the “arms race” between hardware hardening and automated vulnerability discovery. While Apple viewed MIE as the culmination of half a decade of engineering, the speed with which it was dismantled suggests that the traditional timeline for securing hardware is being compressed by AI.
The Anatomy of the Breach: From User to Root
The exploit developed by Calif is the first public demonstration of a successful bypass of MIE on active M5 hardware. The attack is particularly alarming because of its starting point: it begins with a local user who has no special privileges. From there, the process uses only ordinary system calls to navigate the architecture.
By leveraging two specific vulnerabilities and a series of sophisticated memory corruption techniques, the researchers were able to penetrate the kernel memoryāthe most sensitive part of the operating system. This allowed them to access system zones that are hardware-locked, eventually granting them a root shell, which provides total administrative control over the device.
The timeline of the attack highlights the efficiency of AI-augmented research. The process moved from discovery to a working exploit in less than a week:
| Date | Milestone | Key Contributor |
|---|---|---|
| April 25 | Initial bugs identified | Bruce Dang |
| April 27 | Team expansion and analysis | Dion Blazakis |
| April 29 | Custom tooling development | Josh Maine |
| May 1 | Full exploit functional | Calif Team |
Understanding MIE and the ARM MTE Foundation
To understand why this bypass matters, one must understand what MIE is designed to do. Memory Integrity Enforcement is built upon ARM’s Memory Tagging Extension (MTE), a technology that “colors” memory blocks and requires a matching key to access them. If the keys don’t match, the system triggers a fault, instantly blocking the attack.
Apple’s implementation of MIE was intended to render memory corruptionāthe most common and dangerous category of vulnerabilities in iOS and macOSāvirtually impossible. Internal tests had previously suggested that MIE could block every known public exploit chain, including high-profile kits like Coruna and DarkSword.
However, the Calif exploit proves that while MIE raises the cost of an attack, it does not eliminate the possibility. The breakthrough wasn’t the result of the AI acting alone, but rather a symbiotic relationship. Thai Duong, CEO of Calif, noted that while Mythos Preview is exceptional at generalizing known classes of problems, the actual act of bypassing MIE required human expertise to orchestrate the AI’s findings into a viable attack.
The Mythos Paradox: A Tool for Both Sides
The role of Anthropic’s Mythos Preview in this breach reveals a systemic irony in the tech industry. The same model that helped Calif break Apple’s defenses is being used by the industry’s biggest players to defend them. Apple itself is a participant in Project Glasswing, a closed program through which Anthropic provides selected partners with early access to its most powerful models.
This creates a paradoxical environment: Apple is using Mythos to find and patch holes in its own software, while independent researchers are using the same tool to find those holes first. This trend is not limited to Apple; Mozilla has reportedly utilized Mythos to resolve 271 vulnerabilities within Firefox 150, signaling a shift toward AI-driven maintenance.
This acceleration has led some experts to warn of a “Bugmageddon”āa period of unprecedented vulnerability discovery where the volume of found bugs exceeds the human capacity to patch them. Because MIE was engineered before the existence of Mythos Preview, the hardware was essentially designed for a pre-AI threat landscape.
Government Concerns and the Path to Oversight
The capabilities of models like Mythos have begun to alarm policymakers in Washington. Reports indicate that the White House initially expressed concern over Anthropic’s plans to expand access to the model, fearing that such power in the wrong hands could jeopardize national security infrastructure.
The U.S. Administration is reportedly considering a shift away from its previously permissive approach to AI development. Discussions are underway regarding a potential executive order that would grant the federal government direct supervision over the most advanced “frontier” models to ensure they are not used to develop cyber-weapons.
For now, the immediate focus remains on the remediation of the M5 vulnerability. In a move to ensure the report didn’t get lost in the digital noise of recent Pwn2Own submissions, Calif researchers hand-delivered a 55-page laser-printed report to Apple Park. Apple has since stated that security is its top priority and is currently verifying the results.
The full technical details of the bypass are expected to be released only after Apple has deployed the necessary patches to the affected hardware and software. The industry now waits to see if a software update can effectively shore up a hardware defense that was bypassed in a matter of days.
Do you think AI will eventually make hardware security obsolete, or will it simply force us to build smarter chips? Share your thoughts in the comments below.
