Claude Mythos Allegedly Bypasses Apple’s $2B Security via Data Poisoning

Claude Mythos seems to have bypassed Apple’s roughly $2B security system. And via a completely different attack vector.

According to the researchers, finding the vulnerability took only 5 days and about $35K in spending on the Mythos API. For comparison, exploits of this class on the gray market are usually valued in the $5–10M range.

The team that reproduced the attack prepared a 55-page report and personally delivered it to Apple’s headquarters. There is hope that the materials will be published after the patch is released.

Most interesting: Apple’s MIE mechanism, judging by the description, really worked the way it was intended to. The problem is that Mythos found a way to completely bypass the protection via poisoning the data fed into the M5 chip.

At this stage, it’s becoming increasingly difficult to perceive Mythos as just another demonstration of capabilities on paper.

As Anthropic’s red-team explicitly confirmed this week:

the issue is no longer about compute. It’s about national security.