Researchers at cybersecurity firm Calif used Anthropic’s new frontier AI model called Claude Mythos Preview to uncover a new macOS security vulnerability last month, reports The Wall Street Journal. The tool is part of Anthropic’s recently announced Project Glasswing, an initiative that enables tech companies like Apple to use Claude Mythos Preview to find security vulnerabilities in operating systems and web browsers.
The researchers used the model to write code that links together two macOS bugs in a way that resulted in what is known as a privilege escalation exploit.
Apple said it was reviewing Calif’s report to validate the findings.
“Security is our top priority, and we take reports of potential vulnerabilities very seriously,” an Apple spokesperson told the publication.
While Apple hasn’t announced if it has patched the exploit. Apple’s security notes for the macOS 26.5 update released this week mention the following fix, crediting Calif and Anthropic for discovering it:
WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 310234
CVE-2026-28947: dr3dd
WebKit Bugzilla: 310544
CVE-2026-28946: Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox
WebKit Bugzilla: 312180
CVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic
However, the WSJ report said that Calif only met with Apple this week, while suggesting that a fix was on its way.