Apple’s own security release notes for macOS 26.5 already credit a cybersecurity firm called Calif and Anthropic for finding a kernel-level vulnerability.
But according to a report, California researchers only sat down with Apple to discuss the findings this week.
So Apple may have quietly patched a flaw before the people who found it even had a formal conversation about it.
That timeline gap is strange, and it raises a question worth chewing on. If security patches are shipping faster than disclosure conversations are happening, what does that tell us about how Apple is monitoring these things on its own?
Either they independently spotted the same bug, or the process is moving in ways that do not quite follow the traditional responsible disclosure playbook.
The Calif researchers used Anthropic’s Claude Mythos Preview model, which is part of a program called Project Glasswing designed to help tech companies hunt for software weaknesses.
The trick was getting the AI to write code that connected two separate macOS bugs in sequence, turning two minor issues into a privilege escalation exploit.
That means someone starting with a normal unprivileged account could theoretically end up with root access.
Worth noting, though: the researchers were clear that Claude did not do this solo. Their own expertise was still needed to make the chain work.
The AI handled the connective tissue, the humans supplied the judgment about where to look and what mattered.
For years, discovering this kind of chained exploit required someone with deep, specialized knowledge of how operating system internals behave.
The barrier was high enough that most attackers simply could not get there. What Claude Mythos Preview demonstrated is that the connective work, the part where you stitch two bugs together into something dangerous, can now be partially offloaded to a model.
That lowers the bar in ways that security teams are only beginning to map out.
Apple told the Journal it takes vulnerability reports seriously and was reviewing Calif’s submission. A patch may already be live.
