I think it&#x27;s worth to look at the recent XBOW benchmark: <a href="https:&#x2F;&#x2F;xbow.com&#x2F;blog&#x2F;mythos-offensive-security-xbow-evaluation" rel="nofollow">https:&#x2F;&#x2F;xbow.com&#x2F;blog&#x2F;mythos-offensive-security-xbow-evaluat...</a> they realized that ChatGPT 5.5 works better so the secret is in the architecture (including humans in the loop).

&gt; likely to be sorely disappointed if&#x2F;when they get their hands on Mythos.At first they will be delighted. So much money and time saved. When their adversaries get their hands on their system (with or without Mythos), then they&#x27;ll be sorely disappointed.

&gt; I thought Mythos was just a bunch of hype?My opinion is that it is over-hyped because like any LLM, it requires a suitable human in the loop to keep the LLM on the straight and narrow, and then to weed through the inevitable false-positives and hallucinations.Nicholas Carlini, for example, whose name is on many of the recent high-profile Mythos findings is not just some random dude with a Claude sub on his credit card .... he&#x27;s an experienced security researcher.Random inexperienced people thinking Mythos can replace the need for experienced pen-testers, auditors etc. are likely to be sorely disappointed if&#x2F;when they get their hands on Mythos.

So like ... I thought Mythos was just a bunch of hype? Or maybe the researchers are having their skills boosted due to using a model with such a cool name?I jest, but I did notice having more confidence to take on more ambitious work lately. We&#x27;re all centaurs now.

Did Mythos have access to Apple&#x27;s source code?&gt; Apple spent five years building it. Probably billions of dollars too.This seems higher than I&#x27;d expect.

This is incredibly light in details, no verifiable claim as far as I can tell.(I’m sure they’re not lying, but we’re not learning anything here)

how much do you think it is worth in the bug bounty program

This is an lpe I believe what you’re describing is a zero click rce.

from what they demonstrated, this seems to only be a $100,000 exploit in Apple&#x27;s bug bounty platform, but if they package it right, it could be a $1.5 million exploitThey simply have to show it against a beta version of MacOS, and frame it as unauthorized access, and maybe from locked mode if possible

The gamble is that you can cruise on the senior engineer’s diminishing understanding for a few years until models become good enough that you don’t need any humans in the loop and you can fire all those expensive seniors.

&gt; I&#x27;m hearing anecdotes from all over about devs pushing LLM-generated code changes into production without retaining any knowledge of what it is they&#x27;re pushing. The changes compound, their understanding of the codebase diminishes, and so the actions become riskier.I don’t think so.An LLM can produce higher-quality documentation than most humans. If it&#x27;s not already happening, when a new developer joins a team, they&#x27;re going to have an LLM produce any documentation a new developer needs, including why certain decisions were made.It could also summarize years of email threads and code reviews that, let&#x27;s face it, a new person wouldn’t be able to ingest anyway; it&#x27;s not like a new developer gets to take a week off to get caught up on everything that happened before they got there. English not their first language? Well, the LLM can present the information in virtually any language required.As the models continue to improve, they&#x27;ll spot patterns in the code that a human wouldn’t be able to see.

is this exciting?juniors have been writing code forever that is imperfect and not memorized by the people reviewingisnt the important thing the mechanisms for maintaining the code?

&gt; The world is so not ready for the impact of LLMs on security issues.I agree, but it&#x27;s the people I&#x27;m worried about.I&#x27;m hearing anecdotes from all over about devs pushing LLM-generated code changes into production without retaining any knowledge of what it is they&#x27;re pushing. The changes compound, their understanding of the codebase diminishes, and so the actions become risker.What&#x27;s worse is a lot of this behavior is being driven by leaders, whether directly (e.g. unrealistic velocity goals, promoting people based on hand-wavy &quot;use AI&quot; initiatives, etc) or indirectly (e.g. layoffs overloading remaining devs, putting inexperienced devs in senior rolls, etc).The world&#x27;s gone mad and large swaths of the industry seem hellbent on rediscovering the security basics the hard way.

Most companies in the world do not have “blue teams”. They barely have any kind of security employee.

Not at all. I’m considering that the amount of vulnerable software in the wild is very, very large, with most organizations not managing their systems properly. Imagine all the small to medium size companies that do not have budgets for a dedicated, talented security team. And all the software that will never be patched. We are at the beginning of the exponential

you&#x27;re assuming that blue teams and engineers are sitting around twiddling their thumbs

The world is so not ready for the impact of LLMs on security issues. If true, congrats to the Calif team. It’s likely too technical for me to understand in details but looking forward to reading the 55 pages report

Memory Tagging ExtensionArm published the Memory Tagging Extension (MTE) specification in 2019 as a tool for hardware to help find memory corruption bugs. MTE is a memory tagging and tag-checking system, where every memory allocation is tagged with a secret. The hardware guarantees that later requests to access memory are granted only if the request contains the correct secret. If the secrets don’t match, the app crashes, and the event is logged. This allows developers to identify memory corruption bugs immediately as they occur.<a href="https:&#x2F;&#x2F;support.apple.com&#x2F;guide&#x2F;security&#x2F;operating-system-integrity-sec8b776536b&#x2F;web" rel="nofollow">https:&#x2F;&#x2F;support.apple.com&#x2F;guide&#x2F;security&#x2F;operating-system-in...</a>

Quite strange indeed, given that was one of the main points on their security conference a few months ago.

could be a different type of data only attack, which doesnt override the boundaries

Upon further reading on data only attacks(<a href="https:&#x2F;&#x2F;www.usenix.org&#x2F;publications&#x2F;loginonline&#x2F;data-only-attacks-are-easier-you-think" rel="nofollow">https:&#x2F;&#x2F;www.usenix.org&#x2F;publications&#x2F;loginonline&#x2F;data-only-at...</a>)This makes more sense. You don&#x27;t trigger MTE since you&#x27;re not doing anything for force MTE to take action the program isn&#x27;t actually changing.My other question would be, why didn&#x27;t apple use fbounds checking here? They&#x27;ve been doing it aggressively everywhere else.MTE plus fbounds checking everywhere should lead to an extremly hardened OS

IIRC, the GPU is behind a memory controller, so I doubt corrupting GPU memory alone could lead to an LPE. But I suppose it would give you someplace to store stuff if you can make something else read from it.

GPU memory&#x2F;shaders&#x2F;etc. isn&#x27;t protected by MTE or PAC. They said &quot;data-only&quot;, so I guess GPU commands could fit into this description.

&gt; I&#x27;m very curious how the bug survived through MTEIts not the first time bugs get past MTE, happened with Google Pixel last year ... <a href="https:&#x2F;&#x2F;github.blog&#x2F;security&#x2F;vulnerability-research&#x2F;bypassing-mte-with-cve-2025-0072&#x2F;" rel="nofollow">https:&#x2F;&#x2F;github.blog&#x2F;security&#x2F;vulnerability-research&#x2F;bypassin...</a>

I had the same question and if this is a data-only attack, the lesson may be that MIE reduces many attack paths but does not remove every useful corruption primitive

unfortunately a little light on the details. I&#x27;m very curious how the bug survived through MTE

Suppose the following:1. Any given system has a finite number of findable vulnerabilities.2. All findable vulnerabilities are fixable (if not in software then with a new hardware revision).3. Fixing a vulnerability while keeping the same intended functionality introduces on average less than 1 other findable vulnerability.4. It is possible to cease adding new features to a system and from that point forward only focus on fixing vulnerabilities.If all 4 are true, then perfect security seems possible, in some sense. I think some vulnerabilities might not be fixable, if you include things like the idea that users can be tricked into revealing their passwords. If you restrict the definition of vulnerability to some narrower meaning that still captures most of what people mean when they say computer vulnerability, then I think those 4 statements are probably true.Perfect security might be near impossible in practice because vulnerabilities will get more difficult to find and fix over time, but I think we should expect the discovery of vulnerabilities to eventually become arbitrarily slow in a hypothetical system that prioritized security above all else.

I would rather claim that building a theoretically secure system is prohibitively expensive. At the end of the day, Mythos et al. are just better tools for finding vulnerabilities that will eventually be available to both offensive and defensive actors.If you imagine you had a vulnerability scanner as fast and convenient as a linter, it would be much cheaper to write secure code right away. Probably not perfectly secure, but still secure enough to make sure finding exploits stays expensive.

another &quot;obscurity&quot;: I&#x27;m not valuable enough to be attacked, compared with the cost.
But what if cost has been reduced a lot?

Maybe it&#x27;s physically impossible to build a theoretically secure system, just as it&#x27;s (presumably) impossible to have a cell that isn&#x27;t susceptible to any virus. Maybe this whole time we&#x27;ve been getting away with a type of security by obscurity, where the obscurity is just no one having the time and focus to actually analyze the code.

Do you mean by vibecoding these vulnerabilities into the kernel or by finding them?

LLMs are going to produce amazing Rube Goldberg style vulnerabilities for years to come. It&#x27;s already starting, this instance isn&#x27;t the case, but it&#x27;s happening.

They certainly are, one of the reasons behind Embedded Swift is to replace iBoot firmware currently written in a C dialect similar in ideas to Fil-C, with something better.However it is no different from the Linux kernel, just because Rust is now allowed, the world hasn&#x27;t been rewriten, and no sane person is going to do a Claude rewrite of the kernel.

Swift is definitely being used at apple. Most recently added as a CSS parser in safari and running embedded in some of the secure enclave parts. I know there was talk from as far back as strangeloop to get it in the kernel but I&#x27;m not sure how far that has gone. That being said they&#x27;ve been huge proponents of fbounds check in clang which can achieve a small portion (but important!) of what memory safe languages can do. I&#x27;d also like to see more swift or alternative adoptions I think they have potential and more competition in the safe language space is always welcome.

You might be interested in the Strict Memory Safety option<a href="https:&#x2F;&#x2F;docs.swift.org&#x2F;compiler&#x2F;documentation&#x2F;diagnostics&#x2F;strict-memory-safety&#x2F;" rel="nofollow">https:&#x2F;&#x2F;docs.swift.org&#x2F;compiler&#x2F;documentation&#x2F;diagnostics&#x2F;st...</a>

I’m surprised Apple is still not dogfooding their allegedly safe language Swift. Or was the whole exercise of Swift 6 mostly marketing

You shouldn’t, MTE blocks a large chunk of vulnerabilities and makes things like rop and jop very difficult if not impossible now.

you should worry about npm&#x2F;pypi malware, not memory corruption bugs

I bought the M5 specifically cause of MIE. Now I feel dumb.

Did the article get edited? There is not much description of the field trip.

First public macOS kernel memory corruption exploit on Apple M5