The Wall Street Journal (WSJ) reported on Thursday that Apple’s latest security system has been breached by Anthropic’s artificial intelligence (AI) model Mitos, raising concerns in the cybersecurity industry about a potential Bugmageddon.
According to the WSJ, researchers from the U.S. security firm Caliph used Anthropic’s Mitos to uncover security vulnerabilities in Apple’s macOS.
The researchers revealed that they successfully implemented an attack by linking two macOS bugs and various attack techniques to corrupt memory and gain access to typically restricted system privileges.
They explained that this attack constitutes a privilege escalation, which could allow hackers to gain full control over a computer.
The incident has sent shockwaves through the industry, as it managed to bypass Apple’s cutting-edge memory protection technology, developed over several years at considerable expense. The WSJ dubbed this potential crisis Bugmageddon.
Bugmageddon, a portmanteau of bug (security flaw) and Armageddon (end of the world), describes a scenario where AI discovers vulnerabilities at an unprecedented rate, potentially leading to the simultaneous exposure of numerous large-scale security flaws.
Last year, Apple unveiled its Memory Integrity Enforcement (MIE) technology, touting it as the result of an unprecedented five-year design and engineering effort. However, Caliph claims it took them merely five days to create the attack code using Claude.
It’s worth noting that this attack wasn’t solely the work of AI. Caliph’s Chief Executive Officer (CEO), Tai Duong, clarified that while Mitos excels at replicating existing attacks, it cannot independently devise novel attack techniques. He emphasized that human expertise was crucial in the process.
Nevertheless, the rapid advancement in vulnerability detection capabilities of the latest AI models poses a significant threat to the cybersecurity industry.
The WSJ reported that earlier this year, Mitos discovered over 100 high-risk vulnerabilities in the Firefox web browser in just two weeks. Industry experts estimate that it would typically take global security researchers about two months to uncover such a number of flaws.
The WSJ added that Caliph researchers have submitted a comprehensive 55-page report detailing the attack to Apple’s headquarters. Apple plans to disclose specific attack techniques after completing their patch.
