Playbook
Tasteful Skills
“Tasteful Skills” argues that the best agent skills are not documentation or best-practice lists.
Back to Podcast Digest
everyone JUST got HACKED...
TL;DR
Claude Mythos helped crack Apple-grade security in five days — Wes says khif.io researchers used Anthropic’s Glasswing-access model to build a data-only kernel local privilege escalation chain against macOS 26.4.1 on Apple M5 hardware with Memory Integrity Enforcement enabled, then literally drove a 55-page paper report to Cupertino.
Google says the first AI-built zero-day used in the wild has already happened — according to Google Threat Intelligence, attackers used an LLM to generate a working Python exploit against a popular open-source web admin tool’s 2FA flow, and Google inferred AI involvement because the code included a nonsensical hallucinated CVSS score.
The scary part isn’t just discovery speed — it’s disclosure becoming dangerous — Wes argues Apple and Google stayed vague on purpose, because giving too many breadcrumbs now could let even weaker models reconstruct the exploit and turn a defensive disclosure into an attack manual.
Mythos is no longer the clear leader in AI hacking — Wes points to Microsoft’s “M-Dash,” an orchestrated system of 100+ models, beating Claude Mythos and GPT-5.5 Cyber on CyberGym, reinforcing the idea that multi-model orchestration outperforms one giant model brute-forcing everything.
Big defenders are acting like the wave is real, not hypothetical — Palo Alto says it found 75 vulnerabilities in its own products in one month, about 7x normal, and Dario Amodei warned Jamie Dimon there’s a 6–12 month window to patch thousands of issues before Chinese AI catches up.
Wes’s bottom line is practical: patch now, debate hype later — with JP Morgan, Goldman Sachs, Citi, Bank of America, and Morgan Stanley reportedly using Glasswing access, he frames this as the calm before the storm and urges viewers to update devices, tighten passwords, and limit blast radius if compromised.
The Breakdown
Apple got a printed 55-page warning at the front door
Wes opens on the image that makes the whole story memorable: researchers from khif.io drove to Apple’s Cupertino HQ and handed over a 55-page paper report. The bug was serious — a data-only kernel local privilege escalation chain targeting macOS 26.4.1 on Apple M5 hardware with Memory Integrity Enforcement turned on — meaning an unprivileged local user could potentially escalate to root and own the machine.
Mythos didn’t work alone, but it changed the pace
He’s careful on one point: Claude Mythos didn’t autonomously pull this off; it worked with human researchers. Still, that doesn’t make the result less wild — Michael Zalewski, a former Google security researcher, had described MIE as the product of half a decade of elite engineering, and Wes stresses that two researchers plus Mythos broke through it in five days.
Glasswing, bugmageddon, and the feeling that this is just the beginning
Wes ties the Apple case to Anthropic’s Project Glasswing, which gave around 50 trusted organizations early access to Mythos for defensive testing. His larger point is the acceleration: bugs that survived decades of audits are getting found fast enough that security people are tossing around terms like “bugmageddon,” and Dario Amodei is warning the really big wave may hit in 6 to 12 months.
Google says attackers already crossed the line
Then the tone gets darker. Wes contrasts the Apple story — good guys find, report, patch — with Google’s disclosure of what it called the first confirmed case of attackers using AI to build a zero-day exploit deployed in the wild, aimed at a popular open-source web admin tool and its 2FA-related Python functionality.
The giveaway was an LLM’s weird fingerprint
The detail Wes loves is how Google spotted AI involvement: the exploit code included a made-up CVSS severity score, something a real attacker wouldn’t bother adding to their own malware. His analogy is great — it’s like excavating an ancient artifact and finding a modern “stamp of authenticity” on it; the hallucination gave the model away.
OpenClaw, agentic malware, and autonomous attack workflows
Google also pointed to attackers experimenting with agentic tooling like OpenClaw and OneClaw, using vulnerable test environments to refine reliability before deployment. Wes underlines the shift in Google’s language: this is no longer just AI generating text or snippets, but models being integrated into malware for system navigation, decision-making, persistence, and command execution with minimal human supervision.
Mythos has competition — and Microsoft may have jumped ahead
Midway through, Wes flips the script: Claude Mythos may not even be the best hacking model anymore. He highlights Microsoft’s “M-Dash,” which he describes as 100-plus models working together and beating Mythos and GPT-5.5 Cyber on the CyberGym leaderboard, backing the broader claim that orchestration beats a single giant model.
Banks are patching hard while critics still call it hype
Wes closes on the split between elite defenders and skeptics. Palo Alto Networks reportedly found 75 vulnerabilities in one month — 7x normal after getting access to Mythos and GPT-5.5 Cyber — while banks like JP Morgan, Goldman Sachs, Citi, Bank of America, and Morgan Stanley are in “massive patching mode,” even as Barracuda’s Mythos Hype Index sits at 94 and says the public CVE surge hasn’t shown up yet. Wes’s answer is that public CVEs may lag because disclosure itself is becoming dangerous, so his practical advice is simple: update everything, tighten your security, and assume the calm before the storm is right now.
Share
Keep Reading
Two Ways to Follow
The Weekly Echo. The inbox-shaped summary of what mattered.
New editorials announced here.
