Apple devices have earned a reputation for being tough to break into. That comes from Apple’s tight control over the hardware, software and many of the protections standing between you and an attacker. However, a new claim from security startup Calif shows how quickly the cybersecurity world may be changing.

Calif says a small team of researchers used a preview version of Anthropic’s Claude Mythos to help build a working macOS kernel exploit against Apple’s new M5 chip protections in less than a week. A kernel exploit targets the core part of an operating system, which controls how your device runs and what apps can access.

The company says the exploit survived Apple’s Memory Integrity Enforcement, or MIE, a security feature designed to make memory-based attacks much harder on newer chips. The bigger concern is speed. Artificial intelligence may help skilled researchers find serious software flaws faster than ever before, which means scammers and cybercriminals could eventually use similar tools to find weak spots before companies have time to patch them.

CHINESE HACKERS TURNED AI TOOLS INTO AN AUTOMATED ATTACK MACHINE

Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)

Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com.

Apple M5 AI exploit claim explained

Calif says its researchers built what it describes as the first public macOS kernel memory corruption exploit on M5 silicon with MIE enabled. The company says the attack targets macOS 26.4.1 on Apple M5 hardware.

It begins with a regular local user account and ends with root access. Root access gives someone the highest level of control on a Mac. That could let an attacker change system settings, reach sensitive files or run commands with powerful permissions.

That sounds alarming, but it needs context. Calif described this as a local privilege escalation chain. In everyday terms, an attacker would already need some way to get code running on the Mac first. This type of attack would more likely follow another step, such as a malicious download or compromised installer. Once bad code gets that first foothold, a privilege escalation bug can help it dig much deeper.

SHAMOS MALWARE TRICKS MAC USERS WITH FAKE FIXES

Why Apple M5 security protections matter

Memory corruption bugs have been a favorite target for attackers for years. These flaws can let attackers crash software, steal data or take over parts of a system.

Apple’s Memory Integrity Enforcement was designed to make that type of attack far more difficult. Apple says MIE uses hardware-assisted memory safety protections on A19 and M5 processors or later. In simpler terms, MIE helps the chip and operating system check whether software touches memory in suspicious ways. That makes many older attack tricks harder to pull off.

That is why Calif’s claim warrants attention. The researchers say they found a way around those protections with help from Mythos Preview. That suggests AI could speed up the hunt for flaws, even in systems with advanced built-in defenses.

AI CYBERSECURITY RISKS AND DEEPFAKE SCAMS ON THE RISE

How Claude Mythos helped find Apple bugs

Calif says Mythos Preview helped identify the bugs and assisted throughout exploit development. The company also made clear that human expertise still mattered.

According to Calif, Mythos found the bugs quickly because they belonged to known bug classes. However, bypassing Apple’s new protection required experienced researchers.

Think of it this way: AI helped point the researchers toward weak spots. People still had to understand how to turn those findings into a working exploit. That makes the story more concerning because AI may help skilled teams move much faster.

FORMER GOOGLE CEO WARNS AI SYSTEMS CAN BE HACKED TO BECOME EXTREMELY DANGEROUS WEAPONS

Mozilla has already seen similar potential. The organization said an early version of Claude Mythos Preview helped identify 271 vulnerabilities fixed in Firefox 150. Mozilla said those findings came during an evaluation of the model’s ability to help with security work.

So the bigger story goes beyond Apple. Advanced AI tools may give security researchers more speed. Those same tools could eventually help attackers search for software flaws faster, too.

Why the Apple M5 AI exploit should worry Mac users

Most people do not think about kernel exploits when they open up their laptops. They think about email, work and family photos. That is exactly why this story hits closer to home than it may seem.

If researchers can find high-impact bugs faster with AI, attackers may eventually try to do the same. The unsettling part is the speed. A flaw that once took months to discover might surface much sooner when AI helps scan code and suggest attack paths.

Calif called its work “a glimpse of what is coming.” That may sound dramatic, but the warning is easy to understand. Cybersecurity teams may need AI to defend systems as quickly as attackers use AI to search for weak spots.

 MAC MALWARE MAYHEM AS 100 MILLION APPLE USERS AT RISK OF HAVING PERSONAL DATA STOLEN

What the Apple M5 exploit means to you

This does not mean your Mac has suddenly become unsafe. Apple’s security model remains one of the strongest in consumer tech. It also does not mean MIE failed as a protection. No security feature blocks every attack forever.

DON’T IGNORE APPLE’S URGENT SECURITY UPDATE

However, updates now matter more than ever. Calif says it shared its findings with Apple and plans to release full technical details after Apple ships a fix. That is how responsible disclosure should work. Researchers report the issue first, the company investigates it, and users get a patch before attackers get a roadmap.

We reached out to Apple for comment, but did not hear back before our deadline.

That brings us to this: what you can do now to lower your risk.

10 SIMPLE CYBERSECURITY RESOLUTIONS FOR A SAFER 2026

How to protect your Mac from AI-powered attacks

You do not need to become a cybersecurity expert to lower your risk. A few smart habits can make it much harder for attackers to get the access they need.

1) Keep macOS updated

Start with software updates. On your Mac, go to Apple menu > System Settings > General > Software Update. Install any available macOS updates. Also, turn on automatic updates where possible. This helps your Mac get important security fixes without waiting for you to remember.

2) Avoid suspicious downloads

Be careful with apps from links, pop-ups or unfamiliar websites. If an attacker needs code running on your Mac first, a fake app can become the front door. Download apps from the Mac App Store or directly from trusted developers. Also, pause before opening installers sent through email or social media links. Strong antivirus software can add another layer of protection by helping detect malicious downloads, suspicious links and scam websites before they put your Mac at risk. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

3) Check app permissions

Review which apps have access to sensitive parts of your Mac. Go to Apple menu > System Settings > Privacy & Security and check permissions for areas such as Accessibility, Camera, Microphone and Screen Recording. Remove access for apps you do not recognize or no longer use. These permissions can give apps powerful reach across your device.

4) Use strong Apple Account protection

Turn on two-factor authentication (2FA) for your Apple Account. This adds another layer of protection if someone steals or guesses your password.  Also, use a strong, unique password. Do not reuse the same password you use for email or banking. A password manager can help create and store unique passwords for each account, so you do not have to remember them all yourself. Check out the best expert-reviewed password managers of 2026 at CyberGuy.com.

5) Keep browsers and extensions updated

Your browser is one of the most common places where attacks begin. Keep Safari, Chrome, Firefox or any other browser updated. Then, review your browser extensions. Remove anything you do not use or do not recognize. A shady extension can track your activity, inject ads or collect sensitive data.

Safari: Open Safari > Settings > Extensions. Uncheck any extension you do not recognize or select it and click Uninstall. Safari extensions update automatically with their apps.

Chrome: Open Chrome > three dots > Help > About Google Chrome to check for updates. To review extensions, go to Chrome > three dots > Extensions > Manage Extensions. Remove anything suspicious or unnecessary.

Firefox: Open Firefox > Firefox menu > About Firefox to check for updates. To review add-ons, go to Firefox > Add-ons and themes > Extensions. Remove anything you do not recognize. Firefox recommends keeping add-ons set to update automatically.

6) Watch for fake security alerts

Scammers love fake pop-ups that claim your Mac has a virus. These alerts often push you to download software or call a fake support number. Do not click the warning or call the number on the screen. Close the tab or quit the browser. If you feel unsure, restart your Mac and check for updates through System Settings.

7) Back up your Mac

Use Time Machine or another trusted backup method. A recent backup can help you recover if malware damages files or locks you out. Keep at least one backup separate from your Mac. That way, a device problem does not take your backup down with it.

8) Restart your Mac regularly

Many people leave their Macs running for weeks. A restart can help clear temporary processes and apply pending updates. A restart will not solve every security problem, but it can help your Mac finish updates and clear out processes that no longer need to run.

FBI WARNS OVER 1 MILLION ANDROID DEVICES HIJACKED BY MALWARE

Kurt’s key takeaways

Apple built serious protections into its newest chips, and that still matters. But Calif’s claim shows that even the strongest consumer security systems now face a new kind of pressure. AI is starting to change the speed of vulnerability research. For you, the lesson is this. Keep your Mac updated. Be careful what you install. Review the apps that have deep access to your system. The age of “set it and forget it” security is fading fast. Your device may be smart, but the tools looking for its weak spots are getting smarter too.

If AI can help a small team challenge Apple’s newest defenses in days, should companies be required to disclose how they are using AI to find and fix security flaws before attackers do? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Americans 60 and older filed 201,266 complaints with the FBI’s Internet Crime Complaint Center in 2025 and reported $7.7 billion in losses, the highest total of any age group. The average loss for older victims was nearly $38,500, almost double the figure for younger filers. The Federal Trade Commission’s December 2025 report to Congress estimated that the overall cost of fraud to older adults in 2024 ranged from $10.1 billion to $81.5 billion, depending on how underreporting is measured.

Two decades of breach dumps now sit between your parents and the systems still verifying them by date of birth, mailing address and the last four of a Social Security number. The same fields clear a bank’s call center, and they’re enough to register a Medicare account that your parents haven’t claimed online. Locking those checks down has fallen to the adult children. Most of it is an afternoon’s work.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join. 

YOU HAVE A CREDIT FREEZE. IT STILL ISN’T ENOUGH

Why older parents face higher identity theft risks

Older parents hold accounts at more institutions than their adult children do: banks, brokerages, Medicare, Social Security, pension administrators and mortgage holders. Each has its own verification process. A scammer who clears one of them finds a larger balance waiting on the other side.

Combined losses reported by older adults who lost more than $100,000 climbed from $55 million in 2020 to $445 million in 2024, an eightfold jump according to the FTC.

AI voice cloning has made phone calls one more verification step a scammer can clear. The FBI counted $893 million in AI-related scam losses in 2025, with victims 60 and over accounting for $352 million. A few seconds of public audio, whether from a voicemail greeting, a church livestream or a TikTok comment, is enough to recreate a grandchild’s voice on a phone call to a parent.

Before you start locking anything down, sit down with your parent and make sure they understand each step. The goal is to help them stay protected, not take control away from them. 

Start with credit, tax and mail protections

All four steps below run through the credit bureaus, the IRS or USPS. Each is free and takes under fifteen minutes.

• Freeze their credit at Equifax, Experian and TransUnion. Each bureau is handled separately. Freezes have been free since 2018 and can be lifted online when they apply for credit.
• Pull an IRS Identity Protection PIN for them at irs.gov/ippin. The six-digit PIN blocks fraudulent federal tax returns filed against their SSN, and a new PIN is issued each calendar year.
• Enroll them in USPS Informed Delivery before someone else does. Postal inspectors have flagged cases where criminals registered victims at usps.com to preview valuable mail, including replacement credit cards and benefit letters.
• Opt them out of pre-screened credit offers at optoutprescreen.com. A mailed form makes the opt-out permanent.

A credit freeze blocks new credit applications. An IP PIN blocks fraudulent tax returns. Neither keeps an eye on credit files after the fact, so consider adding credit monitoring for all three bureaus. Alerts can help your family spot suspicious activity faster and decide which account to lock down first.

HOSPICE FRAUD USES STOLEN IDENTITIES FOR FAKE PATIENTS

Claim federal accounts before scammers do

Pre-register a my Social Security account at ssa.gov in their name. Do the same at MyMedicare.gov if they qualify. Once those accounts exist, no one else can open them using their SSN. State Medicaid portals work the same way.

Also, help them turn on two-factor authentication (2FA) for important accounts and store passwords in a trusted password manager. Reused passwords make it easier for scammers to move from one exposed account to another.

Medicare Summary Notices arrive quarterly when there are covered services. Read each one with your parents for charges they don’t recognize. The Senior Medicare Patrol, a federally funded program in every state, will walk through suspicious billing with families at no charge.

In a Medi-Cal hospice case charged this April in California, prosecutors said operators bought SSNs from breach dumps and enrolled non-California residents as terminally ill hospice patients, then billed the state for visits that never happened. The fraud first appeared in beneficiary statements.

Credit monitoring can also help spot signs that personal information has already surfaced online. Some services scan the dark web, data broker sites and people-search sites for Social Security numbers, addresses, driver’s license numbers and other identifiers. Alerts can show what was found and where, helping you decide which account to lock down first.

Create a family script for suspicious calls

None of the protections above stops a phone call. Two small habits can help.

• Set a family code word. If a grandchild calls in trouble and cannot say the word, the call ends. The code is a fact that no voice cloning model can guess from public audio.
• Write down what real federal agencies never do. The Social Security Administration, the IRS and Medicare do not place out-of-the-blue calls asking for a full SSN, demand payment in gift cards or cryptocurrency or threaten arrest. Tape that list near the phone. Any caller who breaks one of those rules is a scammer.

What to do if identity fraud appears

A financial power of attorney signed in advance authorizes an adult child to handle bills, disputes and account changes on a parent’s behalf. With one in hand, the day-one fraud response can run without the parent on every call: pull all three credit reports, file at IdentityTheft.gov, place fraud alerts at each bureau and contact the affected creditor in writing.

Some identity theft protection services also include fraud resolution support. A specialist may help work with credit bureaus, creditors and collection agencies if someone misuses your information. Some plans also include identity theft insurance for eligible recovery costs and family coverage that can extend monitoring and support to parents in another household.

No service prevents every misuse of an older adult’s identity. The settings above shorten the time between when fraud happens and when someone in the family acts on it.

See my tips and best picks on Best Identity Theft Protection at CyberGuy.com.

Join CyberGuy Live: Lock Down Your Phone in 30 Minutes (Saturday, June 13, 10 am ET)

Your phone holds your email, passwords, photos, banking apps and personal data. In this free, live online class, Kurt the CyberGuy will walk you step by step through simple phone security fixes you can do in real time. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Register here: CyberGuyLive.com 

Kurt’s key takeaways

Protecting an older parent’s identity does not require a tech overhaul. It starts with a few smart moves: freeze their credit, claim key government accounts, set up an IRS IP PIN and agree on a family code word for suspicious calls. These steps can make it much harder for scammers to use stolen personal information before anyone notices. The bigger issue is that many systems still rely on information criminals may already have, such as birthdays, addresses and partial Social Security numbers. That puts more pressure on families to act early, monitor accounts and respond fast when something looks wrong. A little preparation now can save your parents from months of stress, financial damage and paperwork later.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Have you or an older loved one dealt with identity theft, Medicare fraud or a suspicious phone call that sounded real?  Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report

• Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
• For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
• Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.