According to a Thursday (May 14) Wall Street Journal (WSJ) report, this discovery from the security firm Califunderscores a changing cybersecurity landscape, where artificial intelligence (AI) is increasingly being used to break through even the sturdiest defenses.
The researchers say their software joins together two bugs and some techniques that could corrupt the Mac’s memory and access parts of the device that should not have been able to be accessed, the report said.
This is called a “privilege escalation exploit,” the WSJ added. If combined with other attacks, hackers could use it to take over a computer.
Michał Zalewski, a security researcher who worked at Google and who reviewed Calif’s findings, said the technique is notable because Apple has put so much work into safeguarding MacOS.
Apple, which is using frontier AI models to test and patch vulnerabilities, said it is reviewing the Calif report to validate its findings.
Advertisement: Scroll to Continue
“Security is our top priority, and we take reports of potential vulnerabilities very seriously,” a company spokeswoman told the WSJ.
The past few months, the report added, have seen the bug-finding capabilities of AI models from companies such as Anthropic and OpenAI improve to the point that many cybersecurity experts are now warning of a “Bugmageddon.”
That’s a jokey name for an unfunny problem: AI models uncovering security vulnerabilities at unprecedented levels. That could mean a lot more work for tech teams who need to plug these holes in their defenses, to say nothing of the massive cybersecurity risk.
As PYMNTS wrote earlier this week, the issue has provided a wakeup call to the enterprise software world, which had “long held on to the traditional assumption that while bugs are common, the expertise to exploit them, particularly at scale, is rare.”
One of the things disproving this assumption is a new report from Google showing that entire attack chains are “increasingly becoming software-defined and executed faster and cheaper than ever before,” PYMNTS added, saying that the result is “not simply more hacking” but “the industrialization of hacking.”
Google Cloud researchers detailed what they say is the first observed case of an AI-developed zero-day exploit tied to a planned mass exploitation campaign.
It’s “an event that security analysts inside and outside the tech giant increasingly view less as an isolated milestone than as an early signal of a broader structural transition toward an industrial-scale cyber threat landscape,” PYMNTS added.
