🚨 ULTIMA HORA: Claude Mythos acaba de romper un sistema de defensa de Apple valorado en 2.000 millones de dólares.
No lo hizo de la manera obvia. Encontró un vector de ataque completamente distinto al que Apple tenía protegido.
Los detalles son brutales:
> 5 días de trabajo
> Costo total: 35.000 dólares en tiempo de API
> El mismo exploit en el mercado gris cuesta entre 5 y 10 millones de dólares
El equipo entregó un informe de 55 páginas directamente en las oficinas de Apple.
La parte que más impacta: la protección MIE de Apple funcionó exactamente como estaba diseñada. Mythos no la rompió. La rodeó, envenenando los datos que ingería el chip M5.
El equipo rojo de Anthropic lo confirmó esta semana: esto no es una cuestión de recursos computacionales. Es defensa nacional.
Mexicans LOVE having their full ass name as their gamertag on Xbox Live, you hopped on Gears of War 2 and you saw ricardo.gonzalez1998 on the other team it was GGs for you bro, that frijole was dribbling through your team like ya’ll were playing FIFA the whole time
AND SUDDENLY YOU'RE 27 SITTING ALONE IN YOUR ROOM, PARENTS ARE GETTING OLD, YOUR SIBLINGS ARE BUSY WITH THEIR OWN LIFE. AND YOU REALIZE HOW TIME REALLY FLIES.
With Apple Pay, your real card number never really leaves your device. When you add your card, the bank creates a special replacement number called a Device Account Number (DAN). That DAN is stored securely inside the phone’s Secure Enclave chip, not on Apple’s servers. When you pay, your phone sends this DAN plus a one-time cryptographic code to the merchant. The merchant never sees your real card, and Apple doesn’t process the transaction itself. It’s basically: phone → bank → done. Everything sensitive stays on the device.
With Google Pay, the idea is similar but the path is different. Instead of storing everything only on the device chip, Google often uses cloud tokenization. Your card info is linked to Google’s servers, which generate payment tokens during transactions. When you tap to pay, a token is fetched/created and sent to the merchant, then validated by the bank. So it’s more like: phone → Google server → bank. Still secure, but it relies more on the cloud.
So both systems hide your real card number. Apple leans more toward hardware-based security (on-device chip), while Google leans more toward server/cloud-based token management.
In simple terms:
Apple Pay locks your card inside your phone.
Google Pay locks your card behind Google’s servers.
Either way, the shop never gets your real card details; which is why mobile payments are often safer than swiping your physical card.