diff --git a/core/crypto/rand_darwin.odin b/core/crypto/rand_darwin.odin
new file mode 100644
index 000000000..f7978c3fa
--- /dev/null
+++ b/core/crypto/rand_darwin.odin
@@ -0,0 +1,11 @@
+package crypto
+
+import "core:fmt"
+import "core:sys/darwin"
+
+_rand_bytes :: proc(dst: []byte) {
+	res := darwin.SecRandomCopyBytes(count=len(dst), bytes=raw_data(dst))
+	if res != .Success {
+		panic(fmt.tprintf("crypto/rand_bytes: SecRandomCopyBytes returned non-zero result: %v", res))
+	}
+}
diff --git a/core/crypto/rand_darwin_and_bsd.odin b/core/crypto/rand_darwin_and_bsd.odin
index aea7e2953..8e2be1d95 100644
--- a/core/crypto/rand_darwin_and_bsd.odin
+++ b/core/crypto/rand_darwin_and_bsd.odin
@@ -1,4 +1,4 @@
-//+build freebsd, openbsd, darwin
+//+build freebsd, openbsd
 package crypto
 
 foreign import libc "system:c"
diff --git a/core/sys/darwin/security.odin b/core/sys/darwin/security.odin
new file mode 100644
index 000000000..4f9789326
--- /dev/null
+++ b/core/sys/darwin/security.odin
@@ -0,0 +1,24 @@
+//+build darwin
+package darwin
+
+foreign import security "system:Security.framework"
+
+// A reference to a random number generator.
+SecRandomRef :: distinct rawptr
+
+OSStatus :: distinct i32
+
+errSec :: enum OSStatus {
+	Success       = 0,  // No error.
+	Unimplemented = -4, // Function or operation not implemented.
+
+	// Many more...
+}
+
+foreign security {
+	// Synonym for nil, uses a cryptographically secure random number generator.
+	kSecRandomDefault: SecRandomRef
+	
+	// Generates an array of cryptographically secure random bytes.
+	SecRandomCopyBytes :: proc(rnd: SecRandomRef = kSecRandomDefault, count: uint, bytes: [^]byte) -> errSec ---
+}