Security experts from RSAC have successfully exposed vulnerabilities in the protective mechanisms of Apple’s Intelligence AI, marking a significant discovery in AI security. This breakthrough raises questions about the safety of Apple’s AI-integrated devices.
Understanding Apple Intelligence AI
Apple Intelligence serves as an advanced personal AI system across iOS, iPadOS, and macOS, leveraging generative AI with user-specific data. It primarily operates on-device via Apple’s silicon, using a compact language model (LLM) that accesses personal data like messages and photos to enhance features like Siri and system-wide tools. For more sophisticated tasks, it utilizes larger models through Apple’s Private Cloud Compute (PCC).
Exposing AI Vulnerabilities
The RSAC research team, known for organizing the RSAC Conference, embarked on a mission to breach the input and output filters of Apple’s local LLM. These filters are put in place to prevent harmful inputs and unwanted outputs. By merging two adversarial strategies, the team successfully influenced the AI’s behavior.
The first technique, Neural Execs, is a prompt injection attack that deceives the AI into executing attacker-defined commands through nonsensical inputs. The second method involves Unicode manipulation, where malicious text is encoded backward and rendered correctly using a Unicode function, thereby bypassing content restrictions.
Implications and Response
Combining these methods could potentially allow attackers to generate offensive content or interfere with private data accessed by Apple Intelligence, including sensitive health information. The researchers tested 100 random prompts, achieving a 76% success rate. They estimate that between 100,000 and 1 million users might be at risk from this vulnerability.
RSAC researchers estimate that by December 2025, there were over 200 million Apple Intelligence-enabled devices in use. The Apple App Store already hosts applications integrated with this AI, making it a prime target. Apple addressed these concerns in October 2025, implementing security updates in iOS 26.4 and macOS 26.4. Fortunately, no malicious exploitation has been reported yet.
Related discussions highlight similar vulnerabilities in other tech environments, underscoring the ongoing challenges in cybersecurity.
