Security firm RSAC recently disclosed a critical vulnerability in Apple Intelligence, Apple’s personal AI system, which allows attackers to bypass safety mechanisms through prompt injection.
The research team tested devices equipped with Apple Intelligence, including the iPhone 15 Pro and newer models, Macs and iPads with M1 chips or later, and the Apple Vision Pro. The results showed that out of 100 randomized attack prompts, 76% successfully induced the model to output abusive language that is otherwise prohibited.
The "Neural Exec" Automated Attack
The RSAC team utilized a technique dubbed "Neural Exec," pioneered by researcher Dario Pasquini. Unlike traditional manual prompt injection, Neural Exec leverages machine learning algorithms to automatically generate inputs that trigger non-compliant behavior, significantly increasing the efficiency of the attacks.
Petros Efstathopoulos, VP of Research and Development at RSAC, stated that their goal was to identify ways to circumvent the model’s pre-filtering, post-filtering, and internal guardrails. He noted that the team disclosed the findings to Apple on October 15, 2025.
Apple subsequently addressed the issue in iOS 26.4 and macOS 26.4, effectively blocking the attack paths demonstrated by RSAC. As of now, Apple has not issued a public statement regarding the specifics of the vulnerability, the remediation process, or the disclosure.
Although this specific flaw has been patched, Efstathopoulos emphasized that prompt injection remains a constant "cat-and-mouse game" in the field of artificial intelligence. While models are becoming more adept at identifying malicious instructions, attackers often manage to stay one step ahead in this ongoing arms race.
Currently, approximately 200 million devices worldwide support Apple Intelligence, and roughly one million apps in the App Store have integrated the technology. This research underscores the vital necessity of robust security measures for local models as large language models become increasingly integrated into our devices.
