Is Apple Intelligence on your iPhone really secure?

Apple has spent years telling america that privateness starts connected the device. For galore users, that connection feels reassuring. Your messages, photos, emails and app information beryllium successful your hand, protected by Face ID, passcodes and Apple's information layers. Now, caller probe gives Apple's on-device AI a world check.

Researchers with RSAC Research recovered a mode to manipulate Apple Intelligence utilizing punctual injection, adversarial prompts and Unicode tricks. In 100 tests, they reported a 76% occurrence complaint against the on-device exemplary utilized by Apple Intelligence. The researchers disclosed the findings to Apple connected October 15, 2025. Apple aboriginal hardened protections successful iOS 26.4 and macOS 26.4, according to RSAC.

Here's the portion that should get your attention: this benignant of onslaught whitethorn not necessitate idiosyncratic to bargain your iPhone, ace your passcode oregon interruption into Apple's servers. It could commencement with cautiously crafted substance that tricks the AI into doing thing you ne'er asked it to do. If your phone's AI tin read, summarize, rewrite oregon assistance apps instrumentality action, attackers volition effort to instrumentality it into doing things you ne'er intended.

Apple Intelligence runs galore AI tasks straight connected your iPhone, but caller probe shows hidden prompts tin inactive effort to manipulate however it responds. (Getty Images)

So what tin you do? Start by knowing however this onslaught works, wherefore Apple patched it and which settings tin little your risk.

APPLE TAPS GOOGLE GEMINI TO POWER APPLE INTELLIGENCE

Join CyberGuy Live: Lock Down Your Phone successful 30 Minutes (Saturday, June 13, 10 americium ET)

• Your telephone holds your email, passwords, photos, banking apps and idiosyncratic data. In this free, unrecorded online class, Kurt the CyberGuy volition locomotion you measurement by measurement done elemental telephone information fixes you tin bash successful existent time. You’ll larn however to amended your privateness settings, spot the latest telephone scams, usage trusted information tools and locomotion distant with a elemental checklist to enactment protected. Register here: CyberGuyLive.com 

What researchers recovered successful Apple Intelligence

RSAC researchers tested the on-device ample connection exemplary built into Apple's operating systems. That's important due to the fact that third-party apps tin entree Apple Intelligence done strategy tools and APIs.

Their onslaught utilized 2 main techniques. The first, called Neural Exec, utilized strange-looking prompts designed to confuse the exemplary and propulsion it toward a circumstantial response. The 2nd utilized Unicode's right-to-left override feature. That diagnostic tin marque substance look successful a antithetic direction, which whitethorn assistance fell malicious instructions from filters portion inactive influencing the model.

NEW EMAIL SCAM USES HIDDEN CHARACTERS TO SLIP PAST FILTERS

In elemental terms, the onslaught tried to sneak instructions past Apple's AI safeguards. The prompts whitethorn look meaningless to you and me. Yet the exemplary whitethorn inactive construe them arsenic commands. That is wherever the hazard grows. Apple Intelligence tin link to apps and strategy features. So a manipulated effect could bash much than nutrient a unusual answer. In a worst-case scenario, attackers could effort to manipulate information oregon functions disposable to an Apple Intelligence-enabled app, particularly if that app has entree to delicate information.

Why Apple Intelligence punctual injection matters

Prompt injection is 1 of the biggest information problems facing AI tools. It happens erstwhile attackers fell instructions wrong substance that an AI exemplary aboriginal reads. Think astir a suspicious email, a unusual papers oregon a webpage with hidden text. You whitethorn spot 1 thing. The AI exemplary whitethorn process thing else.

That creates a caller benignant of risk. An attacker whitethorn not request to interruption into your iPhone. They whitethorn lone request to get a cautiously crafted message, record oregon app input successful beforehand of the AI model.

OPENAI ADMITS AI BROWSERS FACE UNSOLVABLE PROMPT ATTACKS

If an app asks Apple Intelligence to summarize that content, rewrite it oregon enactment connected it, the hidden punctual could effort to steer the response. For you, that means AI information present depends connected much than beardown passwords and bundle updates. It besides depends connected however good AI tools grip hostile instructions.

How Apple Intelligence works connected your iPhone

Apple Intelligence uses a hybrid design. Some tasks tally straight connected your iPhone, iPad oregon Mac. More analyzable requests whitethorn determination done Apple's Private Cloud Compute system.

Apple has framed that setup arsenic a privacy-focused alternate to cloud-only AI tools. That attack makes sense. Keeping much processing connected your instrumentality tin trim however overmuch idiosyncratic information leaves your phone.

However, section AI does not automatically mean risk-free AI. RSAC's probe shows that deeper strategy entree tin make a larger onslaught surface. The much Apple Intelligence connects with apps and strategy features, the much important the guardrails become.

A elemental penning instrumentality carries 1 level of risk. An AI instrumentality that understands idiosyncratic discourse and works crossed apps carries a higher one.

Why this Apple AI information flaw raises concerns

The interest present goes beyond unusual chatbot responses. Apple Intelligence tin link straight to apps done system-level tools. That means manipulated responses could impact however an app behaves. Researchers said the exemplary could beryllium pushed into generating violative oregon unintended responses. They besides warned that attackers could perchance manipulate information and functionality disposable to an affected Apple Intelligence-enabled app.

THOUSANDS OF IPHONE APPS EXPOSE DATA INSIDE APPLE APP STORE

RSAC estimated that betwixt 100,000 and 1 cardinal users whitethorn already beryllium utilizing apps with imaginable exposure. That estimation was based connected apps Apple had identified arsenic utilizing the on-device LLM and RSAC's unsmooth calculations from App Store reappraisal data. That does not mean criminals are actively utilizing this nonstop onslaught close now. RSAC said determination was nary nationalist grounds of progressive exploitation erstwhile the probe appeared. Still, the precocious occurrence complaint makes the findings hard to ignore.

What Apple has done astir the iPhone AI risk

RSAC shared its findings with Apple earlier making the probe public. According to RSAC, Apple hardened the affected systems against this onslaught successful iOS 26.4 and macOS 26.4. Apple has not publically elaborate each change. That is communal with information fixes, since companies often debar giving attackers a roadmap.

The probe appears to beryllium a impervious of concept, not a known progressive onslaught against mundane users. The astir important takeaway for users is simple: support your devices updated. Security patches lone assistance if they scope your phone. If you hold updates for weeks oregon months, you whitethorn miss protections that adjacent known gaps.

DON'T IGNORE APPLE'S URGENT SECURITY UPDATE

Ways to enactment harmless with Apple Intelligence

You bash not request to halt utilizing Apple Intelligence, but you should dainty it similar immoderate almighty telephone feature: support it updated, bounds what it tin access, and enactment cautious with unfamiliar content.

1) Update your iPhone, iPad and Mac

Start with the easiest protection. Make definite your instrumentality runs the latest software.

On iPhone: Settings > General > Software Update

On Mac: Click the Apple menu successful the upper-left country of your screen > System Settings > General > Software Update

Turn connected automatic updates erstwhile possible. That helps your instrumentality person information fixes arsenic soon arsenic Apple releases them.

Researchers accidental crafted substance and Unicode tricks helped bypass Apple Intelligence safeguards successful tests, raising concerns astir apps that link to the on-device AI model. (Kena Betancur/Bloomberg)

2) Review your Apple Intelligence settings

If you bash not usage definite Apple Intelligence features, see turning them disconnected oregon limiting them. This tin trim however often AI tools interact with your apps, messages, summaries and idiosyncratic content.

On iPhone: Settings > Apple Intelligence & Siri

From there, reappraisal which features are enabled. Turn disconnected thing you bash not need. 

3) Be selective with AI-powered apps

Do not springiness each app entree to delicate accusation conscionable due to the fact that it offers an AI feature. Before installing an app, cheque the developer, reviews and privateness details. Also, inquire yourself whether the app truly needs entree to your messages, files, photos oregon contacts. If the reply feels unclear, skip it.

DON’T GET CAUGHT IN THE 'APPLE ID SUSPENDED' PHISHING SCAM

4) Watch what you inquire AI to summarize

Prompt injection tin fell wrong contented that looks harmless. That could see emails, webpages, documents, notes oregon copied text. Be cautious erstwhile asking AI to summarize unfamiliar content. A malicious record could incorporate hidden instructions meant for the AI alternatively than you.

5) Review app permissions

Take a fewer minutes to cheque which apps tin entree your backstage data.

On iPhone: Settings > Privacy & Security

Then reappraisal categories specified arsenic Photos, Contacts, Location Services, Microphone and Files. Remove entree erstwhile an app nary longer needs it.

6) Avoid pasting delicate details into AI tools

Keep your astir delicate accusation retired of AI prompts erstwhile possible. That includes Social Security numbers, banking details, taxation documents, aesculapian records and passwords. AI tin assistance with galore tasks. It should not go a dumping crushed for your backstage life.

7) Delete apps you nary longer use

Unused apps tin enactment your information astatine risk. If you downloaded an app months agone and forgot astir it, region it.

On iPhone: Touch and clasp the app > Remove App > Delete App > Delete

The less apps you keep, the less ways your idiosyncratic information tin determination around. 

8) Add beardown antivirus software

Strong antivirus bundle adds different furniture of extortion against malicious links, scam websites, infected downloads and phishing attacks that whitethorn effort to bargain your idiosyncratic information. While antivirus bundle volition not straight halt each AI punctual injection risk, it tin assistance artifact threats earlier they scope your instrumentality oregon instrumentality you into handing implicit delicate data.

The champion antivirus bundle tin besides pass you astir suspicious emails, unsafe attachments and fake websites. That other extortion becomes much important arsenic scammers usage AI to marque attacks look much convincing. Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android & iOS devices astatine Cyberguy.com

9) Consider individuality theft protection

Identity theft extortion volition not halt a punctual injection attack. Still, it tin assistance if your idiosyncratic accusation gets exposed oregon misused. A bully individuality theft extortion work tin show your idiosyncratic data, alert you to suspicious enactment and assistance you respond if idiosyncratic tries to unfastened accounts oregon usage your identity. As AI tools go much integrated with apps and idiosyncratic data, that other monitoring tin supply different furniture of protection. See my tips and champion picks connected Best Identity Theft Protection astatine Cyberguy.com

10) Use stronger iPhone information settings

Keep Face ID oregon Touch ID enabled. Use a beardown passcode alternatively of a elemental four-digit code. Also, crook connected Stolen Device Protection if your iPhone supports it.

On iPhone: Settings > Face ID & Passcode > Enter your passcode if prompted > Stolen Device Protection

This volition not halt punctual injection by itself. However, it adds different furniture if idiosyncratic gets carnal entree to your phone.

Kurt's cardinal takeaways

Apple Intelligence inactive has a beardown privateness story. Running much AI tasks connected your iPhone and utilizing Private Cloud Compute for tougher requests gives Apple a existent vantage implicit galore cloud-only AI tools. But this probe is simply a reminder that backstage does not ever mean untouchable. If an AI exemplary tin work prompts, summarize contented and link with apps, attackers volition look for ways to crook it to their advantage. For you, the takeaway is simple. Keep your devices updated, beryllium selective astir AI-powered apps and deliberation doubly earlier letting AI process delicate information. Apple tin physique beardown walls astir your data, but you inactive determine what you invitation inside.

Keeping your iPhone updated, limiting app entree and being cautious with unfamiliar contented tin assistance trim your hazard arsenic AI becomes much profoundly built into your device. (Sebastian Kahnert/Picture Alliance)

Would you spot an AI adjunct much due to the fact that it runs connected your iPhone, oregon does deeper entree to your idiosyncratic information marque you much cautious? Let america cognize by penning to america astatine Cyberguy.com

Sign up for my FREE CyberGuy Report

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams aboriginal and enactment protected, sojourn CyberGuy.com - trusted by millions who ticker CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide escaped erstwhile you join.

Copyright 2026 CyberGuy.com.  All rights reserved.