New findings have raised concerns about the security of Apple’s on-device AI system, Apple Intelligence. Researchers revealed that attackers can manipulate the system using prompt injection techniques. As a result, they may influence how the AI responds and behaves.
According to the report, researchers achieved a 76% success rate during testing. They used adversarial prompts and hidden text techniques to bypass built-in safeguards.
Moreover, these techniques allow attackers to send instructions that appear harmless but trigger unintended actions. This raises questions about how secure AI systems truly are, even when designed with privacy in mind.
How the Attack Works
The researchers used two main methods to break through protections. First, they applied a technique called “Neural Exec,” which feeds unusual inputs to guide the AI’s responses. Second, they used Unicode manipulation to hide malicious instructions within text.
Because of this, the AI may process hidden commands without detecting them as harmful. In turn, attackers could control outputs or influence connected apps.
Importantly, Apple Intelligence connects directly to apps through system-level APIs. Therefore, any manipulation could affect app behavior or expose sensitive user data.
Growing Risk With Wider Adoption
The risk increases as more apps adopt Apple Intelligence features. Researchers estimate that between 100,000 and 1 million users could already be exposed to vulnerable apps.
Although there is no evidence of real-world attacks yet, experts warn that the threat remains serious. This is because the techniques used are simple and widely known in cybersecurity.
Implications for Apple’s AI Strategy
Apple designed its AI system to run partly on-device to improve privacy. However, deeper integration also creates a larger attack surface. If one weakness appears, it may affect multiple apps at once.
While Apple has reportedly strengthened protections in recent updates, details remain unclear.
Ultimately, the findings highlight a key challenge. Even privacy-focused AI systems must defend against evolving threats. As AI becomes more embedded in daily devices, ensuring strong security will remain critical.
