Apple has spent years telling us that privacy starts on the device.For many users, that message feels reassuring.
Your messages, photos, emails and app data sit in your hand, protected by Face ID, passcodes and Apple's security layers.Now, new research gives Apple's on-device AI a reality check.Researchers with RSAC Research found a way to manipulate Apple Intelligence using prompt injection, adversarial prompts and Unicode tricks.
In 100 tests, they reported a 76% success rate against the on-device model used by Apple Intelligence.The researchers disclosed the findings to Apple on October 15, 2025.
Apple later hardened protections in iOS 26.4 and macOS 26.4, according to RSAC.Here's the part that should get your attention: this kind of attack may not require someone to steal your iPhone, crack your passcode or break into Apple's servers.It could start with carefully crafted text that tricks the AI into doing something you never asked it to do.
If your phone's AI can read, summarize, rewrite or help apps take action, attackers will try to trick it into doing things you never intended.Apple Intelligence runs many AI tasks directly on your iPhone, but new research shows hidden prompts can still try to manipulate how it responds.(Getty Images)So what can you do? Start by understanding how this attack works, why Apple patched it and which settings can lower your risk.APPLE TAPS GOOGLE GEMINI TO POWER APPLE INTELLIGENCERSAC researchers tested the on-device large language model built into Apple's operating systems.
That's important because third-party apps can access Apple Intelligence through system tools and APIs.Their attack used two main techniques.The first, called Neural Exec, used strange-looking prompts designed to confuse the model and push it toward a specific response.
The second used Unicode's right-to-left override feature.That feature can make text appear in a different direction, which may help hide malicious instructions from filters while still inf...