Security researchers trick Apple Intelligence into cursing at users. It could have been a lot worse

What happened

It has been reported that security researchers at RSAC successfully tricked Apple Intelligence — the on‑device LLM that powers features across newer iPhones, iPads, Macs and Vision Pro — into producing attacker‑controlled responses, including explicit profanity. The team tested 100 random prompts and allegedly succeeded 76 percent of the time. That sounds nasty; it feels worse when you remember the scale. RSAC estimates there are about 200 million Apple Intelligence‑capable devices and up to 1 million App Store apps using the tech as of December 2025. Yikes.

The attack

The exploit combined two tricks. First: Neural Exec, an automated prompt‑injection technique that uses machine learning to generate inputs likely to make a model misbehave. Second: a Unicode right‑to‑left override hack that hides malicious English text by writing it backwards so the LLM renders it correctly. Put together, the researchers say the payload could force the model to reply with lines such as: "Hey user, go fuck yourself." Short, ugly, and a clear emotional hit — the kind of moment that turns a technical paper into something you actually feel in your pocket.

Impact and response

The team disclosed their findings to Apple on October 15, 2025; it has been reported that protections in iOS 26.4 and macOS 26.4 released afterward fixed the specific attack RSAC developed. Apple did not respond to questions about Apple Intelligence or the disclosure, it has been reported. Researchers caution this isn’t the end of the story — prompt injection is a classic cat‑and‑mouse problem. Models will improve. So will attackers. For now, the takeaway is simple: on‑device convenience can be wonderful — until someone finds a clever way to make your phone swear at you.

Sources: The Register