Researchers with RSAC Research found a way to manipulate Apple Intelligence using prompt injection, adversarial prompts and Unicode tricks. In 100 tests, they reported a 76% success rate against the on-device model used by Apple Intelligence. The researchers disclosed the findings to Apple on October 15, 2025. Apple later hardened protections in iOS 26.4 and macOS 26.4, according to RSAC. The attack used two main techniques: Neural Exec, which used strange-looking prompts designed to confuse the model, and Unicode's right-to-left override feature, which can hide malicious instructions from filters. RSAC researchers tested the on-device large language model built into Apple's operating systems.