Prompt injection against Apple Intelligence

At RSA Conference 2026, researchers demonstrated how Apple Intelligence can be compromised using prompt injection. They tested the on-device version of the model, which is accessible to applications within the system. During the experiments, the attack achieved a success rate of 76%.

⚙️ How the attack works

The core issue lies in a fundamental limitation of language models: they cannot reliably distinguish between instructions and data.

This is exactly what prompt injection exploits. Malicious instructions are embedded in regular text and appear as part of user input. The model interprets them as commands and executes them, even if they contradict its original constraints. A classic example is a hidden instruction within the text that says,