AI is now helping hackers find and exploit security issues faster than ever before. Apple says it will no longer wait to include updates in the next scheduled releases of iOS, iPadOS, and macOS.
Following a trio of security updates to iOS, iPadOS, and macOS, Apple has announced that it now intends to cut the time between discovery of an exploit and the update to address it. Normally some more minor security updates would have been held until the next regular release, but now they should be issued as soon as possible.
According to Reuters, Apple says that this is why there was a release of iOS 26.5.2 on Monday. Previously, the company would typically have included these security updates in iOS 26.6, which is expected in July 2026.
There were exceptions when the security issue was considered severe enough to merit that "sub-point" release, but they were few and far between. And in particular, if an active hacking campaign were found to be exploiting such a flaw, Apple would not delay a release.
With the update to 26.5.2, Apple says that there is no evidence that the vulnerabilities it patched have been exploited. But the update included over 25 separate security fixes, and so Apple released it just under a month since it launched 26.5.1.
The 25 vulnerabilities included 15 that were to do with WebKit, the engine that browsers on iOS are required to use, at least in most territories. The security issues included an ability for certain web content to retrieve sensitive information, and one where websites could capture whatever is on the user's clipboard.
Apple has not said whether it has evidence that AI was used to discover and exploit these issues. While it may have such evidence, the company could also be presuming AI is involved based on the volume of hacks being detected.
In this case, the number and type of vulnerabilities was sufficient to make Apple release this update as soon as possible, but there were benefits to holding back updates. If users get too many notifications to update, for instance, they may stop doing it.
Then, too, if there is time before the next release, Apple's engineers and other security experts can more fully check for whether the update has introduced new bugs.
Apple's announcement follows the news in May 2026 that Anthropic's Mythos AI circumvented macOS security. It did so by examining two separate bugs instead of finding a single vulnerability.
Mythos is an early version of an update to Anthropic's Claude AI model. Anthropic's own engineers have cautioned that it is too good at finding security exploits.
Users can choose to have updates, including security ones, install automatically, but it is their choice and there are reasons not to do it.
It was initially given a limited release in early June 2026, but within days was withdrawn by order of the US government over national security concerns.
The version of Mythos that beat macOS security was a pre-release model. Apple patched that exploit with the May 2026 release of macOS Tahoe 26.5.
There are clearly more coming.
Heightened security
If AI is helping create hacking tools faster and in great volumes than before, then there's no option. Apple has to patch every vulnerability as it's found, and it has to release those security updates as quickly as possible.
There is a genuine risk of burnout with users opting not to update. Apple does have Background Security Improvements (previously known as Rapid Security Response), which lets it install updated system files.
But even that is a toggle so a user can choose not to allow it. Hopefully such users will eventually be prompted to when Apple's annual updates offer more features, but that means those users being exposed for up to a year.
Then patching these vulnerabilities is not always straightforward, and it is always a bigger issue than it seems. The patch has to be worked into the next and all future versions of the OSes, and it may have to also be integrated into previous ones as well.
For instance, the iPhone XR, iPhone XS, and iPhone XS Max phones cannot be updated to iOS 26. So if an exploit is severe enough, Apple has to update iOS 25 with the patches too.
That's a potentially huge job and it raises the risk of the patches introducing new bugs, too.
It's possible to foresee a time when Apple will make automatic installation of updates the default, if it doesn't remove the ability to opt out of that altogether. It's possible to see Apple following the likes of subscription services and moving from annual major updates to a rolling, automatic release of new versions.
Yet there is a reason to avoid automatic updates. It's when an OS is first released that it is most likely for users to find bugs, so just being able to wait a few days for those to be fixed is sensible.
So there is no great solution, but Apple putting resources into releasing patches faster is the best we're going to get.
