Apple Patches 37 Flaws as AI Tools Find WebKit Bugs

Apple's latest iOS, iPadOS and macOS updates fix 37 vulnerabilities, including WebKit flaws discovered by Anthropic and OpenAI AI security tools.

Apple Patches 37 Flaws as AI Tools Find WebKit Bugs

Apple has shipped iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2 and a companion Safari update resolving 37 vulnerabilities, and in a sign of how quickly AI is reshaping security research, at least four of the flaws were reported by researchers using AI tools from Anthropic and OpenAI's Codex Security team.

WebKit Takes the Brunt

Twenty-six of the fixed defects sit in WebKit, the browser engine behind Safari and every iOS browser, including bugs in WebKit Canvas and WebKit Storage. According to the advisories, the flaws could be exploited through malicious websites to exfiltrate data, leak sensitive information, corrupt memory, hijack clipboard contents, crash Safari or process restricted content outside the sandbox. The remaining fixes span IOGPUFamily, the kernel, libxslt, Web Extensions and WebRTC.

AI Finds the Bugs, and Forces the Pace

The AI-assisted discoveries mark a turning point: frontier models are now productive vulnerability hunters, and platform vendors are accelerating patch cycles to keep ahead of AI-equipped attackers as well. The dynamic mirrors developments we covered when OpenAI's Daybreak and Codex security systems began patching software at scale. Apple has reportedly been shortening its update cadence specifically because AI tooling is compressing the time from disclosure to exploitation.

Cybersecurity engineer reviewing code for vulnerabilities

What Users and Enterprises Should Do

Apple says none of the vulnerabilities are known to have been exploited in the wild, but the breadth of the WebKit attack surface makes prompt updating advisable for all devices. For enterprises, the episode reinforces that AI is now embedded on both sides of the security equation, a theme driving investment across the sector, from NewCore's $66 million seed for agentic identity security to Opal Security's AI-native access governance platform.

Reporting based on coverage from SecurityWeek and Apple security advisories.

Category: Cyber Security

Tags: AI Security Cybersecurity OpenAI

Related Articles