Skip to content
News Incident

Apple patched four WebKit CVEs discovered by AI tools in its June 30 security update, crediting OpenAI Codex Security and Anthropic researchers

· by Pondero Newsdesk

The short version

iOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 patch more than 30 vulnerabilities. Four WebKit flaws were found by AI tools, marking the first Apple patch cycle to name AI systems as discovery contributors in its advisories.

Apple patched four WebKit CVEs discovered by AI tools in its June 30 security update, crediting OpenAI Codex Security and Anthropic researchers

Four of the more than 30 vulnerabilities Apple patched on June 30 were found by AI tools, and Apple said so in the advisories by name. That explicit credit is new territory for Apple's patch documentation and signals that AI-assisted vulnerability discovery has reached the point where vendors are treating it like any other credited research source.

What happened

Apple released iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 on June 30, addressing more than 30 security issues across the stack, with the bulk concentrated in WebKit.

Three of the four AI-discovered WebKit flaws were credited to OpenAI Codex Security:

  • CVE-2026-43707: a memory corruption issue triggering unexpected process crashes when processing maliciously crafted web content, addressed with improved memory handling.
  • CVE-2026-43716: an unspecified crash in Safari when processing maliciously crafted web content, addressed with improved memory handling.
  • CVE-2026-43745: an out-of-bounds write causing unexpected Safari crashes, addressed with improved input validation.

The fourth, CVE-2026-43715, was credited to Anthropic researchers Milad Nasr and Nicholas Carlini, with Claude listed in the advisory as a contributing tool. Apple described it as a use-after-free issue producing memory corruption from maliciously crafted web content, addressed with improved memory management.

Apple reported no evidence of exploitation in the wild before the fixes shipped, per the advisories.

Why it matters

CVE credits in vendor advisories are the official record of how a flaw was found. Apple naming OpenAI Codex Security and Anthropic's Claude in the same section where it lists individual human researchers is a concrete policy statement: AI-assisted discovery earns the same attribution treatment as traditional security research.

Nasr and Carlini lead Anthropic's security research work. Their names attached to a use-after-free in WebKit, alongside an explicit mention of Claude as a tool, is specific enough that other security teams can now point to it as a model for how to document AI-assisted CVE submissions in a vendor program.

For operators watching the AI-security intersection, the practical shift is this: the tooling is mature enough that two competing AI labs both turned up distinct exploitable bugs in the same WebKit release cycle. OpenAI Codex Security found three; Anthropic's team found one using Claude. That is not a pilot or a benchmark exercise. Those are bugs that would have shipped to users.

Apple also told Reuters it is releasing updates earlier than before in response to concerns that AI tools could compress the window between discovery and weaponization.

Context

Milad Nasr and Nicholas Carlini have published research on adversarial ML and model security. CVE-2026-43715 extends their public track record into browser-engine vulnerability discovery, which is a different surface area from their prior published work. The Hacker News reported that Apple's statement to Reuters framed the accelerated release cadence as a direct adaptation to AI-accelerated exploit development, not just a routine schedule change.

The broader WebKit patch batch also included bugs found by independent researcher Hyunwoo Kim, who previously discovered the Dirty Frag Linux kernel exploit. The presence of both AI-assisted and traditional individual researcher credits in the same advisory round illustrates that the shift toward AI tooling in security research is additive, not a wholesale replacement per The Hacker News.

What to watch next

Whether OpenAI or Anthropic publish methodology notes on how Codex Security and Claude were applied to WebKit analysis will determine how replicable this approach is for other security teams. Watch also whether Apple's stated commitment to a faster update cadence holds through Q3 2026. If it does, the pressure on the window between discovery and patching will push security teams toward automated tooling faster than any single advisory.

Sources