
Apple has released iOS 26.5.2, a security-focused update that patches over two dozen vulnerabilities, many of them in WebKit, the engine that powers Safari and third-party browsers on iPhone and iPad.
The update, released on June 29, arrives nearly a month after iOS 26.5.1 and addresses a range of security issues Apple describes as being related to “malicious web content.” Users can install it by navigating to Settings, General, Software Update, and tapping Update Now.
Claude’s first iOS CVE
One detail stands out: Anthropic’s Claude AI model is credited with helping discover a vulnerability fixed in this update. The specific issue involved a potential memory corruption exploit, and Apple’s security advisories note Claude’s assistance in the CVE attribution.
This is the first time an AI model has appeared on an iOS security report, and security researchers expect it will not be the last. Claude’s capability to identify software vulnerabilities was already well documented, it was a factor in the delayed release of Anthropic’s Mythos model earlier this year, and in subsequent debates about whether powerful AI models should be restricted because of their vulnerability-finding abilities.
Most of the patch addresses WebKit flaws that could allow attackers to compromise devices through malicious web content. Given the engine’s central role in iOS security, every browser on the platform is required to use WebKit, these kinds of vulnerabilities are particularly valuable to attackers and particularly important to patch quickly.
The Claude-assisted discovery marks a milestone in the relationship between AI and software security. As AI models grow more capable at finding bugs, Apple’s CVE reports may increasingly feature AI tools alongside human researchers in the credits.
Sources: You Should Download iOS 26.5.2 Now for a Plethora of Security Fixes (CNET, July 10, 2026)

