Offensive Security Researcher, SEAR

Apple
Cupertino, United States of America2026-04-24

About the job

In this role, you will identify and exploit vulnerabilities in AI-powered features and agentic systems across Apple platforms. The AI systems themselves are the attack surface. You will help to build offensive capabilities against autonomous systems and anticipate how adversaries may exploit AI enabled systems in the wild. You will join a team working with world-class offensive security researchers. The work is critical directly shapes the security posture of Apple. You will conduct offensive research into AI-specific attack classes, including prompt injection, agentic data exfiltration and lateral movement, persistence mechanisms in AI workflows, AI-assisted vulnerability discovery and exploitation.

Responsibilities

Identify and exploit vulnerabilities in AI-powered features and agentic systems across Apple platforms. Build offensive capabilities against autonomous systems and anticipate how adversaries may exploit AI enabled systems in the wild. Conduct offensive research into AI-specific attack classes, including prompt injection, agentic data exfiltration and lateral movement, persistence mechanisms in AI workflows, AI-assisted vulnerability discovery and exploitation.

Qualifications

Minimum

Solid grounding in common vulnerability classes (memory corruption, logic flaws, auth bypass)

Proven experience in security research, vulnerability discovery, or offensive security (e.g., browsers, 0-click, messaging systems, distributed systems, or AI platforms)

Strong understanding of modern AI/LLM systems and their failure modes (e.g., prompt injection, data exfiltration, model misuse)

Experience applying AI/ML tools (e.g., LLMs, agents) to automate or augment security research workflows

Preferred

Experience attacking or defending agentic systems (multi-step AI workflows, tool-using agents, MCP-style integrations)

Familiarity with prompt injection techniques, obfuscation (e.g., encoding-based bypasses), and model manipulation strategies

Experience building or evaluating AI-driven vulnerability discovery pipelines

Understanding of browser-based AI integrations and risks (e.g., agentic browsing, data boundary violations)

Knowledge of capability-based security models or policy enforcement systems for AI agents

Experience with reverse engineering and low-level systems (IDA, Ghidra, LLDB)

Proficiency in one or more: Python, C/C++, Swift, Objective-C

Familiarity with Apple platforms (iOS, macOS) and their security architecture