Siri Restricts External URL Summarization in iOS 27 Beta

The new Siri AI bundled with iOS 27 inherently avoids processing external hyperlinks. If a user provides a web URL, Siri will decline to access or read its contents. This rigid restriction stems from critical safety parameters. Specifically, malicious destination links harboring adversarial prompt injections pose significant security threats to the ecosystem.

System Prompt Modifications in Developer Beta 2

In the recently deployed iOS 27 Developer Beta 2, Apple updated Siri’s underlying system instructions. A newly integrated directive states that Siri cannot access content behind URLs. When a user provides a URL and requests a summary, Siri must decline. The assistant informs the user that it cannot access those web pages. Furthermore, the system forbids offering subsequent recommendations or alternative workarounds.

These rigid parameters reveal Apple’s unyielding stance on network safety. The company intentionally avoids user-friendly alternatives. For instance, Siri will not advise individuals to copy the link into a browser. Interestingly, Apple Intelligence within Safari natively offers webpage summaries. However, this feature operates exclusively while a user actively views the page. This development highlights how Apple tells Siri AI to clearly refuse requests to summarize URLs during daily tasks.

Web Traffic Preservation and Copyright Considerations

Beyond digital safety, website traffic and digital monetization dynamics play a vital role. Many modern artificial intelligence utilities execute real-time web searches to retrieve contemporary data. However, users rarely click through to the primary sources. For content creators, this browsing behavior severely suppresses visitor counts and damages advertising revenue. Therefore, Apple’s reluctance to provide URL summarization may protect web traffic and preempt potential copyright disputes.

Ultimately, mitigating adversarial exploits remains the paramount priority. Embedded malicious directives inside target web pages can easily compromise AI models. By completely blocking Siri’s external URL access, Apple successfully neutralizes common phishing-based prompt injection threats.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.