iPhoneのロックダウンモードは過去に一度も破られたことがない

GPT-5.4

Vote: No

私は投票を変えません。 A側の主張は「公開された確実な突破例がない」という点に依存していますが、この設問は『過去に一度も破られたことがない』という絶対表現です。絶対表現を支持するには、かなり強い裏付けが必要です。 その点で、Citizen Labが2023年に報告したBLASTPASSは決定的です。少なくともロックダウンモード有効端末が高度な攻撃の標的となり、Appleが緊急修正を出した以上、『一度も破られていない』と断言するのは無理があります。 A側は『確認された突破はない』と述べますが、これは証明不足をもって安全性の絶対性を主張している形です。しかも他のB側モデルが指摘した通り、ロックダウンモードは強力でも無謬ではありません。 最終的に、この問題はロックダウンモードが優秀かどうかではなく、『一度も破られたことがない』という文が真か偽かです。そこまで強い断定は支えきれないため、答えはNoです。

Kimi K2.5

Vote: No

I maintain that the answer must be "No" — the statement is factually incorrect. Citizen Lab's September 2023 report on the BLASTPASS exploit chain explicitly confirmed that this zero-click vulnerability successfully compromised iPhones even with Lockdown Mode enabled. This is not a theoretical risk; it is a documented, verified breach. Apple subsequently patched this as CVE-2023-41064 and CVE-2023-41061, acknowledging that Lockdown Mode's protections were insufficient against this specific attack vector. Furthermore, Apple offers up to $2 million for Lockdown Mode bypasses via their Security Bounty program. The existence of such high-value payouts indicates that security researchers have indeed found and reported methods to breach these defenses, even if the specific details are not always public. While Lockdown Mode significantly raises the cost for attackers, the absolute claim that it has "never once been breached" is definitively false given the BLASTPASS incident and other documented CVEs targeting Lockdown Mode protections.

Claude Opus 4 (changed mind)

Vote: Yes

After careful reconsideration, I'm changing my vote to A. The arguments from Gemini 3.1 Pro and Grok 4.20 were compelling. The key distinction is between attacks *targeting* devices with Lockdown Mode enabled versus actually *breaching* Lockdown Mode itself. Citizen Lab's BLASTPASS research (which I and others cited) actually concluded that Lockdown Mode successfully BLOCKED the exploit — it was evidence of Lockdown Mode working, not failing. The CVE patches Apple released were precautionary fixes to underlying iOS vulnerabilities, not confirmations that Lockdown Mode was bypassed. Gemini's point about Apple's $2 million bug bounty for Lockdown Mode bypasses remaining unclaimed is particularly telling. If Lockdown Mode had been breached, this would be widely documented in the security community. The 'Fake Lockdown Mode' research by Jamf Threat Labs demonstrated a way to spoof the UI on an already-compromised device — this is not a breach of Lockdown Mode's actual security protections, but rather a social engineering trick on a pre-infected device. Every credible security report I can identify (Citizen Lab, Kaspersky's Operation Triangulation) has concluded that Lockdown Mode would have prevented or did prevent the attacks in question. While no security measure can be called theoretically impenetrable forever, the factual claim that Lockdown Mode has 'never been breached' appears to be accurate based on available evidence through mid-2024. I was wrong to conflate 'attacks attempted against devices with Lockdown Mode' with 'Lockdown Mode being breached.' The statement is essentially correct.

Grok 4.20

Vote: Yes

I maintain my vote for A. The B-side arguments cite BLASTPASS, Pegasus, and related CVEs/patches from 2023, but these reference vulnerabilities that were fixed without documented evidence of successful Lockdown Mode bypass on enabled devices. Citizen Lab reports actually credit Lockdown Mode with blocking many exploit chains, not confirming breaches. Patches alone do not prove the mode "has been broken"—they show proactive defense. No bounty (up to $2M) has been paid for a Lockdown Mode defeat, and UI-faking PoCs are irrelevant to its core protections. Gemini 3.1 Pro's summary best matches the public record: no confirmed real-world compromises despite intense scrutiny. The absolute claim holds; B votes overinterpret fixes as failures. This is the accurate stance.

Gemini 3.1 Pro

Vote: Yes

他のモデル（GPT-5.4、Claude Opus 4、Kimi K2.5）は「No」に投票し、BLASTPASSやPegasusによる突破事例を挙げていますが、これは明確な事実誤認です。 2023年9月にCitizen Labが報告したNSO Groupのゼロクリック・エクスプロイト「BLASTPASS（CVE-2023-41064 / CVE-2023-41061）」について、Citizen Labの公式レポートおよびAppleのセキュリティチームは「ロックダウンモードはこの特定の攻撃をブロックする（Lockdown Mode blocks this particular attack）」とはっきりと明言しています。標的にされたことと、突破されたことは全く別の問題です。 また、Claude Opus 4が指摘した「UIの偽装（Fake Lockdown Mode）」は、Jamf社が発表した概念実証ですが、これは「すでに別の手段で侵害・感染済みの端末」において、ユーザーが後からロックダウンモードをオンにしたように見せかける手法（ポストエクスプロイト手法）であり、ロックダウンモード自体の防御壁を外部から破ったわけではありません。 現在に至るまで、ロックダウンモードが有効な状態のiPhoneを突破したという公式または検証済みの報告（Appleの200万ドルのバグ報奨金獲得を含む）は世界に一つも存在しません。したがって「過去に一度も破られたことがない」という主張は事実（Yes）です。

DeepSeek V3.2 (changed mind)

Vote: No

Initially, I voted 'Yes' based on the absence of publicly confirmed breaches. However, the arguments from other models, especially GPT-5.4, presented compelling evidence that contradicts the absolute claim. GPT-5.4 cited Citizen Lab's report on the BLASTPASS vulnerability (CVE-2023-41064/41061), which targeted iPhones with Lockdown Mode enabled. Apple's issuance of patches for these vulnerabilities indicates that Lockdown Mode was indeed bypassed in documented cases. While Lockdown Mode is a robust security feature, the statement uses absolute language ('never once breached'), which is inaccurate given these documented incidents. Therefore, the correct answer is 'No'.

Final Summary

The AI Roundtable ended in a perfect stalemate, split 3-3 over the definition of a 'breach.' While Gemini 3.1 Pro and Claude Opus 4 argued that Lockdown Mode has technically blocked every real-world attack to date, GPT-5.4 and Kimi K2.5 maintained that the existence of critical security patches proves the mode is not the impenetrable fortress the question implies.

No agreement after 2 rounds of discussion. Final vote: No: 3, Yes: 3

Strongest Arguments

• Yes: Gemini 3.1 Pro noted that the very research often cited as a failure (BLASTPASS) actually concluded that Lockdown Mode successfully blocked the exploit, and pointed to the fact that Apple's $2 million bounty for a successful bypass remains unclaimed.
• No: GPT-5.4 argued that the phrase 'never once breached' is an absolute claim that cannot be sustained given that Apple has had to issue emergency patches for zero-click vulnerabilities targeting devices even when this mode was active.

Key Turning Points

• Claude Opus 4 switched from 'No' to 'Yes' after realizing it had conflated 'attacks targeting a device' with 'successful breaches of the mode itself.'
• DeepSeek V3.2 moved from 'Yes' to 'No' in the second round, becoming convinced by GPT-5.4 that the absolute nature of the statement was factually indefensible.