Apple is making a bold claim: since Lockdown Mode launched in 2022, it says it has never seen a single successful mercenary spyware attack on any iPhone, iPad, or Mac with the feature turned on.

In a statement to TechCrunch, Apple spokesperson Sarah O’Rourke said the company is “not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device,” essentially positioning the feature as a kind of panic button for people who live with the risk of highly targeted hacks from commercial spyware vendors like NSO Group (Pegasus), Intellexa (Predator), and others. This isn’t meant for the average user doomscrolling on social media; it’s for journalists, activists, lawyers, opposition politicians, and anyone who might realistically end up in a government-grade spyware operator’s crosshairs.

So what actually happens when you flip Lockdown Mode on? Under the hood, Apple aggressively shuts down a bunch of attack surfaces that spyware loves to abuse. Most message attachment types are blocked, link previews in Messages are disabled, some complex web technologies like JIT JavaScript are turned off, configuration profiles and some wired connections are restricted, and your device stops automatically joining sketchy Wi-Fi networks. In normal life, those are convenience features; in a targeted attack, they’re open doors. Lockdown Mode’s whole philosophy is simple: if it can be abused, it’s better to turn it off for people who genuinely need maximum safety, even if that hurts usability a bit.

The interesting part is that independent researchers are backing Apple up here. Amnesty International’s security lab says it hasn’t seen any case where an iPhone was successfully compromised by mercenary spyware while Lockdown Mode was enabled at the time of the attack. Citizen Lab, one of the leading groups tracking Pegasus and similar tools, has documented at least two concrete incidents where Lockdown Mode actively blocked real‑world spyware campaigns—one involving NSO’s Pegasus and another involving Predator from Intellexa. In those cases, Lockdown Mode didn’t just silently protect the device; it also surfaced alerts that something was trying (and failing) to break in, which is incredibly valuable from a forensics and user-awareness standpoint.

Spyware developers are clearly paying attention too. Google’s security researchers observed at least one strain of iPhone spyware that simply gives up if it detects Lockdown Mode is active, likely because attackers don’t want to risk tipping off the victim or leaving forensic traces on a hardened device. Patrick Wardle, a well-known Apple security expert, called Lockdown Mode “one of the most aggressive consumer-facing hardening features ever shipped,” noting that it kills entire exploit classes by removing features that underpin zero‑click attacks—those nightmare scenarios where your phone can be infected without you tapping anything at all.

Of course, this isn’t some magic shield for everyone, and Apple isn’t claiming iOS itself is unhackable. Regular users remain exposed to a variety of threats if they don’t use Lockdown Mode, and high-end exploits keep surfacing as companies and governments pour money into offensive tooling. Plus, Lockdown Mode does come with trade-offs: some websites won’t load properly, certain apps or content flows can break, and the overall experience becomes more locked down by design, which is why Apple frames it as an extreme option for a “small percentage” of users rather than something you casually turn on and forget.

Still, the signal here is pretty clear. For people who actually worry about being targeted with Pegasus-style spyware, Lockdown Mode has moved from “interesting extra” to “last line of defense that appears to be working in the real world,” backed by both Apple’s telemetry and independent security research. If you fall even remotely into that high-risk category—or you’re advising people who do—it’s one of the rare toggles in settings that can genuinely change the stakes of an attack.