Earlier this year, a developer known as Jay Gibson (not his real name) received a chilling message from Apple: “Apple detected a targeted mercenary spyware attack against your iPhone.”
Gibson, who until recently worked for Western government hacking tools maker Trenchant, may be the first known case of a spyware builder being targeted by the same technology he helped create. “I was panicking,” he said, recalling how he immediately powered off his phone and bought a new one.
At Trenchant, Gibson developed iOS zero-days, powerful, undisclosed vulnerabilities used to infiltrate devices. He now believes his targeting is linked to internal tensions at Trenchant, where he claims he was scapegoated for an alleged leak of company tools.
Related: Apple Lets Users Tweak Liquid Glass Design
After the Apple alert, Gibson sought forensic help, but investigators found no clear infection evidence, suggesting the attack may have failed or was aborted early.
Trenchant’s parent company, L3Harris, declined to comment. According to sources familiar with the case, other spyware developers have also received similar warnings from Apple in recent months, a sign that mercenary spyware is expanding beyond traditional targets like journalists or dissidents.
Apple sends such alerts when it detects credible evidence of spyware activity. These tools, often costing millions, are typically deployed by governments or intelligence agencies.
Gibson’s story underscores a growing paradox in the surveillance world: those who create powerful hacking tools are no longer immune to their reach.
