We can still reproduce what looks like the same issue on current builds. Filed with Apple as: FB22434584 We reproduce it in our app, and it is also reproducible using Corbado’s public PRF demo: https://webauthn-passkeys-prf-demo.explore.corbado.com/ Environment iPhone on iOS 26.3.1(a) Chrome 146.0.7680.153 on Windows 10 For the same passkey / same credential and same PRF input, we get different PRF results depending on same-device vs cross-device / hybrid authentication. Relevant excerpts from the demo: Registration (Windows / Google Password Manager) credential id: Dbsf2W... rawId: Dbsf2W... PRF result: 07f318... Same-device auth (Windows) credential id: Dbsf2W... rawId: Dbsf2W... PRF result: 07f318... Cross-device / hybrid auth (iOS QR auth -> Windows) same credential id: Dbsf2W... same rawId: Dbsf2W... PRF result: 2444f1... The request parameters are otherwise the same: same RP ID same allowCredentials same userVerification: required same PRF input (prf.eval.first, value "Corbado") Also importantly, the very same credential, when used locally / same-device, produces the same PRF result as registration. The mismatch only appears on the cross-device / hybrid path. This looks like the same bug class discussed here: same credential + same PRF input, but different PRF output for local vs hybrid authentication. Appreciate it is possible that other stack components may also be involved, but I wanted to check whether this is believed to be fully fixed on current builds.