An early version was found hidden in iOS 14.3 and reverse engineered by somebody who must be pretty smart.
Apple previewed the CSAM detection system for iOS, iPadOS, and macOS earlier…
pocketnow.com
Once the hacker community gets a good look at this, all bets are off.
One question that I’ve never seen answered: how is Apple going to stop this from being turned into a surveillance tool when a government says “Use this database and send the matches to this address, or you can’t sell your phone here.”