Apple Intelligence processes tasks locally on Apple devices whenever possible. However, more complex tasks require additional processing power and access to more complex foundation models. To enable Apple devices to access this additional AI processing power in the cloud, Apple developed Private Cloud Compute (PCC). Apple claims that PCC delivers privacy and security protections to support computationally intensive requests for Apple Intelligence by extending its device security model into the cloud.
To confirm the security capabilities of PCC, Apple initially allowed a select group of security and privacy researchers to inspect and verify the system. This was done by sharing the PCC Virtual Research Environment (VRE) with third-party auditors and these researchers. Now, Apple is making these resources public so that all security and privacy researchers can conduct their own independent verification.
Apple has also released the source code of key parts of PCC for public review, including:
- The CloudAttestation project, which is responsible for constructing and validating the PCC node"s attestations.
- The Thimble project, which includes the privatecloudcomputed daemon that runs on a user"s device and uses CloudAttestation to enforce verifiable transparency.
- The splunkloggingd daemon, which filters the logs that can be emitted from a PCC node to protect against accidental data disclosure.
- The srd_tools project, which contains the VRE tooling and can be used to understand how the VRE enables the running of the PCC code.
In addition, Apple announced that its Security Bounty now includes PCC. Apple"s willingness to pay significant bounties for PCC vulnerabilities demonstrates its commitment to PCC"s security claims. For arbitrary code execution with arbitrary entitlements in PCC, Apple is prepared to pay up to $1 million. If someone finds an issue that provides access to a user"s request data or sensitive information about their requests outside the trust boundary, Apple will pay $250,000.
In its blog post announcing the public availability of the PCC VRE, Apple stated:
Because we care deeply about any compromise to user privacy or security, we will consider any security issue that has a significant impact to PCC for an Apple Security Bounty reward, even if it doesn’t match a published category. We’ll evaluate every report according to the quality of what"s presented, the proof of what can be exploited, and the impact to users.
By taking these steps, Apple aims to build trust and transparency around PCC and reinforce its commitment to protecting user privacy and security in the cloud.