Apple has unveiled a “groundbreaking cloud intelligence system” named Private Cloud Compute (PCC), aimed at managing artificial intelligence (AI) workloads in the cloud while upholding privacy standards.
The tech giant described PCC as the “most advanced security architecture ever deployed for cloud AI compute at scale.”
PCC aligns with the introduction of new generative AI (GenAI) technologies, collectively referred to as Apple Intelligence. These advancements are featured in Apple’s latest software releases, including iOS 18, iPadOS 18, and macOS Sequoia.
You might be interested in: Apple M-Series Chips’ New “GoFetch” Vulnerability Exposes Secret Encryption Keys
All Apple Intelligence features, whether on-device or PCC-based, leverage in-house generative models trained using “licensed data, including data selected to enhance specific features, as well as publicly available data collected by our web-crawler, AppleBot.”
The essence of PCC is to offload complex requests requiring significant processing power to the cloud, ensuring that data remains inaccessible to any third party, including Apple, through a technology known as stateless computing.
The PCC architecture is supported by a custom-built server node that integrates Apple hardware, Secure Enclave, and Secure Boot, along with a fortified operating system specifically designed for handling Large Language Model (LLM) inference workloads.
This architecture provides an “extremely narrow attack surface,” according to Apple, and allows the use of Code Signing and sandboxing to ensure that only authorized and cryptographically verified code runs in the data center, keeping user data within the trust perimeter.
“Technologies such as Pointer Authentication Codes and sandboxing act to resist exploitation and limit an attacker’s horizontal movement within the PCC node,” the statement claimed. “The inference control and dispatch layers are written in Swift, ensuring memory safety, and use separate address spaces to isolate the initial processing of requests.”
“This combination of memory safety and the principle of least privilege eliminates entire classes of attacks on the inference stack itself and restricts the level of control and capability that a successful attack can achieve.”
A significant security and privacy measure involves routing PCC requests through an Oblivious HTTP (OHTTP) relay operated by an independent party, concealing the origin (i.e., IP address) of the requests. This effectively prevents an attacker from associating the requests with a specific individual based on their IP address.
Notably, Google also employs OHTTP relays as part of its Privacy Sandbox program and Safe Browsing feature in the Chrome web browser to protect users from visiting potentially harmful websites.
Apple further mentioned that independent security experts can inspect the code running on Apple silicon servers to validate its privacy features. PCC cryptographically ensures that its devices do not communicate with a server unless the program is publicly logged for inspection.
“Every production Private Cloud Compute software image will be published for independent binary inspection, including the OS, applications, and all relevant executables, which researchers can verify against the measurements in the transparency log,” the company stated.
“Software will be published within 90 days of inclusion in the log, or after relevant software updates are available, whichever is sooner.”
Alongside Apple Intelligence, the integration of OpenAI’s ChatGPT into Siri and systemwide Writing Tools allows users to generate text and photos based on their prompts. Apple emphasizes the privacy safeguards built into this process for those who choose to use the virtual assistant.
“Their IP addresses are obscured, and OpenAI won’t store requests,” Apple stated. “ChatGPT’s data-use policies apply for users who choose to connect their account.”
Apple Intelligence, set to be widely accessible later this fall, will be limited to the iPhone 15 Pro, iPhone 15 Pro Max, iPad, and Mac with M1 or later that have Siri and the device language set to U.S. English.
Other new privacy features provided by Apple include the ability to lock and conceal individual apps behind Face ID, Touch ID, or a passcode; allowing users to choose which contacts to share with an app; a dedicated Passwords app; and a revised Privacy and Security section in Settings.
According to MacRumors, the Passwords app includes an option to automatically update existing accounts to passkeys. Additionally, Apple has replaced the Private Wi-Fi Address option for Wi-Fi networks with a new Rotate Wi-Fi Address setting to reduce tracking.
MANAGED CYBERSECURITY SOLUTIONS
Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.
About Rhyno Cybersecurity Services
Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.
Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.