Private cloud compute (PCC) delivers robust privacy and security to Apple intelligence by extending our device security model to the cloud. In our previous post, we explained our commitment to transparency and invented security and privacy resources to review and verify PCC’s protections. Following the Apple Intelligence and PCC announcements, we announced that we would offer early access to resources, such as the PCC Virtual Research Environment (VRE), for independent evaluation.
Today, we are making these resources available to everyone. We invite all security and privacy researchers, as well as anyone who is interested and technically curious, to learn more about PCC and check our claims for themselves. We are also extending Apple security bounty to include PCC, offering substantial rewards for reports of any security or privacy issues.
Security Guide
To help you understand how we build PCC’s architecture to meet our main goals, we have published the Private Cloud Compute Security Guide. This guide gives detailed technical information about PCC’s components and how they work together to provide strong privacy for AI processing in the cloud. It covers topics such as how PCC attestations rely on hardware features, how requests are authenticated and dropped to prevent targeting, how you can inspect software running in Apple’s data centers, and how PCC privacy and security features perform under different attack scenarios.
Virtual Research Environment
For the first time, we have created a virtual research environment (VRE) for Apple platforms. The VRE is a set of tools that enables you to perform your own security analysis of private cloud compute directly from your Mac. With this environment, you can do more than simply learn about the platform’s security features you can also independently verify that the private cloud compute protects user information privacy as described.
You can also use the VRE tools to:
- List and inspect PCC software releases
- Verify the consistency of the transparency log.
- Download the binaries corresponding to each release.
- Build a release in a virtualized environment.
- Perform inference against demonstration models.
- Modify and debug the PCC software to enable deeper investigation.
The VRE requires a Mac with Apple silicon and at least 16GB of memory. It is not available for macOS Sequoia 15.1 developer preview. Please review the provided instructions to get started.
Private Cloud Compute Source Code
We are releasing the source code for key PCC components that support its security and privacy. The code is under a limited user license for deeper analysis.
We are publishing source code for projects in areas including:
- The Cloud Access Attestation project is responsible for constructing and authenticating the attestations of the Private Cloud Compute code.
- The Thimble project, which includes the private cloud computing daemon that runs on a user’s device and uses cloud attestation to ensure verifiable transparency
- The Splunk logging daemon filters logs emitted by the APCC node to prevent accidental data disclosure.
- The srd_tools project, which contains the VRE tooling, helps you understand how the VRE enables running the PCC code.
You can find the PCC source code in the Apple/security-pcc GitHub project.
Apple Security Bounty For Private Computer
To encourage more research on private cloud computing, we are expanding the Apple security bounty to reward discoveries of vulnerabilities that compromise PCC’s core security and privacy protections.
Our new PCC bounty categories are aligned with the most critical threats we describe in the security guide:
- Accidental data disclosure: vulnerabilities that lead to unintended exposure of data due to configuration flaws and system design issues
- External compromise from user requests: vulnerabilities enabling external actors to exploit user requests to gain unauthorized access to PCC
- Physical or internal access: vulnerabilities where access to internal interfaces enables a compromise of the system
Since PCC brings the strong security and privacy of Apple devices to the cloud, our rewards are similar to those for iOS. We give the highest rewards for vulnerabilities that expose user data or insurance request data outside the PCC trust boundary.
Apple Security Bounty: Private Cloud Compute
| Category | Description | Maximum bounty |
| Remote attack on request data | Arbitrary code execution with arbitrary entitlements | $1,000,000 |
| Remote attack on request data | Access to a user’s request data or sensitive information about a the user’s request, requests outside the trust boundary | $250,000 |
| Attack on request data from a privileged network position | Access to a user’s request data or other sensitive information about the user outside the trust boundary | $150,000 |
| Attack on request data from a privileged network position | Ability to execute unattested code | $100,000 |
| Attack on request data from a privileged network position | Accidental or unexpected data disclosure due to deployment or configuration issues | $50,000 |
We take any threat to customer privacy or security seriously. If you find a security issue that significantly affects PCC, we will consider it for an Apple security bounty, even if it is not listed in the published categories. We review every report based on its quality, the proof of what can be exploited, and the impact on users. Visit our Apple security bounty page to learn more and submit your research.
In Closing
Private Cloud Compute, developed as part of Apple Intelligence, represents a significant advancement in AI privacy. Verifiable transparency distinguishes PCC from other server-based AI systems. Building on the Apple Security Research Device program, the tools and documentation released today enable in-depth study and verification of PCC’s security and privacy features. We invite you to review PCC’s architecture using our security guide, test the code in the virtual research environment, and submit your findings through the Apple security bounty. We believe Private Cloud Compute sets a new standard for security in cloud AI at scale and look forward to ongoing collaboration with the research community.
