Private Cloud Compute Security Guide


Private Cloud Compute (PCC) delivers groundbreaking privacy and security protections to support computationally intensive requests for Apple Intelligence by bringing our industry-leading device security model into the cloud. Whenever possible, Apple Intelligence processes tasks locally on device, but more sophisticated tasks require additional processing power to execute more complex foundation models in the cloud. Private Cloud Compute makes it possible for users to take advantage of such models without sacrificing the security and privacy that they expect from Apple devices.
We designed Private Cloud Compute with core requirements that go beyond traditional models of cloud AI security:
Stateless computation on personal user data: PCC must use the personal user data that it receives exclusively for the purpose of fulfilling the user’s request. User data must not be accessible after the response is returned to the user.
Enforceable guarantees: It must be possible to constrain and analyze all the components that critically contribute to the guarantees of the overall PCC system.
No privileged runtime access: PCC must not contain privileged interfaces that might enable Apple site reliability staff to bypass PCC privacy guarantees.
Non-targetability: An attacker should not be able to attempt to compromise personal data that belongs to specific, targeted PCC users without attempting a broad compromise of the entire PCC system.
Verifiable transparency: Security researchers need to be able to verify, with a high degree of confidence, that our privacy and security guarantees for PCC match our public promises.
This guide is designed to walk you through these requirements and provide the resources you need to verify them for yourself, including a comprehensive look at the technical design of PCC and the specific implementation details needed to validate it.
Start exploring the PCC design by learning about the extraordinary security requirements of the system.

Interact with and debug the PCC software stack.
To simplify security research, source code is available for certain security-critical PCC components.

