Apple has announced an expansion of its Private Cloud Compute (PCC) platform, extending the privacy-focused infrastructure behind Apple Intelligence beyond the company's own data centers for the first time.
The move will allow certain AI workloads to run on Google Cloud systems powered by NVIDIA GPUs while preserving the security and privacy guarantees Apple says are central to its AI strategy.
According to Apple, the expansion is designed to support the next generation of Apple Intelligence features, particularly those requiring computational resources beyond what can be handled directly on a user's device.
Apple introduced Private Cloud Compute in 2024 as a way to process complex AI requests in the cloud without exposing user data to traditional cloud-based risks. The platform was built around Apple silicon and a set of privacy protections intended to ensure that user information is not retained, profiled, or accessible to cloud operators. With the latest announcement, Apple is attempting to bring those same protections to infrastructure operated by third parties.
The company said it has collaborated with Google to leverage technologies behind the Gemini family of AI models while developing new Apple Foundation Models that power Apple Intelligence. While many AI functions continue to run locally on Apple devices, more demanding workloads, including advanced reasoning and agentic tool-use tasks, will be processed through an expanded PCC environment hosted on Google Cloud and accelerated by NVIDIA graphics processors.
To support the transition to third-party infrastructure, Apple said it worked with Google and NVIDIA to integrate multiple confidential computing technologies into PCC. The new environment relies on NVIDIA Confidential Computing capabilities, Intel processors supporting Trust Domain Extensions (TDX), and Google's Titan security chip.
Apple emphasized that it is not relying exclusively on confidential virtual machines for protection. Instead, the company claims it has built a broader security architecture that treats the entire software and hardware stack as part of a trusted computing base subject to verification and transparency requirements.
Among the security measures highlighted by Apple are:
- Stateless processing designed to prevent long-term retention of user data.
- Cryptographic attestation mechanisms that verify software integrity.
- Restrictions intended to eliminate privileged runtime access.
- Non-targetability protections that prevent requests from being directed to specific servers.
- Public transparency mechanisms that allow independent researchers to inspect deployed software.
To address potential supply chain threats, Apple said it maintains a cryptographically verifiable append-only ledger tracking all Google Cloud hardware used within the PCC environment. For critical components that could potentially be abused to exfiltrate data, software attestation is anchored to at least two separate hardware roots of trust provided by different vendors.
The company also detailed several architectural protections carried over from its original Apple silicon deployment. Incoming network requests are initially processed within isolated environments, shared inference software is frequently recycled to limit persistence opportunities, and cryptographic keys are stored inside dedicated confidential virtual machines separated from external inputs.
As with the original PCC deployment, Apple said all binaries used in the Google Cloud implementation will be published for public inspection. The company also plans to provide research tools and access to live PCC systems operating in a special research mode through the Apple Security Bounty Program.
Apple stated that devices will continue to trust only PCC software that has been cryptographically approved by Apple, regardless of where the infrastructure is physically hosted. The company will gradually roll out the full set of protections during a summer preview period and plans to release additional technical documentation later this year, including updates to its PCC Security Guide.
Leave a Reply