Apple makes every production PCC server build publicly available for review, so that non-Apple insiders can verify that PCC does (and doesn’t do) what the company claims, and that everything is implemented correctly. All PCC server images are logged in a cryptographic credential journal, which is essentially an indelible record of signed statements, and each entry includes a URL where the build can be downloaded. PCC is designed so that Apple can’t push a server into production without it being logged in. And in addition to providing transparency, the system acts as a key enforcement mechanism, preventing third parties from setting up rogue PCC nodes and redirecting traffic. If a server build hasn’t been logged, iPhones won’t query it or send Apple Intelligence data to it.
PCC is part of Apple’s bug bounty program, and vulnerabilities or misconfigurations found by researchers may be eligible for cash rewards. However, Apple says that since the iOS 18.1 beta was released in overdue July, no one has found any flaws in PCC. The company admits that it has only made the tools to assess PCC available to a select group of researchers.
Many security researchers and cryptographers tell WIRED that Private Cloud Compute looks promising, but they haven’t spent much time investigating it yet.
“Building Apple Silicon servers in the data center when we didn’t have them before, building a custom operating system to run in the data center, was huge,” Federighi says. He adds that “creating a trust model where a device refuses to send a request to a server unless a signature of all the software that the server is running is published in a transparency journal was certainly one of the most unique pieces of the solution—and absolutely critical to the trust model.”
In response to questions about Apple’s partnership with OpenAI and the ChatGPT integration, the company emphasizes that the partnerships are not covered by the PCC and operate separately. ChatGPT and the other integrations are disabled by default, and users must manually enable them. Then, if Apple Intelligence determines that the request would be better served by ChatGPT or another partner platform, it notifies the user each time and asks whether to proceed. Additionally, people can apply these integrations while logged into their account on a partner service like ChatGPT, or they can apply them through Apple without a separate login. Apple said in June that another integration with Google’s Gemini is also in the works.
Apple said this week that in addition to its English-language launch in the United States, Apple Intelligence will launch in Australia, Canada, Fresh Zealand, South Africa, and the United Kingdom in December. The company also said that additional language support — including Chinese, French, Japanese, and Spanish — will be discontinued next year. Whether that means Apple Intelligence will be permitted under the European Union’s Artificial Intelligence Act, and whether Apple will be able to offer PCC in its current form in China, is another question.
“Our goal is to deliver everything we can to provide the best experience for our customers wherever possible,” Federighi says. “But we have to comply with regulations, and there’s uncertainty in some environments that we’re trying to navigate so that we can deliver those features to our customers as quickly as possible. So we’re trying.”
He adds that as the company improves its ability to perform more Apple Intelligence calculations on its devices, it may be able to apply this as a workaround in some markets.
Those who get access to Apple Intelligence will be able to do a lot more than they could with previous versions of iOS, from writing tools to photo analysis. Federighi says his family celebrated their dog’s recent birthday with an Apple Intelligence-generated GenMoji (viewed and confirmed to be very cute by WIRED). But while Apple’s AI is meant to be as helpful and stealthy as possible, the stakes are incredibly high when it comes to the security of the infrastructure it relies on. So how’s everything going so far? Federighi sums it up without hesitation: “The Private Cloud Compute rollout has been pleasantly smooth.”
