Apple is inviting security researchers to investigate its Private Cloud Compute (PCC) system, which powers its Apple Intelligence feature. To demonstrate the security and privacy of its AI infrastructure, the tech giant is offering rewards of up to $1 million for discovering vulnerabilities in the PCC system.
While Apple emphasises that many Apple Intelligence features run on-device, more demanding tasks are processed on PCC servers. These servers, built with Apple Silicon and a new operating system, are designed to uphold Apple’s commitment to user privacy. To ensure transparency and independent verification, Apple is opening up the PCC to scrutiny from security researchers.
How much developers can get for discovering bugs in Apple Intelligence
In a blog post, Apple has confirmed that researchers who discover flaws that compromise the security and privacy of PCC can now earn bounties comparable to those offered for iOS vulnerabilities, with the highest payouts for vulnerabilities that expose user data outside the PCC’s secure environment. Here are the bounty amounts:
Source: Apple
The new bounty categories focus on critical threats like accidental data disclosure, external compromise through user requests, and vulnerabilities related to physical or internal access. This initiative underscores Apple’s commitment to the security and privacy of its AI infrastructure and encourages researchers to help identify and address potential vulnerabilities.
Apart from this, Apple will also consider any security issue that has a significant impact on PCC for an Apple Security Bounty reward, even if it doesn’t match a published category. The company will “evaluate every report according to the quality of what’s presented, the proof of what can be exploited, and the impact on users.”
Apple is offering developers new tools to analyse PCC security
In its blog post, Apple confirmed about creating a Virtual Research Environment (VRE) for security researchers to analyse the Private Cloud Compute (PCC) system used for Apple Intelligence. This will allow for independent verification of Apple’s privacy claims and in-depth investigation of PCC software, including the Secure Enclave Processor, through tools for inspecting releases, verifying logs, booting in a virtual environment, and debugging.
To access the Private Cloud Compute Virtual Research Environment, developers will need a Mac with Apple silicon and at least 16GB of unified memory running the macOS Sequoia 15.1 Developer Preview. Detailed instructions on how to get started are available on Apple’s developer website.
#Apple #crore #Apple #Intelligence #challenge #developers #Times #India
