Apple offers $1 million bounty for uncovering security flaws in private AI cloud

In a nutshell: Apple says that Private Cloud Compute is nan astir precocious information architecture ever deployed for unreality AI compute astatine scale. By inviting scrutiny from nan information investigation community, Cupertino hopes to build spot successful its strategy and amended its information measures.

Apple has announced a important expansion of its bug bounty programme to amended nan information of its upcoming Private Cloud Compute service, designed arsenic an hold of its on-device AI model, Apple Intelligence. This cloud-based work intends to grip much analyzable AI tasks while maintaining personification privacy.

The expanded bounty programme focuses connected 3 main threat categories: accidental information disclosure, outer discuss from personification requests, and beingness aliases soul entree vulnerabilities. Specifically, it is zeroing successful connected distant codification execution, information extraction, and network-based attacks, pinch nan maximum bounty of $1 cardinal awarded to researchers who tin place exploits that let malicious codification to tally remotely connected its Private Cloud Compute servers.

Researchers tin besides gain up to $250,000 for reporting vulnerabilities that alteration nan extraction of delicate personification accusation aliases submitted prompts. Exploits that entree delicate personification information from a privileged web position could nett researchers up to $150,000.

Apple pointed retired that nan rewards for Private Cloud Compute vulnerabilities are comparable to those offered for iOS, fixed nan captious quality of nan service's information and privateness guarantees.

To support this initiative, Apple is providing researchers pinch extended resources to inspect and verify nan end-to-end information and privateness promises of Private Cloud Compute. These see a broad information guideline detailing nan architecture and information measures, a Virtual Research Environment (VRE) that allows nonstop study of nan strategy connected Mac computers, and entree to root codification for cardinal components nether a limited-use licence agreement.

Providing these devices is an unprecedented measurement for Cupertino, Apple said, aimed astatine building spot successful nan system. It has already provided third-party auditors and prime information researchers early entree to these resources. "Today we're making these resources publically disposable to induce each information and privateness researchers – aliases anyone pinch liking and a method curiosity – to study much astir PCC and execute their ain independent verification of our claims."

The VRE, which runs connected Macs pinch Apple silicon and astatine slightest 16GB of unified memory, offers powerful devices for examining and verifying PCC package releases, booting releases successful a virtualized environment, performing conclusion against objection models, and modifying and debugging PCC package for deeper investigation.

Apple has made root codification disposable for respective components of Private Cloud Compute that screen various aspects of PCC's information and privateness implementation. These see nan CloudAttestation project, Thimble project, splunkloggingd daemon, and srd_tools project.

Apple besides said it will see providing rewards for immoderate information rumor uncovered pinch a important impact, moreover if it falls extracurricular nan published categories. "We'll measure each study according to nan value of what's presented, nan impervious of what tin beryllium exploited, and nan effect to users," it said.