Apple confirms Private Cloud Compute now works on Google’s cloud

More news from WWDC, Apple has officially confirmed it is expanding Private Cloud Compute (PCC) beyond Apple’s data centers, in this case extending it to Google Cloud while maintaining the exceptional security and privacy properties PCC has always promised.

Apple’s VP Security Engineering and Architecture, Ivan Krstić confirmed this, writing.

What Apple says

“Our core PCC requirements remain exactly the same: stateless computation, enforceable guarantees, no privileged runtime access, non-targetability, and verifiable transparency.

“What’s new with PCC on Google Cloud is the implementation: NVIDIA Confidential Computing with NVIDIA GPUs, Intel CPUs with TDX, and Google’s Titan chip. On this foundation, Apple and Google collaborated to build capabilities that go far beyond a traditional confidential computing deployment.”

The company has written a paper explaining what it has done in this work, which extends PCC privacy to third-party data centers.

This protection kicks in when running some of the most complex new Apple AI models, which rely on Google and NVIDIA to compute. “PCC set a new bar for AI privacy in the cloud, and continues to power the most demanding Apple Intelligence features,” the Apple paper said.

The company notes that others in the industry had tried to achieve similar degrees of security, but had so far not integrated these into a comprehensive, end-to-end confidential inference pipeline capable of operating at global scale. That’s what Apple has managed to achieve, the paper explains.

Sign up to get all the latest Apple news at The Core TLDR Apple News on Substack.

Safe in the cloud?

It is, as expected, a root and branch approach that doesn’t rely solely on confidential computing technologies to mitigate attacks, it extends to every component, hardware and software.

“For components that could be abused to exfiltrate user data if compromised, our software attestation is rooted in at least two separate roots of trust from independent vendors,” Apple said.

“Together, these capabilities help ensure that even outside of Apple’s hardware and data centers, user data will continue to be protected by the full force of PCC’s extraordinary security and privacy properties.”

Plus, of course, Apple is continuing to open its system up for verification and testing by security researchers. All the same, it is reassuring that “Regardless of where the infrastructure is hosted, Apple retains complete control over PCC software; Apple devices will only trust PCC software that is cryptographically approved by Apple.”

In other words, even when your request is in the Google cloud you can be reasonably certain your privacy continues to be protected.

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon and The Core.