Craig Federighi says Apple Intelligence servers are bare-bones by design. Here's how they work.
We may earn a commission if you make a purchase from the links on this page.
In a recent interview, Apple software SVP Craig Federighi revealed that the servers powering Apple's AI features are intentionally basic, lacking traditional hard drives or SSDs. This design choice is part of Apple's approach to ensure that no processed data is stored long-term.
This unique design aligns with Apple's three-stage hierarchy for Apple Intelligence features: on-device processing is preferred whenever possible, with Apple's own servers used only when necessary, and ChatGPT considered a last resort. This approach minimizes the amount of user data sent to external servers.
This unique design aligns with Apple's three-stage hierarchy for Apple Intelligence features: on-device processing is preferred whenever possible, with Apple's own servers used only when necessary, and ChatGPT considered a last resort. This approach minimizes the amount of user data sent to external servers.
This unique design aligns with Apple's three-stage hierarchy for Apple Intelligence features: on-device processing is preferred whenever possible, with Apple's own servers used only when necessary, and ChatGPT considered a last resort. This approach minimizes the amount of user data sent to external servers.
To further protect user privacy, Apple's Private Cloud Compute (PCC) servers incorporate a range of security measures. A key feature is the Secure Enclave, a dedicated hardware encryption key manager. Each file system's encryption key is randomized at every boot-up. This means that once a PCC server is rebooted, all data is erased and the entire system volume becomes cryptographically unrecoverable.
Apple's Reno, NV data center | Image credit — Apple
Apple's commitment to end-to-end encryption (E2E) also extends to PCC servers. Previously, iCloud data was encrypted, but Apple or a hacker could potentially access it. With E2E encryption, data is unreadable even to Apple. However, this posed a challenge for PCC servers as they need to read data to perform AI inference.
Apple addressed this with a two-fold solution. First, server tools like load balancers and data loggers are kept outside the protected area, preventing them from decrypting data. Second, the absence of persistent storage ensures that data is deleted once a response is sent back to the user's device.
Apple addressed this with a two-fold solution. First, server tools like load balancers and data loggers are kept outside the protected area, preventing them from decrypting data. Second, the absence of persistent storage ensures that data is deleted once a response is sent back to the user's device.
Additionally, Apple has taken the unprecedented step of making every production PCC server build publicly available for inspection. This allows anyone to verify that the system operates as claimed and that everything is correctly implemented. All PCC server images are recorded in a cryptographic attestation log, providing an indelible record of signed claims. Each entry includes a URL for downloading that specific build. This transparency serves as an enforcement mechanism, preventing unauthorized PCC nodes from diverting traffic. iPhones won't send data to servers whose builds haven't been logged.
While this information was previously known, the launch of the iPhone 16 has brought it back into the spotlight. As more users engage with Apple Intelligence features, Apple's commitment to privacy will likely become even more crucial.
Things that are NOT allowed: