Apple is challenging security experts to test the resilience of its servers as part of a new bug bounty program, with potential rewards up to $1 million. The tech giant’s goal is to bolster security for its upcoming AI-powered service, Apple Intelligence, set to launch next week. While Apple Intelligence will primarily process requests on users’ devices, some requests will need to be managed by Apple’s Private Cloud Compute (PCC) servers. Ensuring these servers are secure against hacking and data breaches is essential for protecting user data.
In preparation, Apple has been proactive about PCC’s security, inviting security and privacy researchers to review its end-to-end security measures. Researchers have been provided access to a Virtual Research Environment (VRE) and other resources to test PCC’s defenses. Apple has now opened this opportunity to the public, offering access to the VRE and a detailed Private Cloud Compute Security Guide. This guide explains PCC’s security protocols, such as request authentication and software inspection for Apple’s data centers, and shows how PCC is designed to withstand various cyberattacks. The VRE enables anyone to investigate PCC’s software releases in a virtual setup, with some source code available on GitHub.
The bug bounty program offers rewards in three key areas:
- Data Disclosure: Vulnerabilities that reveal data due to misconfigurations or design issues ($50,000).
- External Compromise: Exploits that allow unauthorized access through user requests ($100,000 to $250,000).
- Code Execution: Unauthorized or arbitrary code execution, with top rewards for severe cases ($1 million).
Apple is also open to rewarding reports that don’t fit into a specific category but show a significant security impact. Reports will be evaluated based on presentation, proof, and user impact. For details on submitting findings, visit the Apple Security Bounty page.
“Dive into PCC’s design with our Security Guide, explore the code with the Virtual Research Environment, and report any issues through Apple Security Bounty,” Apple stated. The company believes PCC is a highly secure architecture for cloud-based AI and looks forward to collaborating with the research community to enhance its security over time.