Apple confirmed at WWDC that its upcoming Siri AI runs on Google's Gemini language models hosted on Nvidia hardware in Google data centers—yet Apple insists its privacy promises are still intact.
For years, Apple's privacy story rested on keeping data either on your device or inside Apple's own server hardware with encryption that even Apple employees couldn't break. Siri AI breaks that model. The company now rents compute from a direct competitor, using Nvidia GPUs inside Google's cloud, to run models too large for an iPhone or Mac.
From On-Device to Third-Party Cloud
Apple's Private Cloud Compute system was the first step: Apple ran its own servers, controlled firmware, and promised no data logging. Siri AI goes further. By outsourcing inference to Google's infrastructure, Apple loses physical control of the hardware. The privacy guarantee now depends entirely on software isolation, encrypted memory, and attestation—confidential computing at scale.
Apple hasn't detailed the exact mechanisms, but the claim is that data remains encrypted end-to-end, and Google's operators can't access model inputs or outputs. That's a heavy lift. Nvidia GPUs do support confidential computing via hardware-based TEEs (trusted execution environments), but orchestrating that across Google's fleet with Apple's own security policies is nontrivial.
How Apple Plans to Keep Data Private
The company relies on the same encryption architecture it used for Private Cloud Compute: data is encrypted before leaving the device, decrypted only inside a hardware-bound enclave on the server, and never persisted. Apple says the Google-side Nvidia hardware runs verified firmware that Apple signs, and Google cannot modify it without breaking attestation.
Still, this expands the attack surface. A compromised hypervisor or a side-channel on the Nvidia GPU could leak tensors. Apple's bet is that its custom security monitor and Google's existing confidential VMs (like Confidential GKE nodes) together prevent such leaks. Neither party has published a full audit yet.
What this enables: Apple can now deploy far larger models without building its own data centers. For developers, it means Siri AI features that previously required on-device or Apple-cloud compute can tap into Google's capacity transparently. The user never sees the switch—just gets faster, more accurate responses.
The real test isn't technical; it's trust. Apple is asking privacy-conscious users to accept that renting Google's silicon doesn't weaken their guarantees. That's a harder sell than any encryption scheme.
Source: Apple says its AI is still private, even when it's running on Google's servers
Domain: arstechnica.com
Comments load interactively on the live page.