Apple AI runs on Google servers but promises user privacy remains intact through new safeguards

Reviewed byNidhi Govil

15 Sources

Share

Apple revealed at WWDC that its upgraded Siri AI runs on Google's infrastructure using Nvidia hardware, marking a significant shift from its previous approach. The company insists its user privacy protections remain strong through an upgraded Private Cloud Compute system, even as it relies on third-party infrastructure. The move raises questions about how Apple balances its privacy commitments with the computational demands of modern AI.

Apple AI Shifts to Google Infrastructure While Maintaining Privacy Claims

Apple confirmed at its Worldwide Developers Conference that Siri AI, the company's long-delayed assistant upgrade, now runs on Google servers equipped with Nvidia hardware

1

. This marks a dramatic departure from Apple's previous stance of running AI models either locally on devices or exclusively on Apple-controlled server hardware. The shift reflects the computational reality facing Apple AI: the company's own hardware infrastructure couldn't provide the capacity needed to support advanced language models at scale

1

.

Source: Digit

Source: Digit

Craig Federighi, Apple's senior vice president of software engineering, explained that Apple Intelligence relies on a tiered architecture managed by the System Orchestrator, an on-device feature that determines which model handles each query

1

. Most devices run AFM 3 Core, a new Gemini-based model co-developed through the Google Gemini partnership. Devices with at least 12GB of RAM use AFM 3 Core Advanced, which leverages additional hardware for improved dictation and more expressive voice capabilities

1

.

Private Cloud Compute Expands to Third-Party Infrastructure

For complex queries requiring more computational power, Apple deploys cloud-based Apple Foundation Models including AFM 3 Cloud for general use, ADM 3 Cloud for image generation, and AFM 3 Cloud Pro for advanced reasoning. The Cloud Pro model, derived from a specialized version of Gemini with approximately 1.2 trillion parameters, runs entirely on third-party infrastructure

2

. This arrangement reportedly costs Apple about $1 billion annually

2

.

Source: CNET

Source: CNET

To maintain user privacy on Google servers, Apple upgraded Private Cloud Compute with multiple security layers. The system now uses Nvidia's Confidential Computing, Intel's Trust Domain Extensions, and Google's Titan security chip

1

. Apple maintains "a cryptographically verifiable, append-only ledger" of all Google Cloud hardware in the Private Cloud Compute fleet, and devices only trust software signed by Apple

1

. However, the company acknowledges these Google Cloud servers don't yet support all the same protections as Apple's own infrastructure, with complete protections rolling out throughout the summer preview period

1

.

On-Device Processing Minimizes Data Exposure

The System Orchestrator ensures only necessary data leaves devices, a critical component of Apple's privacy promise

1

. Federighi emphasized that on-device processing handles simpler queries entirely, while Private Cloud Compute "vaporizes" any record of data immediately after answering questions. "This is not stored. It's all in a form where it's completely transient," he explained

5

. The architecture represents Apple's attempt to balance the computational demands of modern AI with its longstanding commitment to keeping user data private

3

.

Source: The Verge

Source: The Verge

Yet security researchers identify vulnerabilities in this expanded access. To execute tasks across multiple apps, Siri AI requires deep access to messages, emails, photos, and calendars—data Apple previously walled off

2

. Natalie Shapira from Northeastern University warns that "autonomous agents significantly expand the attack surface for prompt injection"

2

. The risk of indirect prompt injection—where malicious instructions embedded in emails or websites trick AI into leaking private data—represents what researcher Simon Willison calls a "lethal trifecta"

2

.

Privacy Architecture Faces Scrutiny as Apple Plays Catchup

Florian Schaub, a privacy researcher at the University of Michigan, notes that while Apple's openness to outside inspection is welcome, "consumers often lack the expertise to inspect code"

2

. Until Apple opens its hybrid cloud arrangement with Google to the same external inspection it promises for Private Cloud Compute, the security of transient data routing rests largely on the company's word

2

.

The company's privacy pitch becomes more critical as it trails competitors in AI capabilities. Apple is "undeniably behind almost every competitor on AI, even after yesterday's announcements," making its privacy differentiation essential

4

. Unlike Google's Gemini, which collects prompts, files, and conversation recordings for 18 months by default, Apple claims it doesn't store conversation logs except on-device in encrypted iCloud accounts

4

.

Apple notably avoided excessive hype around agentic AI at WWDC, focusing instead on practical applications

5

. The company did introduce limited agentic features, including automatic password changes for compromised accounts and Safari's "Notify Me" function for tracking website changes

5

. Siri AI won't reach iPhones or iPads in the European Union at launch, with Apple citing the Digital Markets Act as the reason, though the service will run on Macs and other devices there

2

.

The multi-modal model approach allows Apple Intelligence to understand speech and images while working across apps

3

. Whether Apple's upgraded privacy architecture can withstand scrutiny while running on Nvidia hardware in Google's data centers will determine if the company's privacy promise remains credible as it catches up in the AI race.

Today's Top Stories

© 2026 TheOutpost.AI All rights reserved