Apple has announced a new bug bounty program offering up to $1 million to individuals who can successfully hack into its Apple Intelligence servers. This initiative aims to test and strengthen the security of the servers that process requests for the company’s forthcoming AI-powered service, slated for official launch next week.
While Apple Intelligence will primarily process requests on users’ devices, certain tasks will require handling by Apple’s servers, known collectively as Private Cloud Compute (PCC). To ensure these servers are fortified against cyberattacks and data breaches, Apple has been proactive in inviting security and privacy researchers to examine and verify the end-to-end security and privacy of PCC.
To assist participants, Apple has published a Private Cloud Compute Security Guide detailing how PCC operates, focusing on request authentication and defense mechanisms against various cyber threats. Additionally, the company has opened access to a Virtual Research Environment (VRE) that allows researchers to inspect PCC’s software releases, download files, and delve deeper into the system’s architecture. Key components of PCC’s source code have also been made available on GitHub.
The bug bounty program targets vulnerabilities in three key areas: accidental data disclosure due to configuration flaws, external compromises from user requests, and internal access vulnerabilities. Rewards range from $50,000 for identifying accidental data disclosures to $1 million for uncovering vulnerabilities that allow arbitrary code execution without user permission or knowledge.
Apple encourages researchers to report any significant security issues, even if they don’t fit the specified categories, with compensation evaluated based on the quality and impact of the findings. The company emphasizes its commitment to enhancing the security of Apple Intelligence and looks forward to collaborating with the research community to achieve this goal.