Craig Federighi says Apple Intelligence servers are bare-bones by design. Here’s how they work.

This unique design aligns with Apple’s three-stage hierarchy for Apple Intelligence features: on-device processing is preferred whenever possible, with Apple’s own servers used only when necessary, and ChatGPT considered a last resort. This approach minimizes the amount of user data sent to external servers.

Apple’s commitment to end-to-end encryption (E2E) also extends to PCC servers. Previously, iCloud data was encrypted, but Apple or a hacker could potentially access it. With E2E encryption, data is unreadable even to Apple. However, this posed a challenge for PCC servers as they need to read data to perform AI inference.Apple addressed this with a two-fold solution. First, server tools like load balancers and data loggers are kept outside the protected area, preventing them from decrypting data. Second, the absence of persistent storage ensures that data is deleted once a response is sent back to the user’s device.

Additionally, Apple has taken the unprecedented step of making every production PCC server build publicly available for inspection. This allows anyone to verify that the system operates as claimed and that everything is correctly implemented. All PCC server images are recorded in a cryptographic attestation log, providing an indelible record of signed claims. Each entry includes a URL for downloading that specific build. This transparency serves as an enforcement mechanism, preventing unauthorized PCC nodes from diverting traffic. iPhones won’t send data to servers whose builds haven’t been logged.

While this information was previously known, the launch of the iPhone 16 has brought it back into the spotlight. As more users engage with Apple Intelligence features, Apple’s commitment to privacy will likely become even more crucial.