Find a Flaw in Apple’s AI Platform, Win RM4.39m Bounty

Apple opens its AI platform to security testing, offering millions in bounties as iOS 18.1 launch approaches next week.

Subscribe to our Telegram channel for the latest stories and updates.

Apple is inviting security researchers to probe its new Private Cloud Compute (PCC) platform, offering rewards of up to RM4.39 million (US$1 million) for discovering critical vulnerabilities in the system that will power its upcoming AI features.

The programme launches just ahead of the company’s significant iOS 18.1 update, which will introduce iPhone AI capabilities, including enhanced Siri functionality, for the first time.

Apple positions its PCC as “the most advanced security architecture ever deployed for cloud AI compute at scale.” The platform, built on custom Apple silicon servers with a security-hardened operating system, aims to provide a more private AI solution compared to competitors’ “hybrid AI” approaches.

“In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment,” Apple stated in their blog titled “Security research on Private Cloud Compute.”

On 24 October, the company opened its resources to the public, welcoming “anyone with interest and a technical curiosity to find holes in the platform.” The bounty programme offers tiered rewards based on vulnerability severity:

• RM4.39 million (US$1 million) for remote attack vulnerabilities allowing arbitrary code execution

• RM1.09 million (US$250,000) for accessing user request data or sensitive information outside trust boundaries

• RM656,934 (US$150,000) for attacks requiring “privileged position” access to an iPhone

“Because we care deeply about any compromise to user privacy or security, we will consider any security issue that has a significant impact to PCC for an Apple Security Bounty reward, even if it doesn’t match a published category,” Apple explained.

The company commits to evaluating submissions based on presentation quality, exploitation proof, and potential user impact. Interested researchers can learn more and submit findings through the Apple Security Bounty page.

The launch of this bounty programme aligns with Apple’s broader strategy of processing AI tasks on-device where possible, using PCC only for more complex operations. This approach contrasts with other smartphone manufacturers in the Android ecosystem, such as Samsung, which employ hybrid AI solutions.

Share your thoughts with us via TechTRP's Facebook, Twitter and Telegram channel for the latest stories and updates.

Previous Post

Malaysia’s High Generative AI Adoption Signals Future-Ready Workforce Amid Job Security Concerns

Next Post

Digital Evolution, Elderly Inclusion: Why Seniors Need Our Support More Than Ever

Related Posts
Total
0
Share