In the tech industry, one way to ensure product security is to offer rewards to those who discover and report new security vulnerabilities. Called “bug bounty”, these programs are very widespread and Apple already uses this system to encourage researchers to report the flaws they discover on products like the iPhone. And today, as it prepares the launch of Apple Intelligence, Apple has decided to offer new rewards for those who find flaws in the servers that ensure the processing of personal information by its AI.
As a reminder, Apple Intelligence uses a mix of local data processing with cloud processing. In essence, when Apple Intelligence is given a fairly simple task, that task is carried out by an artificial intelligence model that runs on the user’s iPhone, iPad or Mac. However, when a task is more complex, it is carried out in the cloud. To ensure the confidentiality of information processed by AI, which can be very personal, Apple has developed a system called Private Cloud Compute.
Apple has committed to allowing security inspection of this system. And initially, he collaborated with a small group of listeners and research. But now Apple is making the resources needed to perform this inspection public, so everyone can learn more about Private Cloud Compute. In addition to this, Apple has decided to offer rewards for those who discover flaws.
Up to $1 million reward
In its announcement, Apple publishes a table that includes the maximum bonuses that researchers can receive, depending on the vulnerabilities discovered. And for one type of security breach (Execution of arbitrary code with arbitrary rights), the maximum bounty is $1 million. But this maximum bonus is lower, for the discovery of less serious flaws. For example, the reward will not exceed $50,000 for the category “Accidental or unexpected data disclosure due to a deployment or configuration issue.” In any case, the fact that Apple offers bonuses to researchers is a strong signal.
The firm also indicates that it could even pay bonuses for the discovery of security vulnerabilities which do not fall into any of the categories mentioned on its table, but which have a significant impact on the security of Private Cloud Compute.
- Apple Intelligence relies on local information processing, but the cloud can take over when the user’s request is too complex
- In this case, personal information is processed by a secure system called Private Cloud Compute
- Apple has just introduced a program that allows researchers to receive rewards if they discover security flaws on this system
- Rewards can be up to $1 million
