Apple sets Rs 8 crore bounty for anyone who can hack into Apple Intelligence servers

Having just launched its much-anticipated Apple Intelligence platform, Apple has introduced a significant expansion to its bug bounty program. In a bold move to ensure the security of its AI-powered infrastructure, Apple is offering a reward of $1 million (over Rs 8 crore) to anyone who can successfully hack into the Apple Intelligence servers.

This initiative aims to uncover potential vulnerabilities before the service rolls out to the public.

Apple Intelligence, unveiled at WWDC 2024, was officially for the public through the release of iOS 18.1. The platform is set to deliver a range of advanced AI features, including improvements to Siri, tighter privacy controls, and secure on-device AI processing.

Given the heightened concerns around AI misuse and the demand for robust privacy, Apple is taking proactive steps to ensure that its infrastructure, specifically the Private Cloud Compute (PCC) system, is resistant to cyber threats.

More from Tech

How ChatGPT is becoming everyone’s BFF and why that’s dangerous America ready for self-driving cars, but it has a legal problem

The PCC platform serves as the backbone of Apple Intelligence, powering the cloud-based operations that supplement on-device AI functions. Built on Apple’s custom silicon servers, the system operates on a hardened operating environment designed to block breaches and prevent data leaks. However, to guarantee its resilience, Apple is inviting ethical hackers and security researchers to scrutinise the PCC system for weaknesses.

How Apple’s Bug Bounty Program works
Apple’s bug bounty program is divided into three categories, with rewards determined by the type and severity of the vulnerability researchers discover.

Impact Shorts

More Shorts

America ready for self-driving cars, but it has a legal problem

Alibaba, Baidu begin using own AI chips as China shifts away from US tech amid Nvidia row

The first category, Accidental Data Disclosure, focuses on design flaws or configuration issues that unintentionally expose user information. This could happen due to incorrect permissions or unexpected interactions between systems. Researchers who identify such vulnerabilities can earn rewards of up to $250,000.

The second category, External Compromise via User Requests, targets vulnerabilities that attackers can exploit through user-initiated actions, such as opening a malicious link or file. Apple takes these threats seriously, especially when they involve unauthorised access or arbitrary code execution that puts user data at risk. Successful discoveries in this area offer the highest reward, reaching up to $1 million.

The final category, Internal or Physical Access Exploits, involves vulnerabilities that occur when attackers misuse internal access points or escalate their privileges within the system. These flaws could allow hackers to gain access to sensitive data or enhance their system control. Researchers uncovering such exploits can receive up to $150,000 in rewards.

Tools for security researchers
To foster transparency and encourage participation, Apple is offering essential resources to help researchers analyse the PCC infrastructure. This includes a Private Cloud Compute Security Guide detailing authentication protocols, privacy safeguards, and protection measures within PCC.

Researchers will also gain access to a Virtual Research Environment (VRE), running on Macs, where they can download and test PCC software under controlled conditions. Portions of the PCC’s source code are now available on GitHub, allowing for a deeper dive into the system’s architecture.

Pre-emptive defence against cybersecurity threats
Apple’s aggressive bounty offer reflects the company’s commitment to staying ahead of cyber threats and delivering a secure AI experience. The stakes are high, as Apple Intelligence aims to enhance AI-powered services while safeguarding user data. By enlisting the expertise of the global cybersecurity community, Apple hopes to patch potential vulnerabilities before they can be exploited.

This bounty program ensures that by the time the service reaches users, it will be as secure as possible — setting a new standard for AI-driven platforms.