A discussion currently bubbling up on Lobsters AI concerns Apple's expanded Private Cloud Compute program — and the reaction in the security underground is a mix of cautious applause and genuine frustration.

Apple has published an update on security.apple.com announcing that it is expanding PCC research capabilities. On paper it sounds promising: cryptographically signed binaries, a transparency log, and a Virtual Research Environment (VRE) that lets researchers poke around the system. But people in the community are quick to point out what is not there.

You can verify what is running. You cannot verify how it was built.

That is precisely what is gnawing at people. Experts from Trail of Bits, cited in research circulating in the wake of the announcement, are clear that the amount of meaningful security research possible is directly proportional to how much code Apple actually releases — and Apple is, as they diplomatically put it, "notoriously secretive."

For MacAdmins and IT professionals the problem is even more concrete. Andrea Pepper, a specialist in Apple device management, sums it up fairly precisely: as a user she trusts Apple, but as a MacAdmin she needs to verify. PCC lacks enterprise APIs for tracking AI usage, has no SIEM integration, and offers no support for advanced policy rules beyond simple MDM toggles. It is not built for enterprises — it is built for individual privacy, and that is an important distinction.

Apple opens PCC to hackers — but only hands over half the code - Bilde 1

There are also technical concerns being raised: the GPU code is likely written in Metal, which does not enforce memory safety. This opens the door to potential LeftoverLocals-style attacks under certain conditions. Apple uses Swift in the ML stack, which is a positive, but this gap at the GPU layer is worth watching.

In addition, Israeli security firm Lumia Security has documented that user data — including dictated messages via Siri — can be sent to Apple's servers via PCC even when the user has disabled the relevant learning features. It is a charged finding that has not yet received much attention.

These are still early signals from the community and security research circles — nothing the mainstream tech press has seriously picked up on yet. But given that Apple Intelligence is rolling out to hundreds of millions of devices, the questions surrounding PCC transparency could quickly become a much bigger story. Stay tuned.

Source: Lobsters AI discussion based on the Apple Security Research Blog and associated researcher analyses. These are community-driven early signals — not verified facts from Apple.