Apple will pay more than Rs 8 crore to anyone who can hack Apple Intelligence servers

Apple is gearing up to roll out the first set of features for its AI-driven Apple Intelligence in the next few days. In a preemptive move ahead of the release, the company has also expanded its bug bounty program. Apple has announced a reward of $1 million – over Rs 8 crore – for anyone who can hack into the servers of Apple Intelligence. Why? The Cupertino giant aims to identify vulnerabilities in its Private Cloud Compute (PCC) platform, ensuring robust security for its new AI-powered services.
Apple Intelligence was introduced at WWDC 2024 and is expected to launch with the iOS 18.1 update. The AI-powered suite will bring significant features designed to enhance Siri, strengthen device privacy, and secure on-device processing for AI functions. However, amid concerns over the potential misuse of AI and demand for secure, private AI options, Apple is taking extra precautions to make its platform as resilient as possible against cyber threats. And if anyone identifies issues in the servers, Apple is prepared to offer a substantial bounty for their efforts.
Following the initial announcement of Apple Intelligence, Apple has opened its PCC infrastructure to security experts and researchers. The PCC system supports Apple Intelligence’s cloud processing needs and is built on Apple’s custom silicon servers, running a security-hardened operating system specifically designed to prevent breaches and data leaks. This program allows participants to examine PCC’s security architecture, which Apple claims is “the most advanced security architecture ever deployed for cloud AI compute at scale.”
Apple is inviting security researchers worldwide to examine the PCC infrastructure and identify potential security gaps that could expose user data. By engaging independent researchers through a Virtual Research Environment (VRE), Apple aims to enhance transparency and detect underlying vulnerabilities.
Under the bug bounty program, Apple has categorised vulnerabilities into three main areas, each with distinct reward levels based on risk and complexity.
For each category, Apple evaluates reported vulnerabilities based on technical depth, potential risk to users, and report quality. The company also offers additional rewards for exceptional findings that significantly impact security, even if they fall outside the specified categories.
To ensure transparency in the Bug Bounty program, Apple has made essential resources available to help researchers fully engage with PCC. The company has published a Private Cloud Compute Security Guide detailing PCC’s privacy protocols, authentication processes, and protection mechanisms. Additionally, researchers are granted access to a VRE running on Macs, where they can download, analyse, and test PCC software within a controlled setting. For those wanting a deeper look, Apple has also made portions of PCC’s source code available on GitHub.