{"slug": "apple-extends-private-cloud-compute-to-google-cloud-for-the-first-time", "title": "Apple Extends Private Cloud Compute to Google Cloud for the First Time", "summary": "Apple has extended its Private Cloud Compute (PCC) to Google Cloud for the first time, running AI workloads on NVIDIA Blackwell GPUs, Intel TDX CPUs, and Google Titan chips. The move allows Apple to use Google's AI infrastructure for privacy-sensitive cloud AI tasks, with Apple maintaining independent hardware tracking and multi-vendor attestation to ensure security. The collaboration builds on a multi-year agreement and addresses Apple's need to run inference on the same infrastructure where its foundation models were built.", "body_md": "Apple chose Google Cloud to run [Private Cloud Compute](https://security.apple.com/blog/expanding-pcc/) (PCC) outside its own data centers for the first time. [Announced at WWDC 2026](https://developer.apple.com/wwdc26/), the collaboration stacks three layers of hardware trust on top of each other: NVIDIA Confidential Computing on Blackwell GPUs, Intel TDX on the CPUs, and Google's Titan chip anchoring the root of trust.\n\nApple [describes](https://security.apple.com/blog/expanding-pcc/) the result as:\n\nThe first time these primitives have been integrated into a comprehensive, end-to-end confidential inference pipeline capable of operating at a global scale.\n\nPCC handles AI workloads too demanding for on-device models: agentic tool use, complex reasoning, and the next generation of Apple Foundation Models that Apple and Google built together using technologies behind Google's Gemini family. Until recently, every PCC request ran exclusively on Apple silicon in Apple-controlled data centers. The Google Cloud expansion means Apple's most privacy-sensitive cloud AI workloads will now execute on infrastructure that Apple does not own or operate.\n\nApple's core PCC requirements carry over unchanged: stateless computation, enforceable guarantees, no privileged runtime access, non-targetability, and verifiable transparency. In addition, Apple went further than a standard Confidential Computing deployment, as every component from firmware through host and guest OS stacks to application code is part of the trusted computing base. Moreover, all PCC binaries running on Google Cloud nodes will be publicly available for inspection, and Apple's Security Bounty program extends to the Google Cloud-hosted infrastructure.\n\nTwo implementation details reveal how deeply Apple distrusts the infrastructure it's renting. First, Apple maintains a cryptographically verifiable, append-only ledger of all Google Cloud hardware in the PCC fleet, tracking every physical component independently rather than relying on Google's own attestation. Second, software attestation for any component that could exfiltrate user data is rooted in at least two separate roots of trust from independent vendors, meaning compromising a single vendor, whether Intel, NVIDIA, or Google, is not sufficient to break the verification chain. No other cloud customer maintains this level of independent hardware tracking on a provider's infrastructure.\n\nThe choice of Google Cloud specifically is not random. The collaboration builds on a [multi-year agreement](https://www.cloudcomputing-news.net/news/apple-private-cloud-compute-google-cloud/) signed in January 2026 covering Google's AI models and cloud infrastructure for Apple consumer devices. Apple has used Google's TPUs to train AI models since 2024, and the next generation of Apple Foundation Models uses technologies behind Google's Gemini family. Running PCC on the same infrastructure where the models were built avoids the latency and complexity of cross-provider inference.\n\nJonathan Sandhu, a defense and enterprise systems architect, [offered a blunter reading on LinkedIn](https://www.linkedin.com/posts/expanding-private-cloud-compute-apple-security-share-7469865517583994880-Gxtg/):\n\nThe reason this happened isn't privacy architecture. It's that Google built the foundation models powering the next generation of Apple Intelligence. Apple needed Google's inference capability and had to figure out how to run it without destroying their privacy narrative. This document is the engineering solution to a business dependency problem.\n\nSandhu also raised the unresolved jurisdictional question:\n\nWhat happens to the privacy guarantees when Google's infrastructure has a compliance obligation to a government request that Apple's wouldn't? Apple has fought those battles in court. Google has a different history.\n\nOn [Hacker News](https://news.ycombinator.com/item?id=48450142), one commenter framed the trust question practitioners will ask:\n\nIf Apple handles the Google-Apple boundary right, this will be an elegant move on their part, otherwise it will feel like Apple Intelligence with just a privacy-polished frontend for Gemini.\n\nA practitioner on [Reddit](https://www.reddit.com/r/apple/comments/1u13pj9/apples_private_ai_will_run_on_googles_servers/) laid out the three tiers of cloud inference that make the competitive picture concrete:\n\nThere are three modes: Eyes on with retention (they can see everything, train on it etc). ZDR — zero data retention (no logs are kept at all). ZOA — zero operator access (a Secure Enclave is used that has attestation and encryption. It's impossible for a human to see the data at any point — this is like Apple Private Compute).\n\nThat framework clarifies where each hyperscaler sits. Bedrock's [previous model](https://docs.aws.amazon.com/bedrock/latest/userguide/what-is-bedrock.html) was ZDR: the provider never saw your data. Claude Fable 5 on Bedrock [moved](https://aws.amazon.com/blogs/aws/anthropic-claude-fable-5-on-aws-mythos-class-capabilities-with-built-in-safeguards-now-available/) closer to eyes-on with mandatory 30-day retention. [Apple PCC on Google Cloud](security.apple.com/blog/expanding-pcc/) is ZOA: cryptographic proof that no operator, including Google, can access inference data at any point.\n\nThe competitive context matters. Google Cloud [wins](https://cloud.google.com/blog/products/identity-security/powering-the-next-era-of-confidential-ai/) the most privacy-demanding customer in the industry. AWS and Azure were not chosen. The [open-source Prompt Encryption SDKs](https://cloud.google.com/blog/products/identity-security/verifiable-trust-in-the-ai-era-whats-new-in-confidential-computing) that Google released alongside the collaboration let any customer build the same end-to-end encrypted inference pipeline: prompts encrypted from client to TEE, responses encrypted back.\n\nAlongside the Apple collaboration, Google announced [Confidential G4 VMs](https://cloud.google.com/blog/products/identity-security/verifiable-trust-in-the-ai-era-whats-new-in-confidential-computing) with NVIDIA RTX PRO 6000 Blackwell GPUs in preview, democratizing confidential AI beyond expensive H100-based instances. DigiCert is providing [independent third-party attestation](https://finance.yahoo.com/technology/ai/articles/digicert-introduces-independent-trust-validation-130000178.html) as a neutral root of trust beyond Google's own verification.\n\nThe rollout is ramping through summer 2026 as a preview. Apple keeps its own Apple silicon PCC infrastructure running in parallel. Moreover, this is an expansion, not a migration. Financial terms, capacity commitments, and which Google Cloud regions are involved remain undisclosed. An updated PCC Security Guide and expanded research program documentation are planned for later in 2026.", "url": "https://wpnews.pro/news/apple-extends-private-cloud-compute-to-google-cloud-for-the-first-time", "canonical_source": "https://www.infoq.com/news/2026/07/apple-pcc-google-cloud/?utm_campaign=infoq_content&utm_source=infoq&utm_medium=feed&utm_term=global", "published_at": "2026-07-02 10:04:00+00:00", "updated_at": "2026-07-03 21:23:24.779884+00:00", "lang": "en", "topics": ["artificial-intelligence", "ai-safety", "ai-infrastructure", "ai-ethics", "ai-policy"], "entities": ["Apple", "Google Cloud", "NVIDIA", "Intel", "Google", "Private Cloud Compute", "Apple Foundation Models", "Gemini"], "alternates": {"html": "https://wpnews.pro/news/apple-extends-private-cloud-compute-to-google-cloud-for-the-first-time", "markdown": "https://wpnews.pro/news/apple-extends-private-cloud-compute-to-google-cloud-for-the-first-time.md", "text": "https://wpnews.pro/news/apple-extends-private-cloud-compute-to-google-cloud-for-the-first-time.txt", "jsonld": "https://wpnews.pro/news/apple-extends-private-cloud-compute-to-google-cloud-for-the-first-time.jsonld"}}