# Apple Workshop on Privacy-Preserving Machine Learning & AI 2026 > Source: > Published: 2026-05-08 00:00:00+00:00 At Apple, we believe privacy is a fundamental human right. As AI capabilities increase and become more integrated into people’s daily lives, advancing research in privacy-preserving techniques is increasingly important to ensure privacy is protected while users enjoy innovative AI experiences. Apple’s fundamental research has consistently pushed the state-of-the-art in this domain, and earlier this year, we hosted the Workshop on Privacy-Preserving Machine Learning & AI. This two-day event brought together Apple researchers and members of the broader research community to discuss the latest in privacy-preserving ML and AI, focusing on three key areas: Private Learning and Statistics, Foundation Models and Privacy, and Attacks and Security. Presentations and discussions at the workshop explored advances and open questions in privacy and ML, including federated learning, statistical learning, trust models, attacks, privacy accounting, and the unique challenges presented by foundation models. These research areas ground innovation in rigorous privacy and security evaluation, bridging theoretical frameworks with real-world applications. In this post, we share recordings of selected talks and a recap of the publications discussed at the workshop. [Featured Talks](#featured-talks) [Published Work Presented at the Workshop](#published-work-presented-at-the-workshop) [Adaptive Methods Are Preferable in High Privacy Settings: An SDE Perspective](https://openreview.net/forum?id=hSpA4DAoMk) by Enea Monzio Compagnoni (University of Basel), Alessandro Stanghellini (University of Basel), Rustem Islamov (University of Basel), Aurelien Lucchi (University of Basel), and Anastasiia Koloskova (University of Zurich) [Captured by Captions: On Memorization and its Mitigation in Clip Models](https://openreview.net/pdf?id=5V0f8igznO) by Wenhao Wang (CISPA), Adam Dziedzic (CISPA), Grace C. Kim (Georgia Institute of Technology), Michael Backes (CISPA), and Franziska Boenisch (CISPA) [Combining Machine Learning and Homomorphic Encryption in the Apple Ecosystem](https://machinelearning.apple.com/research/homomorphic-encryption) by Apple researchers [Concurrent Composition for Differentially Private Continual Mechanisms](https://arxiv.org/abs/2411.03299) by Monika Henzinger (Institute of Science and Technology, Austria), Roodabeh Safavi (Institute of Science and Technology, Austria), and Salil Vadhan (Harvard University) [Contextual Agent Security: A Policy for Every Purpose](https://dl.acm.org/doi/abs/10.1145/3713082.3730378) by Lillian Tsai (Google) and Eugene Bagdasarian (Google) [Cram Less to Fit More: Training Data Pruning Improves Fact Memorization](https://machinelearning.apple.com/research/cram-less) by Jiayuan Ye, Vitaly Feldman, and Kunal Talwar [Demystifying Foreground-Background Memorization in Diffusion Models](https://arxiv.org/abs/2508.12148) by Jimmy Z. Di (University of Waterloo), Yiwei Lu (University of Ottawa), Yaoliang Yu (University of Waterloo), Gautam Kamath (University of Waterloo), Adam Dziedzic (CISPA), and Franziska Boenisch (CISPA) [Efficient and Privacy-Preserving Soft Prompt Transfer for LLMs](https://adam-dziedzic.com/static/assets/papers/post.pdf) by Xun Wang (CISPA), Jing Xu (CISPA), Franziska Boenisch (CISPA), Michael Backes (CISPA), Christopher A. Choquette-Choo (Google DeepMind), and Adam Dziedzic (CISPA) [Efficient privacy loss accounting for subsampling and random allocation](https://machinelearning.apple.com/research/efficient-privacy-loss) by Vitaly Feldman and Moshe Shenfeld (Hebrew University of Jerusalem; work done while at Apple) [Eyes Off My Data: Exploring Differentially Private Federated Statistics To Support Algorithmic Bias Assessments Across Demographic Groups](https://partnershiponai.org/paper/eyes-off-my-data/) by Partnership on AI Staff [Finding NeMo: Localizing Neurons Responsible For Memorization in Diffusion Models](https://proceedings.neurips.cc/paper_files/paper/2024/file/a102dd5931da01e1b40205490513304c-Paper-Conference.pdf) by Dominik Hintersdorf (German Research Center for Artificial Intelligence (DFKI), Technical University of Darmstadt), Lukas Struppek (German Research Center for Artificial Intelligence (DFKI), Technical University of Darmstadt), Kristian Kersting (German Research Center for Artificial Intelligence (DFKI), Technical University of Darmstadt, Hessian Center for AI), Adam Dziedzic (CISPA), and Franziska Boenisch (CISPA) [Flocks of Stochastic Parrots: Differentially Private Prompt Learning for Large Language Models](https://adam-dziedzic.com/static/assets/papers/DifferentiallyPrivatePromptsForLLMs.pdf) by Haonan Duan (University of Toronto and Vector Institute), Adam Dziedzic (University of Toronto and Vector Institute), Nicolas Papernot (University of Toronto and Vector Institute), and Franziska Boenisch (University of Toronto and Vector Institute) [Local Node Differential Privacy](https://arxiv.org/abs/2602.15802) by Sofya Raskhodnikova (Boston University), Adam Smith (Boston University), Connor Wagaman (Boston University), and Anatoly Zavyalov (Boston University) [Memorization in Self-Supervised Learning Improves Downstream Generalization](https://openreview.net/pdf?id=KSjPaXtxP8) by Wenhao Wang (CISPA), Muhammad Ahmad Kaleem (University of Toronto and Vector Institute), Adam Dziedzic (CISPA), Michael Backes (CISPA), Nicolas Papernot (University of Toronto and Vector Institute), and Franziska Boenisch (CISPA) [Memory-Efficient Backpropagation for Fine-Tuning LLMs on Resource-Constrained Mobile Devices](https://machinelearning.apple.com/research/memory-efficient-backpropagation) by Congzheng Song and Xinyu Tang [Open LLMs are Necessary for Current Private Adaptations and Outperform their Closed Alternatives](https://adam-dziedzic.com/static/assets/papers/openLLMs.pdf) by Vincent Hanke, Tom Blanchard, Franziska Boenisch, Iyiola E. Olatunji, Michael Backes, and Adam Dziedzic (CISPA) [Piquantε: Private Quantile Estimation in the Two-Server Model](https://arxiv.org/abs/2509.14035) by Hannah Keller (Aarhus University), Jacob Imola (BARC, University of Copenhagen), Rasmus Pagh (BARC, University of Copenhagen), Fabrizio Boninsegna (University of Padova), and Amrita Roy Chowdhury (University of Michigan) [Privacy Reasoning in Ambiguous Contexts](https://arxiv.org/abs/2506.12241) by Ren Yi (Google Research), Octavian Suciu (Google Research), Adrià Gascón (Google Research), Sarah Meiklejohn (Google), Eugene Bagdasarian (Google Research), and Marco Gruteser (Google Research) [Ravan: Multi-Head Low-Rank Adaptation for Federated Fine-Tuning](https://www.arxiv.org/abs/2506.05568) by Arian Raje (CMU), Baris Askin (CMU), Divyansh Jhunjhunwala (CMU), and Gauri Joshi (CMU) [Robin Hood and Matthew Effects: Differential Privacy Has Disparate Impact on Synthetic Data](https://arxiv.org/abs/2109.11429) by Georgi Ganev (University College London, Hazy), Bristena Oprisanu (University College London), and Emiliano De Cristofaro (University College London) [Terrarium: Revisiting the Blackboard for Multi-Agent Safety, Privacy, and Security Studies](https://arxiv.org/abs/2510.14312) by Mason Nakamura (University of Massachusetts Amherst), Abhinav Kumar (University of Massachusetts Amherst), Saaduddin Mahmud (University of Massachusetts Amherst), Sahar Abdelnabi (ELLIS Institute Tübingen, MPI for Intelligent Systems, Tübingen AI Center), Shlomo Zilberstein (University of Massachusetts Amherst), and Eugene Bagdasarian (University of Massachusetts Amherst) [The Importance of Being Discrete: Measuring the Impact of Discretization in End-to-End Differentially Private Synthetic Data](https://arxiv.org/abs/2504.06923) by Georgi Ganev (UCL, SAS), Meenatchi Sundaram Muthu Selva Annamalai (UCL), Sofiane Mahiou (SAS), and Emiliano De Cristofaro (UC Riverside) [The Inadequacy of Similarity-based Privacy Metrics: Privacy Attacks against “Truly Anonymous” Synthetic Datasets](https://arxiv.org/abs/2312.05114) by Georgi Ganev (UCL, SAS) and Emiliano De Cristofaro (UC Riverside) [Trade-offs in Data Memorization via Strong Data Processing Inequalities](https://machinelearning.apple.com/research/trade-offs) by Vitaly Feldman, Guy Kornowski (Weizmann Institute of Science; work done while at Apple), and Xin Lyu (UC Berkeley; work done while at Apple) [Acknowledgments](#acknowledgments) Many people contributed to this workshop including Vitaly Feldman, Christina Ilvento, Tatsuki Koga, Audra McMillan, Congzheng Song, Kunal Talwar, Andreas Thoma, and Jiayuan Ye. ## Related readings and updates. Apple Workshop on Privacy-Preserving Machine Learning 2025 August 12, 2025 Apple believes that privacy is a fundamental human right. As AI experiences become increasingly personal and a part of people’s daily lives, it’s important that novel privacy-preserving techniques are created in parallel to advancing AI capabilities. Apple’s fundamental research has consistently pushed the state-of-the-art in using differential privacy with machine learning, and earlier this year, we hosted the Workshop on Privacy-Preserving… [Read more](/updates/ppml-2025) Apple Workshop on Human-Centered Machine Learning 2024 July 24, 2025[research area Accessibility](/updates/?domain=Accessibility), [research area Fairness](/updates/?domain=Fairness), [research area Human-Computer Interaction](/updates/?domain=Human-Computer%20Interaction) A human-centered approach to machine learning (HCML) involves designing ML & AI technology that prioritizes the needs and values of the people using it. This leads to AI that complements and enhances human capabilities, rather than replacing them. Research in the area of HCML includes the development of transparent and interpretable machine learning systems to help people feel safer using AI, as well as strategies for predicting and preventing… [Read more](/updates/hcml-workshop-2024)