Apple Workshop on Privacy-Preserving Machine Learning & AI 2026

Apple hosted a two-day Workshop on Privacy-Preserving Machine Learning & AI in early 2026, bringing together its researchers and the broader academic community to discuss advances in private learning, foundation model privacy, and attack security. The event featured presentations on federated learning, differential privacy accounting, homomorphic encryption, and memorization in diffusion models, with selected talk recordings and published work now shared publicly. The workshop underscores Apple’s commitment to embedding privacy protections into increasingly powerful AI systems as they become more integrated into daily life.

At Apple, we believe privacy is a fundamental human right. As AI capabilities increase and become more integrated into people’s daily lives, advancing research in privacy-preserving techniques is increasingly important to ensure privacy is protected while users enjoy innovative AI experiences. Apple’s fundamental research has consistently pushed the state-of-the-art in this domain, and earlier this year, we hosted the Workshop on Privacy-Preserving Machine Learning & AI. This two-day event brought together Apple researchers and members of the broader research community to discuss the latest in privacy-preserving ML and AI, focusing on three key areas: Private Learning and Statistics, Foundation Models and Privacy, and Attacks and Security. Presentations and discussions at the workshop explored advances and open questions in privacy and ML, including federated learning, statistical learning, trust models, attacks, privacy accounting, and the unique challenges presented by foundation models. These research areas ground innovation in rigorous privacy and security evaluation, bridging theoretical frameworks with real-world applications. In this post, we share recordings of selected talks and a recap of the publications discussed at the workshop. Featured Talks featured-talks Published Work Presented at the Workshop published-work-presented-at-the-workshop Adaptive Methods Are Preferable in High Privacy Settings: An SDE Perspective https://openreview.net/forum?id=hSpA4DAoMk by Enea Monzio Compagnoni University of Basel , Alessandro Stanghellini University of Basel , Rustem Islamov University of Basel , Aurelien Lucchi University of Basel , and Anastasiia Koloskova University of Zurich Captured by Captions: On Memorization and its Mitigation in Clip Models https://openreview.net/pdf?id=5V0f8igznO by Wenhao Wang CISPA , Adam Dziedzic CISPA , Grace C. Kim Georgia Institute of Technology , Michael Backes CISPA , and Franziska Boenisch CISPA Combining Machine Learning and Homomorphic Encryption in the Apple Ecosystem https://machinelearning.apple.com/research/homomorphic-encryption by Apple researchers Concurrent Composition for Differentially Private Continual Mechanisms https://arxiv.org/abs/2411.03299 by Monika Henzinger Institute of Science and Technology, Austria , Roodabeh Safavi Institute of Science and Technology, Austria , and Salil Vadhan Harvard University Contextual Agent Security: A Policy for Every Purpose https://dl.acm.org/doi/abs/10.1145/3713082.3730378 by Lillian Tsai Google and Eugene Bagdasarian Google Cram Less to Fit More: Training Data Pruning Improves Fact Memorization https://machinelearning.apple.com/research/cram-less by Jiayuan Ye, Vitaly Feldman, and Kunal Talwar Demystifying Foreground-Background Memorization in Diffusion Models https://arxiv.org/abs/2508.12148 by Jimmy Z. Di University of Waterloo , Yiwei Lu University of Ottawa , Yaoliang Yu University of Waterloo , Gautam Kamath University of Waterloo , Adam Dziedzic CISPA , and Franziska Boenisch CISPA Efficient and Privacy-Preserving Soft Prompt Transfer for LLMs https://adam-dziedzic.com/static/assets/papers/post.pdf by Xun Wang CISPA , Jing Xu CISPA , Franziska Boenisch CISPA , Michael Backes CISPA , Christopher A. Choquette-Choo Google DeepMind , and Adam Dziedzic CISPA Efficient privacy loss accounting for subsampling and random allocation https://machinelearning.apple.com/research/efficient-privacy-loss by Vitaly Feldman and Moshe Shenfeld Hebrew University of Jerusalem; work done while at Apple Eyes Off My Data: Exploring Differentially Private Federated Statistics To Support Algorithmic Bias Assessments Across Demographic Groups https://partnershiponai.org/paper/eyes-off-my-data/ by Partnership on AI Staff Finding NeMo: Localizing Neurons Responsible For Memorization in Diffusion Models https://proceedings.neurips.cc/paper files/paper/2024/file/a102dd5931da01e1b40205490513304c-Paper-Conference.pdf by Dominik Hintersdorf German Research Center for Artificial Intelligence DFKI , Technical University of Darmstadt , Lukas Struppek German Research Center for Artificial Intelligence DFKI , Technical University of Darmstadt , Kristian Kersting German Research Center for Artificial Intelligence DFKI , Technical University of Darmstadt, Hessian Center for AI , Adam Dziedzic CISPA , and Franziska Boenisch CISPA Flocks of Stochastic Parrots: Differentially Private Prompt Learning for Large Language Models https://adam-dziedzic.com/static/assets/papers/DifferentiallyPrivatePromptsForLLMs.pdf by Haonan Duan University of Toronto and Vector Institute , Adam Dziedzic University of Toronto and Vector Institute , Nicolas Papernot University of Toronto and Vector Institute , and Franziska Boenisch University of Toronto and Vector Institute Local Node Differential Privacy https://arxiv.org/abs/2602.15802 by Sofya Raskhodnikova Boston University , Adam Smith Boston University , Connor Wagaman Boston University , and Anatoly Zavyalov Boston University Memorization in Self-Supervised Learning Improves Downstream Generalization https://openreview.net/pdf?id=KSjPaXtxP8 by Wenhao Wang CISPA , Muhammad Ahmad Kaleem University of Toronto and Vector Institute , Adam Dziedzic CISPA , Michael Backes CISPA , Nicolas Papernot University of Toronto and Vector Institute , and Franziska Boenisch CISPA Memory-Efficient Backpropagation for Fine-Tuning LLMs on Resource-Constrained Mobile Devices https://machinelearning.apple.com/research/memory-efficient-backpropagation by Congzheng Song and Xinyu Tang Open LLMs are Necessary for Current Private Adaptations and Outperform their Closed Alternatives https://adam-dziedzic.com/static/assets/papers/openLLMs.pdf by Vincent Hanke, Tom Blanchard, Franziska Boenisch, Iyiola E. Olatunji, Michael Backes, and Adam Dziedzic CISPA Piquantε: Private Quantile Estimation in the Two-Server Model https://arxiv.org/abs/2509.14035 by Hannah Keller Aarhus University , Jacob Imola BARC, University of Copenhagen , Rasmus Pagh BARC, University of Copenhagen , Fabrizio Boninsegna University of Padova , and Amrita Roy Chowdhury University of Michigan Privacy Reasoning in Ambiguous Contexts https://arxiv.org/abs/2506.12241 by Ren Yi Google Research , Octavian Suciu Google Research , Adrià Gascón Google Research , Sarah Meiklejohn Google , Eugene Bagdasarian Google Research , and Marco Gruteser Google Research Ravan: Multi-Head Low-Rank Adaptation for Federated Fine-Tuning https://www.arxiv.org/abs/2506.05568 by Arian Raje CMU , Baris Askin CMU , Divyansh Jhunjhunwala CMU , and Gauri Joshi CMU Robin Hood and Matthew Effects: Differential Privacy Has Disparate Impact on Synthetic Data https://arxiv.org/abs/2109.11429 by Georgi Ganev University College London, Hazy , Bristena Oprisanu University College London , and Emiliano De Cristofaro University College London Terrarium: Revisiting the Blackboard for Multi-Agent Safety, Privacy, and Security Studies https://arxiv.org/abs/2510.14312 by Mason Nakamura University of Massachusetts Amherst , Abhinav Kumar University of Massachusetts Amherst , Saaduddin Mahmud University of Massachusetts Amherst , Sahar Abdelnabi ELLIS Institute Tübingen, MPI for Intelligent Systems, Tübingen AI Center , Shlomo Zilberstein University of Massachusetts Amherst , and Eugene Bagdasarian University of Massachusetts Amherst The Importance of Being Discrete: Measuring the Impact of Discretization in End-to-End Differentially Private Synthetic Data https://arxiv.org/abs/2504.06923 by Georgi Ganev UCL, SAS , Meenatchi Sundaram Muthu Selva Annamalai UCL , Sofiane Mahiou SAS , and Emiliano De Cristofaro UC Riverside The Inadequacy of Similarity-based Privacy Metrics: Privacy Attacks against “Truly Anonymous” Synthetic Datasets https://arxiv.org/abs/2312.05114 by Georgi Ganev UCL, SAS and Emiliano De Cristofaro UC Riverside Trade-offs in Data Memorization via Strong Data Processing Inequalities https://machinelearning.apple.com/research/trade-offs by Vitaly Feldman, Guy Kornowski Weizmann Institute of Science; work done while at Apple , and Xin Lyu UC Berkeley; work done while at Apple Acknowledgments acknowledgments Many people contributed to this workshop including Vitaly Feldman, Christina Ilvento, Tatsuki Koga, Audra McMillan, Congzheng Song, Kunal Talwar, Andreas Thoma, and Jiayuan Ye. Related readings and updates. Apple Workshop on Privacy-Preserving Machine Learning 2025 August 12, 2025 Apple believes that privacy is a fundamental human right. As AI experiences become increasingly personal and a part of people’s daily lives, it’s important that novel privacy-preserving techniques are created in parallel to advancing AI capabilities. Apple’s fundamental research has consistently pushed the state-of-the-art in using differential privacy with machine learning, and earlier this year, we hosted the Workshop on Privacy-Preserving… Read more /updates/ppml-2025 Apple Workshop on Human-Centered Machine Learning 2024 July 24, 2025 research area Accessibility /updates/?domain=Accessibility , research area Fairness /updates/?domain=Fairness , research area Human-Computer Interaction /updates/?domain=Human-Computer%20Interaction A human-centered approach to machine learning HCML involves designing ML & AI technology that prioritizes the needs and values of the people using it. This leads to AI that complements and enhances human capabilities, rather than replacing them. Research in the area of HCML includes the development of transparent and interpretable machine learning systems to help people feel safer using AI, as well as strategies for predicting and preventing… Read more /updates/hcml-workshop-2024