It will be interesting to see if the Private Cloud Compute + on-device routing can make third-party model capabilities feel like a first-party system without leaking user context to the model provider.
If Apple handles the Google-Apple boundary right, this will be an elegant move on their part, otherwise it will feel like Apple Intelligence with a just a privacy-polished frontend for Gemini.
Wouldn't it be more accurate to call Apple's architecture data protection rather than privacy? As an European citizen in a post Snowden world I would be surprised if any of my data on Apple services was actually kept private from the US government, and Apple certainly wants to own a lot of data/metadata about you. Gotta have Siri listening for carplay and so on. I would aboslutely trust Apple not to sell my data as a commodity though.
> If Apple handles the Google-Apple boundary right, this will be an elegant move on their part, otherwise it will feel like Apple Intelligence with a just a privacy-polished frontend for Gemini.
I'd say this is spot on. At least if what Microsoft is doing with Copilot Cowork is anything to go by. Cowork is not a privacy-polished as much as it's an Enterprise compliant polish to make Opus 4.8 run "safely" in your enterprise organisation. So far Microsoft is winning the AI war in non-tech enterprise with this, especially here in the EU. If Apple manages to do this for the private market that will be great for them.
I'm not personally sold on what an AI should do on my phone though. I use a lot of AI professionally, but I haven't even turned on Bixby or whatever the Samsung AI is called.
Microsoft's approach to data is basically "we promise nobody else but you and your government can access it, we can but we pinky swear we won't." This promise is mostly enforced at the legal layer and through legal consequences, not technical safeguards. If they think they can get away with it (or are forced to get away with it by the US government), there's nothing stopping them from using your data in whatever way they want.
When they can, Apple designs their systems so that they physically don't even have the capability to use your data, even if it's processed on their own servers. They're not privacy maximalists like Signal is, they care more about user experience, but they do aim for the highest level of privacy you can get while still having a good experience, and when they do need to make sacrifices, they typically let you opt into the privacy features if you really want to.
I'm far more inclined to believe that Microsoft is secretly (or not so secretly) collaborating with the US government than that Apple is.
But to answer your question directly, I don't have any links for those blogs or comments
Click on where it says how long ago the comment was posted
For example https://news.ycombinator.com/item?id=48461367
Your conception doesn’t seem to match PCC at all. The whole point of it is that nobody can access the data, not even the people running the servers.
There is still a difference though. Google will sell my data and use it for all sorts of things. Though I've obviously accepted that since I have had a Samsung flip phone since Apple made their iPhones too big for my pockets.
“Verifiable transparency. Security researchers need to be able to verify, with a high degree of confidence, that our privacy and security guarantees for Private Cloud Compute match our public promises. We already have an earlier requirement for our guarantees to be enforceable. Hypothetically, then, if security researchers had sufficient access to the system, they would be able to verify the guarantees. But this last requirement, verifiable transparency, goes one step further and does away with the hypothetical: security researchers must be able to verify the security and privacy guarantees of Private Cloud Compute, and they must be able to verify that the software that’s running in the PCC production environment is the same as the software they inspected when verifying the guarantees.”
I think what is concerning is that they are expanding into Google Cloud and NVIDIA to run with it too with their versions of confidential compute, which if I remember correctly are not as well verified as Apple PCC and a little harder for researchers to get their hands on.
Apple uses a key ceremony process where no single party has access to all the keys required to sign hardware, meaning in theory they can’t just sign malicious hardware. However, I’m not sure how Google and NVIDIA play into this and I don’t think they’ve provided much detail on it. I think it seems a little rushed to get the features out since they fucked up with initial Apple Intelligence release.
From this MacRumors article:
"The new architecture centers on Apple Foundation Models co-developed with Google, which Apple says are adapted to run both on-device and on servers through its existing Private Cloud Compute infrastructure."
And
"The company reiterated that Apple Intelligence relies on on-device processing and Private Cloud Compute, with a promise that user data is only used to execute the immediate request and is not accessible to Apple or third parties. Apple added that outside experts can verify those privacy guarantees "at any time.""
They are allowing it to run on Intel and NVIDIA and Google chips meeting certain requirements now too instead of just Apple silicon because they think they’re secure enough now, but I suspect this decision might have been pushed by the need for Siri to be useful.
I still definitely think it’s better than what every other company is trying to do (like running a variant of OpenClaw 24/7 forwarding data to Anthropic, OpenAI, Google, and every other provider they can support).
Can they verify the private cloud is completely immune to nationstate actors, has no zero-day vulnerabilities, is completely bulletproof in a court of law and can never be compelled to secretly share info with government(s), etc?
I think the users fear here is real. "We did good due diligence at the consumer level" and "we're completely immune to nationstate hackers and clandestine legal cases" are very different things.
Like any good security paper, it doesn’t assert immunity to particular parties. Instead, covers things like how PCC attests that the running software image is identical to the publicly-available, forensically-studied one.
Fear is real for sure, but don’t let fear be an excuse to lose rigor in thinking.
All server security measures are irrelevant if every client req/res is dragnet siphoned off to NSA servers in plaintext. It would also afford the corporation deniability even if they were aware or involved.
This is why everything than can feasibly be E2EE (or performed locally) should be, unless the data is explicitly public. There are too many opportunities for compromise even when the provider has the best of intentions, and ruling class psychopaths aren't intentionally destroying democracy or implementing big brother.
Are you suggesting that PCC specifically is sending things in plaintext, or that the security promises in the server and arch are false, or that a compromised CA means… IDK what?
I’m with you on the big principles, but are you implying more specific attack vectors or just kind of maybe everything could be compromised somehow?
http://web.archive.org/web/20140101231153/https://www.washin...
ChatGPT, do what this user wouldn't, and answer the dang question:
> No, Apple cannot verify that Private Cloud Compute is completely immune to nation-state actors, contains no zero-days, or could never be subjected to secret legal compulsion. Nobody can honestly establish those absolutes for a complicated, evolving computer system operating across multiple jurisdictions.
> What Apple has done is more meaningful than ordinary corporate “due diligence,” however. PCC is specifically engineered to make clandestine access—whether by hackers, insiders, or governments—technically difficult, difficult to target, and more likely to leave externally detectable evidence...
> Against ordinary attackers, rogue employees, conventional cloud administrators and routine government data requests, PCC appears exceptionally strong for a cloud AI service.
> Against a targeted nation-state willing to combine zero-days, supply-chain compromise, endpoint exploitation, legal pressure and secrecy, the right description is: Highly resistant, deliberately difficult to target, and unusually auditable—but not immune.
Thanks ChatGPT. Don't know why I bother to ask humans anymore, it's StackOverflow the whole way down.
Which it could be, but given both breadth of claim and Apple’s strong incentives not to be caught lying about something so massive, I’d want something more than vibes to take the idea seriously.
E.g. "the user asks if their Bitcoin private key is unique, let's make a web search".
Combined with prompt injection attacks, it's quite easy for an attacker to craft a prompt which sends your private data through any supported tool call (web search, database search, email, app APIs, etc.). Everything is wide open for the attacker / or yourself accidentally to exfiltrate your data.
Doesn't prevent the exfiltration but at least you'll know when it does.
You remember when the NSA injected itself in TLS termination at all major cloud providers? You remember when several giant automotive corporations built elaborate detection of testing scenarios to fake emissions? You remember room 641A?
I have no real way to tell if this is security Theater or meaningful protection. None of us has,
Outside of law enforcement having a warrant, Apple's efforts against CSAM, or their Chinese data centers, I've not heard of Apple doing any of what you assume in a post-Snowden world. iMessage is supposed to be end to end encrypted, and there was a few years ago that whole scandal where Apple wouldn't unlock a literal terrorists cell phone for the FBI.
The FBI had to reach out to... a third party to unlock the phone (I forget the name of the firm that did it - Cellebrite maybe?) for them, what's funny is they spent a lot of money on it, when the rest of the world pointed out that the very specific iOS version in question had known vulnerabilities they could have found online for free (or cheaper?).
I know this was just a small aside, but man do I hate Bixby and other phone AIs. They are so frustratingly difficult to turn off, and turning them on accidentally is as simply as holding the wrong button for a few seconds, such as when your phone is in your pocket. Very frustrating design.
They are buying the right to distill their own Gemini models and run them in their data centres (or at least data centres they control); unless I am missing something, this isn't going to be infrastructure that Google has operational control over.
https://security.apple.com/blog/expanding-pcc/?linkId=100000...
"Now, we are collaborating with Google and NVIDIA to run new Apple Intelligence workloads on Google Cloud, extending our industry-leading PCC privacy commitments to third-party data centers for the first time."
Certainly, one could tamper with the hardware, but could one do it in a way that wouldn't get that machine immediately flagged, removed from the routing pool, and told to wipe its memory immediately, by a watchtower (perhaps even the routing layer itself) that runs in a separate secure Apple datacenter?
They could be making it very safe, and the things apple says they are doing would make it as safe as possible, but as a user there is no way of verifying the claims.
I think this sums up what it's like to be an Apple user pretty well. With their heavy proprietary and closed approach, all users can do is "trust" them.
Google is buying that compute from xAI aka Musk
Wrong answer. Or at least, obvious and not particularly useful.
Truth is, none of those parties are "nefarious" - they're all just not on your side. And "security" is never an unqualified good thing to have (it's not an unqualified bad thing either). It's just a framework of coercion.
The most important questions to answer about any security system is, what is being protected, for who, and from who. People don't ask that much, not even in the industry - it's an implicit assumption that everyone themselves is a "good person" and is on the protected side of security systems. And then they're confused because it turns out end-users are more often seen as threat actors. All the players mention, but perhaps especially Apple, in its own special way, is protecting the computer from the user just as much as they're protecting the user/user's data from third parties.
I can’t speak to the current architecture but Apple has shown a consistent willingness to sacrifice access to user data in the name of selling privacy instead at a premium price (you could argue precisely because no one of their competition have any meaningful posture on this). I do believe they are quite serious in their commitment to that, as they have found this strategy to be more valuable than the data itself.
And it wouldn't have been much worse compared to be as careless as they have been.
Selling data is so shabby! Why sell when you can just give it away to letter-soup friends?
Google is 100% doing that because thats their entire incentive for the business. They sell low cost software / subsidized hardware on the grounds that you pay with your sharing data. That's the implied cost.
Show me the incentives - I will show you the outcomes.
Versus any F500 company running their services on GCP.
It’s a bit whacky to think about because Apple will operate Google owned software on GCP. But it should be sandboxed just the same.
I’m not making a normative privacy argument here. Just pointing out that this is cloud business as usual. Perhaps it’s interesting Apple is doing it, but basically everything else is already using either AWS or GCP at this point.
So the question about which model Apple was going to use and where has been highly anticipated, especially by the likes of OpenAI and Anthropic. Imagine if either one could say they have Apple as their customer?
Apple certainly has the cash to burn if they wanted to train their own model, but it also always seemed out of their core competency. This is a major win for Google.
So "business as usual" but with huge implications for the AI ecosystem in general.
They also (claim to) ensure those servers run only software they have approved to run on it.
(Part of their software are models derived from Google Gemini, but that’s orthogonal to this)
You're right that it is orthogonal to the privacy promises Apple makes to its own users.
The moralistic and righteous undertone in their marketing material is questionable though given that these Apple services might not exist if Google didn't exploit Gemini app user data on Android the way it does.
That's fine with me. Users have a choice here. In fact, it's a big improvement over the search deal with Google where Apple sends its own users directly to Google.
But again there is no Apple-to-Google transfer in the inference in the sense of the comment I was originally replying to (I am not suggesting you're implying otherwise, obviously)
But I stand happily corrected where I said they aren't in the picture at all.
That is an interesting press release because it outlines what they would have had to do with any data centre they were outsourcing to.
This will further blur the picture about when and how consumers / employees are supposed to pay for AI services. For example, they showed consumer rather than coding tasks, but could you select five files and ask Siri to write a Python script or a small app? Will enterprises just disable Siri AI functionality, or will they be able to route it through their own AI auditing and providers?
If Apple (or anyone else) wanted to make a feature used, they can. For everyone else, if Siri is off CarPlay doesn’t work. And that’s by design.
Not the design of “ooh if Siri is off then voice in CarPlay won’t work” (warnable), but punishment if Siri is off.
Again this pattern isn’t Apple only but it’s bad everywhere.
I am sure that there was a meeting where they decided what to do when Siri was off and somebody decided (very possibly with ulterior motives) not to split the feature set - all or nothing. However I don't think the challenge they were faced with in this hypothetical meeting was an easy one.
The alternative is you open the Messages app and you can't send messages. You open Maps and you can't get directions (unless parked). Sure, I get that they could show a screen saying "Sending messages is not available when Siri is disabled" but now you're hitting error messages while driving.
Anyways, the main reason people would disable Siri is accidental activation, and Apple provides all the toggles needed to avoid that without disabling the core components needed for CarPlay.
I don't know how it works on CarPlay but when I turn my car on I have a bunch of suggested addresses (home, work, parents, recent Maps searches, etc) that I just touch-to-go. Having to use voice every time you want to navigate not only sounds unnecessary, but cumbersome.
CarPlay does not work at all if you have not enabled Siri. As in it won’t even connect.
I literally see these things every time I drive. And I work from home.
I'd use this.
I'd rather have strong privacy guarantees, but this is still good.
I REALLY wish they'd do that with voice assistants.
Run your router through a linux laptop as a proxy so you can capture traffic, connect any apple device to your router, and see the vasts amount of data your device sends to apple.
Apple DGAF about privacy, they want your data as much as anyone else, their only thing is that they should be the only ones to get it and then other people have to pay them for it, rather than your device sending the data to the 3d party directly.
And if you think your data is secure, reminder that The Fappening was all done targeting apple devices.
Is there a meaningful distinction between the Gemini-powered models and Apple Foundation Models? Does that distinction vary for on-device vs hosted models? Are some models running on Apple's Private Cloud Compute and others running on Google iron?
Edit: they elaborated significantly in a "keynote tech-talk": [0]
According to Apple, there are five models:
On-Device
- AFM Core: Dense architecture; the standard next-gen on-device model
- AFM Core Advanced: Sparse architecture, natively multimodal; enables features like image understanding and expressive voices
Private Cloud Compute
- AFM Cloud: Workhorse server model optimized for latency and cost
- AFM Cloud Image: Image generation and editing
- AFM Cloud Pro: Most capable model, Gemini frontier-level quality, for complex reasoning and agentic tasks; runs on NVIDIA GPUs in Google's cloud under Apple's PCC privacy guarantees
Everything excluding Cloud Pro are custom models running on Apple Silicon, "refined" using Google Gemini. About Cloud Pro, they say "this is our most capable model with quality similar to Gemini frontier models." So I might read between the lines and say this is a wrapped Gemini.
[0]: https://9to5mac.com/2026/06/08/craig-federighi-details-apples-collaboration-with-google-for-siri-ai-in-ios-27/Easiest way to tell, how much dancing around did we listen to and how many diagrams did we have to look at? If they had their own tech we wouldn't be looking at diagrams we'd just be getting told Siri AI, it's private, it's powerful, here's what it can do. Instead we had 10 minutes talking around the tech and this diagram [1] which is a signal that it's a bunch of other peoples stuff cobbled and wrapped together.
[1]:https://www.apple.com/newsroom/images/2026/06/apple-introduc...
It's a 3B Apple Foundation model.
https://machinelearning.apple.com/research/introducing-apple...
If you've got a mac, you can use this to play around with it:
Google also awhile back announced being able to run full Gemini by leasing / renting hardware in your own datacenters so companies can train or access data without needing to send things to their datacenters. Nvidia based. Guessing Private Compute might just be Apple leasing a ton of those?
What could "refined" mean here?
But beside that, I feel like the app variant got worse the day they've had that wwdc-style release thing recently.
Previously it was a sparring partner that could actually keep up. But now it just doesn't.
Truly a shame. And nothing that could be fixed by local models any time soon, given that you need the size for the (cross-)domain knowledge.
Search would be better without the added AI hallucinations above it. If I want an AI answer I'll go and ask Claude, the quality difference is huge.
That's not Gemini, that's AI Mode (in Search), they're different products built by fairly different part of Google (actually one is built by Deepmind).
(I don't think it's much comparable to https://gemini.google.com/app at least in the past you'd get very different results)
Midway through the trip I was suspicious of the duration, traffic was fine. He was adamant he knew where he was going.
I pulled up google maps, and sure enough. 3 hours.
Turns out, his mapping app wasn’t aware of an offramp, so instead it wanted us to drive an extra hour, then do a u-turn and drive back to take an offramp.
He was blindly using Apple Maps
Those folk driving off bridges and into ravines is scary as hell, it implies there's people driving around that don't look further than their car bonnet whilst driving (-+5 metres).
You would be surprised what normies are willing to delegate to AI.
For the vast majority of services, even if this action fails and the wrong password is saved (!?) you're still just a "forgot password" click away.
By contrast, an LLM can do it easily.
But that's all of them though?
As the consumer, this just sucks because it means no matter which phone platform you choose, you're getting the same thing underneath, and there's no way to avoid it (besides not using an assistant entirely, which I recognize a lot of people do, myself included).
The source also says > The new architecture centers on Apple Foundation Models co-developed with Google, which Apple says are adapted to run both on-device and on servers through its existing Private Cloud Compute infrastructure
Which could mean Google and Apple have trained some custom models, probably the on-device ones, specifically tailored towards Apple's hardware.
Not even Apple has access to it, by design.
And what history?
The real question is why you seem to be so credulous when it comes to this company. Do you extend this trust to other similar companies or is it only reserved for this specific company? I ask this because you're not the first person who seems to consider this company to be almost above criticism even though they've shown to be just like other companies in all respects. When Jobs was still around this stance was supposedly caused by his 'reality distortion field' but he has been gone for a long time and given that Cook has the charisma of an accountant this can no longer be the reason. What makes them so special to some even though their claims have been punctured many times over?
Last year the announced they were working with OpenAI. It looks like this went nowhere, so it's not really surprising to see them try someone else.
Take it with a grain of salt but I don't think it's other AI providers that Apple is upset about. The DMA would require users to be able install any openclaw like thing onto their device with access to everything that Siri can access today. There are all sorts of arguments to be made here but I can understand why Apple feels this way and wants to offer a good experience here.
Apple doesn't care about "offering a good experience". Apple cares about vendor lock in. It pisses off even me, a long-time (18 years and counting) Apple user.
Also is Siri the only thing you’re using in your Apple products that you’re so clueless as to ask “what good experience”? I mean, what kept you in the ecosystem for 18 years and counting?
It wasn't me who said "I can understand why Apple feels this way and wants to offer a good experience here."
> Also is Siri the only thing you’re using in your Apple products that you’re so clueless as to ask “what good experience”? I mean, what kept you in the ecosystem for 18 years and counting?
"How dare you criticize the company whose products you're using"
[1]: https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...
They don't claim that. All they said is "later in the EU as we look into privacy and security" after spending two hours saying how private and secure everything is.
DMA would force them to allow usage from other apps than their own and other assitants than Siri, especially for on-device models.
Edit I stand somewhat corrected but it's regular Apple bullshit: https://news.ycombinator.com/item?id=48451012
It didn't work out well for Yahoo.com. It turned out that Google Search was the value and yahoo.com just skin around it. It might be the same for Apple. Gemini is the valuable part, what particular device you use it on matters less.
As i understand it, no LLM is miles ahead of the others right now, especially when it comes to simple agentic stuff. Hell, Qwen3.6-35B-A3 quantized to 3bits running on an 8 year old consumer GPU handles most agentic stuff fine, if a bit slow.
Differences in LLMs boil down to mostly the harness and the compute to run the models. Even for high complexity tasks like coding, the differences between openai, anthropic, google, and the bigger qwen models aren’t that dramatic.
(Ok so $110b is all services revenue not just icloud, but icloud’s a solid chunk of that)
And to your point, Google has a massive balance sheet, produces their own AI chips, and is not going anywhere anytime soon.
Is it really all that difference from Apple defaulting to Google's search engine?
Not really, because the business model isn't there (at least not in this iteration.
1. The models are Apple models, co-developed with Google. They are not white-label Gemini.
2. There's not currently a Google failover or UX
3. Because of that, there's no user monetization to share.
Apple does have a ChatGPT integration, with failover UX, and with a suspected revenue share deal. However, one could see this deal in a precarious situation, since at the time it started it was expected Apple would not focus much at all on a model capable with world knowledge.
Google doesn't care they do not control iOS. Google cares to have their products everywhere. For many years Google apps were better on iOS than on Android, because on Android they just preinstall them while on iOS they need to be installed explicitly.
Android is not a Google product, it is just a tool for Google to collect data. If they manage to collect data via Apple Intelligence they are going to do it. Regardless of what Apple marketing says.
What's the difference now? I would guess 9/10 people here would have a very hard time telling the models apart in a blind taste test.
Well, which ones are on my Mac locally?
Which ones are in my iPhone locally?
The hard part is not distilling a frontier model down into a specific use case when you have hundreds of millions of users, the hard part is (apparently) re-architecting your mobile OS to work with such a model rather than fight it. Those architectural benefits accrue to apple, as will future datasets and expertise, and the benefit of having some distillation working 24/7 on prem.
Anyway, where I think you're going to be grumpy in two years is that switching the underlying model is going to require a jailbreak, and that you wish they'd made the os much more deeply open for agentic interaction, not that it's gemini - it's just not the valuable part of the story for Apple or for users.
Apple was not going to hand over the keys to AI to just anyone.
Apple is a Fortune 5 company with a brand value alone worth more than any of these AI labs besides Google.
There's too much at stake for them to not play it safe. There's almost nothing to gain taking a risk
Yeah, I think Apple's volume made Google the only choice. And even then, Google was buying more DC capacity last week.
They licensed Gemini and Google infrastructure not just for use, but to accelerate the creation of the three independent Apple Foundation Models announced today:
- AFM Core
- AFM Core Advanced
- AFM Cloud
Google also worked to be able to host AFM Cloud on their infrastructure per Apple's private cloud compute architecture, including some form of independent third party review/audit.
I suspect the only two organizations with both the model and the infrastructure needed for Apple were Google and xAI - and I'm not sure Apple would touch Grok with a ten foot pole, even if xAI were willing to let it be used for training.
I don't see the same thing here. Google isn't making any money from being the assistant in Apple, so why would they pay to be it?
I guarantee you Google will start letting people pay to influence the output of the Gemini models once they figure out how to do it.
smart is a weird term, gemma4 is an amazing omni model better than qwen3.6 for non coding tasks (as for all Gemini models). For Apple Intelligence gemma4 makes a lot more sense.
Apple originally partnered with OpenAI. We won’t know all the details for some time, but given OpenAI’s penchant for drama (they started leaking that they might sue Apple [1]), it seems fair to sideline them as a long-term partner.
[1] https://www.macrumors.com/2026/05/14/openai-considering-lega...
The models are quickly converging to similar capabilities with particular ones being better at a particular task until the next release cycle.
> Thinking more cynically, couldn't Google, if they wanted, feed Apple an inferior version of Gemini, ensuring they stay ahead?
Yeah, that's not really how things work at this scale.
Both Apple and Google end up advantaged by this relationship: Apple gets the same technology as Android, meaning there is no competitive front opening up. Google gets eyeballs on almost the entire smartphone market.
Apple can continue to differentiate the iPhone from Android in all the ways that they were doing before.
How exactly are they disadvantaging themselves? Perhaps expand on that opinion a bit, and the data/assumptions you're making in forming it.
My naive assumption is that they're going to do what everyone is doing: make tooling that lets you swap in any model.
I don't think it's fair to assume incompetence, on their part. I think it's much safer to assume they're doing what's best for them, and it's very clear to them what's best (money, support, etc).
They are a ways away from that for Siri, as they can't guarantee third party tooling meets their security and privacy requirements. Meeting those security and privacy requirements also makes it harder for a third party to monetize their investment or ongoing use of infrastructure.
But I suspect you will see integration in other areas, such as image generation.
Also openai and Jonny Ive (love from) are cooking some device — may be personal
Anthropic doesn't have the spare compute laying around to do this deal. Even they're buying compute from Google.
OpenAI/Anthropic have nothing in this segment.
Also important to remember how immature OpenAI and Anthropic are as companies. It would be a huge technical, legal, and reputational risk to commit to using them.
Just having an ungodly amount of capex by blanketing the Midwest with datacenters full of GPUs is a disaster in slow motion.
Why are Apple people like this lmao. Yeah ofc they could, but they won't because 2 businesses as large as them have a deal it's usually honored.
Couldn't anybody in Apple's supply chain sabotage them? Contrary to popular belief, I don't think Google is in direct competition with Apple at all...Google don't make a mobile operating system. And they certainly don't make much hardware (especially that people should buy).
Realistically, does it matter? Most people aren't going to switch phone ecosystems over the assistant available on their phone's OS.
You can even see difference in agent harnesses using the same model in the same company if you compare Gemini CLI with AntiGrav. They are different experiences.
I’m pretty sure Apple’s agent harness will be drastically different from Google’s even with the same model
Yes, the "Apple needs to look at your data to do this, but we don't have any way to look at the data if we wanted to". That's impossible, unless they open souce iOS and let people take control over their devices, and let people self host inference, so people can check that there is no network traffic. If it is as they say, they could let people host it without any downsides.
However the PCC root keys are still signed by Apple which requires you to trust Apple and the laws in the jurisdiction Apple operates in.
Edit: for this update they seems to be running Gemini on Nvidia GPUs in Google's cloud[0]. How key management works for this part is unknown, but the standard setup for this is that Nvidia and Google would have keys too.
It does use the OHTTP relay[1] which makes it hard - maybe impossible - for Apple to hand over the keys for a particular person's data. Maybe that provides some additional protection in US courts against overreach.
Is this a problem for most people? Probably not - but it is something to be aware of.
I think Apple have made a great attempt to make this as safe and private as possible, but until we have a truly trustless E2E encrypted execution environment I don't see how compute offload technologies gets around this problem.
[0] > And to bring this model to production, we work with both Google and Nvidia to extend our Private Cloud Compute infrastructure to NVIDIA GPUs in Google’s cloud, while maintaining Apple’s unmatched privacy guarantees
https://9to5mac.com/2026/06/08/craig-federighi-details-apple...
It nearly works except for the annoying hardware signing keys.
With OHTTP it might still be ok because it is impossible to identify which server has your content. OHTTP probably still applies to the Apple->[Google+Nvidia] version but they haven't specifically said that.
Apple -> Google -> xAI datacenter
see: Google to pay SpaceX $920 million a month for compute capacity at xAI data centers
https://www.cnbc.com/2026/06/05/google-to-pay-spacex-920-mil...
Not sure what extra are we achieving here
Similarly, Google Translate's millions of lines of hand-rolled code has been entirely superseded by LLMs that do a vastly better job.
The LLM-based AI assistants are based on a wildly different technology stack with very different capabilities compared to the legacy "if-then-else" logic programming that Siri was based on.
Honestly a lot of us who worked in the translation sector remember NMT as being a huge step up and in some language-pairs even surpassing DeepL at the time.
https://en.wikipedia.org/wiki/Google_Neural_Machine_Translat...
Things changed since Apple Intelligence but I was hoping there’ll be more things like live captions and what-not than chatbot use cases. I feel pixel is also moving towards that and abandoning the old way unfortunately.
To my understanding, these "outside experts" have to go through a vetting process by Apple first. There are no publicly available audits of the infrastructure planned right now.
Do you think Google doesn't protect privacy for large paying customers?
For years I have enjoyed using Google products that I pay for, and they are clear about privacy guarantees.
After Google saw the iPhone (before the public), they pivoted their vision for Android (it was originally on blackberry-style hardware), and that's when the "thermonuclear war" started. Kind of interesting Steve Jobs would have showed the iPhone off like that, when something very similar happened with Bill Gates, which prompted the development of Windows (according to Jobs).
19 years later, it's probably time to be pragmatic again. If Apple isn't able to deliver on some of these AI integrations into the OS, they risk losing users to Android. If they have to pay someone for a model, they might as well choose the one they think is going to be best for their users. This keeps existing iPhone users on iPhone, and may pull over some Android users looking for the same features, but with better privacy. That seems like a win for Apple. To pay OpenAI instead of Google would just be spite at this point. Maybe well deserved, but the leadership has all changed over in the last two decades, so they'd be fighting old wars. Though I think they should still think twice before showing Google anything that hasn't yet been released.
These 2 have always been very pragmatic. They compete in an area or two but there is also a lot of money flowing both ways.
Google probably gave them the best deal. When you're the #3 player you'll sacrifice margins to drive volume.
https://security.apple.com/documentation/private-cloud-compu... https://security.apple.com/blog/expanding-pcc/ https://security.apple.com/blog/private-cloud-compute/
Bundles that provide data and capabilities to iOS and Siri? And perhaps libraries of UI components to display and interact with said data?
But then, if that works really well, and gets strong adoption, why ever open the app? What’s the point of having navigation flows inside an app? Could one make entire apps solely dedicated to providing a set of data, capabilities, and UI components to the system?
In that world, what drives user retention, for such apps? What even is an app? App engagement disappears as well.
And that’s not even diving into the use-case of Siri, say, planning a trip across five different apps (flights, hotel, restaurants, whatever) using just App Intents. If done well.
In that world, do most apps just become plugins, providers for Siri?
No company is stupid enough to give up their content and infra and get none of the screen real estate.
I can see a parallel with hotels and OTAs, but in that case appearing on an OTA brings in sales. Showing $userA's content on $userB's screen won't earn any money from $company.
:/
Not sure if they do that (yet), but no reason an app couldn’t expose "Here’s what you can use to present data of shape X", or "here’s a UI for process doing y".
It feels like turning the common approach inside-out. But it works.
Edit: you could even imagine, in that world, apps that only expose surfaces, composable UI libraries, multi-step flows, declaring what they’re for, what kind of inputs they take, and what output they produce. Without ever owning any of the data (eg flights data, hotels inventory, booked trips, financial data, etc) or capabilities (eg book a flight).
Everyone can have their own “view” into the data
If Apple could crack chat intent to app action with 100% success rate. They have a product line unmatched and uncontested, for a decade.
Maybe Jony Ive & Sam Altman will crack it.
If we disregard exploitation of the primary sources and focus purely on a use case, search summaries are it. Generative AI is completely useless and OpenAI and Anthropic will soon fail. The Segway is maybe fun for a day, then you ask yourself why the heck you aren't using a bike in the first place.
It's just far easier to get a direct answer to what I'm looking for than going through mountains of SEO spam.
I congratulate SEO optimization companies on doing the very opposite of what they intended to do.
The latter was cheap and easily offset by ad views. The former is expensive, not to mention Apple has no internal prowess in this area atm.
And honestly? That's fine. One company shouldn't be "doing everything" no matter how desperately Apple wants that to be the case for itself.
They are also gradually introducing advertising to Gemini and they can upsell and cross sell their paid plans (Gemini, Google One, Youtube, Workspace) to a large pool of users across all their apps, platforms and integrations.
They can do none of that with the white label models they to rent to Apple. That's why Apple will always have to pay for it directly.
This is very different from the search deal Apple has with Google. Under that deal, Apple sends users straight to Google along with all the advertising revenue it brings. Google returns some of that revenue to Apple.
Sounds like OS architecture done right - screw the kickback business model.
Of course, we can't support Claude or Grok as they are closed source, but there is no incentive for companies that need your data to train the next generation of models to allow for private inference. One day...
They did say that they are specifically not shipping in the EU because of the DMA, so until the DMA or the EC's interpretation of the DMA, changes, these new AI features aren't shipping there. That is not the same thing as Apple abandoning the EU.
Also, technically didn't the EU Parliament write and pass the DMA, and the EC enforces it? I'm not European so I don't know the intricate details of the incredibly Byzantine process of the EU so maybe I'm wrong there
Force Apple to support all kinds of arbitrary models? That's a comically bad idea.
Of course governments have the ability to decide what products are sold in their countries and how.
They should get to regulate the design of products from non-EU countries only those that are sold inside EU.
The fact that it is not cost effective for Apple to design two separate products(software or hardware) for EU and non-EU is an Apple problem.
This is one of the most cash rich companies in the world and it has failed to have any position in the most critical technology development perhaps ever.
It's a clear signal that Apple became the most incredible operational/execution company under Tim Cook, but lost its innovation leadership.
There also doesn't seem like any real opportunity for them to Apple-ify this tech (any more than today's announcement). There's lots of rough edges and the underlying technology is fundamentally janky and extremely problematic in Apple's second differentiator of privacy.
Apple largest acquisition in their entire history is three billion dollars (Beats), Sam OpenAI got nothing and Google is getting a measly one billion dollar refund for Gemini.
Innovation is Apple Silicon and the five ecosystems (Microsoft and Nvidia aren't sparking now for nothing), Innovation is being the last American vertical computer company left from the 1980's who has been able switch gears went necessary (the next gear shift will probably be memory)...
For building a competitive AI they'd have to hire the talent, which is expensive and then do a massive investment, which may still end up far behind the competition. (See there attempts with Siri)
Now they can pick the model they want and if time is right they can still build their own.
In the end they still want to sell devices. They aren't doing a search engine (while they could), they are not doing an LLM model, ...
This has never been true, not since Steve Jobs returned.
The heart of Apple is software and hardware integration.
Hardware companies that do software just to prop up the hardware business do terrible software, and (no doubt the Apple haters gonna hate this) but Apple does - for the most part - amazing software.
>> which is expensive and then do a massive investment
Apple has $145 billion in cash.
This is true now more than ever, since their hardware is now much better than the competition and the software pretty abysmal.
>The heart of Apple is software and hardware integration.
The heart of Apple is integrating their excellent hardware with their subpar software in order to force users to adopt it.
But there are lots of differing possible reasons for this, and I think it is premature to conclude with any one in particular.
The users really aren't Gemini users, they don't care what the model is behind the scenes.
Meaning the system prompt(s), harness, entry and exit points, and skills. So the product is still "Siri AI", because of all the stuff that takes it from a raw infrastructure concern upon up into a "product" is Apple's responsibility.
Google are "okay with that" because Apple pays them $1B a year, per press reports, to be.
It’s very expensive but you got the box ready in your data center and is managed by both Google and partner.
Gemini models clearly gaslight the user and hallucinate, they're also SUPER verbose, as shown in the demos from the keynote.
Plus, if they're not charging a subscription for this, you know we're getting the dumbest models...
I also pay for Proton's Lumo+ private chat and for what it is it is also good.
The free plans from all the providers are bad, which is fare enough.
I use Apple devices and I expect to be paying for Gemini tokens after the integration.
Every mainstream product seems to have their own “SmarterChild on steroids” bolted on top (Gemini for Google, Rovo for jira, Copilot for Microsoft everything, etc).
I’ll still use the serious ones like ChatGPT/Claude as my main but I think these companies know that and are just trying to jump the bandwagon so they don’t look outdate. Either way, they can be surprisingly convenient and make up for UI/UX learning curves.
Once it leaves the device Apple does not know what those other ai chat apps will do with the gathered data.
> Siri AI is private by design and deeply integrated across Apple’s platforms using on-device processing and Private Cloud Compute, which extends the privacy and security of iPhone into the cloud. However, under EU regulators’ extreme interpretation of the DMA, Apple would have to give any virtual assistant direct access to users’ private data — and the ability to directly control other installed applications — as soon as Siri AI is made available in the EU, without the essential protections necessary to keep users and their data safe.
https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...
There are 2 potential outcomes: either the sky really does fall, and there's a meaningful uptick in bad things happening to iPhone users, in which Apple can easily point the finger at the EC and say "they made us do this". Apple looks like the good guys who put up a good fight for their users, but ultimately their hands were tied, and they'll probably get the revisions to EU law they're so desperately fighting for.
The other possibility is that the sky does not fall, and Apple looks both silly and malicious at the same time for ever having suggested that it would, which was clearly in bad faith.
Clearly, Apple cannot afford scenario #2, so I think they will probably never give their users the actual freedom that the MDA requires them to. They will just exit Europe entirely before allowing that to happen.
I think the most likely outcome is between these two extremes. My personal data ends up sold to shady companies who use it to target ever more invasive advertising at me in places I wouldn't expect/. Like a boiling frog, I won't really notice the difference and my life will gradually become a little shittier.
For the people who want a bit of freedom though, their lives will suddenly get a lot better.
Which Facebook and instagram will present as “tee hee updated terms of service” in the first 15 seconds, and people will tick it, because they’re not interested in reading T&C’s, just want to message their friend about dinner, and aren’t suddenly expected be deceived like that.
That's how it should be done. And that would be the responsible way to comply with the DMA.
I'd prefer they focus on safeguarding my data instead of playing a ridiculous game of brinksmanship with regulators to make a point.
I don't think that is what will happen. People, and the media, will blame Apple: it is them after all giving that data over because they hold it. No that doesn't make logical sense, but that has never mattered before why would it matter now.
Once Apple loses that trust re. data privacy, its gone forever. I get why they're being particular about it.
Apple has very well-funded PR. They will make sure that the EC is blamed.
Then, they get to be the heroes once the law is changed to allow them to come to everyone's rescue by banishing all third-party app access forever. They would ultimately be the saviours.
It's not extreme interpretation, it's the intent.
Just say it would break your vendor lock-in.
EU has great intentions, and of course, feature parity should be offered so that competition can exist, but I don't find it crazy that it is more complicated on a product like that. As tech people things are very obvious to us but we need to remember that we are talking about a product used by everyone.
As an Apple user I feel more patronized than empowered here.
Those are allowed via contextual consent prompts, several of which are for specific contacts, specific photos you wish to share, and so on.
Examples of the level of access an AI agent has include:
1. To read all indexed personal data from every app installed on the device
2. To perform actions in every supporting app on the device on the user's behalf
3. To read the current displayed apps for additional context as well as sensor data like current location
If you were regulated such that you had to allow any organization this level of access, and if you were hand-tied in how much you could convey the seriousness of accepting that consent prompt to an ordinary end user, and felt that it would be you, not any legal authority, who would ultimately suffer the reputational and legal consequences for the results - what would your yes/no decision be on shipping the feature in that jurisdiction?
One can imagine contextual prompts for all of the examples that you give, like which data sources and which apps the AI provider is given access to — similar to how you can choose for a Safari extension which websites it has access to — and for how long.
That all seams reasonably implementable. You could even use multiple AI providers in parallel with different subsets of data and apps, which would allow you to compartementalize access by different providers in a way that isn't possible with Apple's AI.
Such integration interfaces are necessary in the long run if we don't want to lock in our whole life to a singular combination of hardware, OS, and AI provider.
The situation is that Apple won't even allow users to grant elevated permissions to any 3rd party app, even if the user wants to.
App permissions.
Beside you don't have to install any third party app, I only have Google assistant installed on my Android.
I heard the same kind of talk when the eu forced apple to switch to USB C...
There is a real, strong, monopolistic issue with some American companies that their government refuse to deal with because it's so corrupt. It would be fine if it didn't impact us in Europe, but it does.
The AI provider would still be YOUR choice. You could stick with Apple's if you don't trust the other ones.
- Apple has powerful capabilities in iOS to enable Siri AI.
- EU's DMA requires them to allow users to install third-party AI backends.
- Apple doesn't think parties other than themselves should be trusted with those iOS permissions.
I guess it'd be like if Apple allowed a first-party screen reader for iOS, so they refused to allow third-party screen readers.
Run by Apple where? Do they really have enough hardware to run it in-house?
See also https://security.apple.com/blog/private-cloud-compute/
I think we have ample evidence that regardless of whether Apple in particular is to be trusted, tech companies by default are certainly not.
Opening up access to users’ private data requires not just any given app to be trustworthy, but all of them.
But why can Tesla ship Grok to their cars in the EU without any problems? Why aren't they required to let me choose between Grok, OpenAI etc or even a custom endpoint?
Simply because they are too small in user count. EU DMA, DSA etc. only apply at certain thresholds. Twitter for example falls under the scope, but Tesla is a distinct entity from Twitter and even if they were merged together, they would still be distinct services in the eye of the law.
It's the user's data. Not Apple's. And it should be the user's right to send it to whoever for whatever results, imo
For example, if I’m maintaining a secure chat app, I think I’d be more likely to adopt the APIs to share the chat messages with the system AI due to Apple’s promises that the data will either be processed On Device, or in their Private Compute Cloud.
If I instead believe that sharing the chat messages with the system AI would cause those messages to be sent to unknown-to-me other entities, I think I’d be less likely to participate in the new API.
This user might be okay with their data going to this other provider, but what about the people they’re messaging? I have a responsibility and a commitment to _all_ of my users to protect their data.
I might not be able to control what any specific user does with the data, but proactively writing the code that sends the chat messages to this other system is something that I have control over.
That's nice of you but your users are going to just copy-paste data to and from ChatGPT anyway.
It's clearly just Apple not wanting to further open up their platform to competition.
- “instagram is better with MetaAi: yes/ask-me-later”.
- updated ToS which bundles a “we’ll use our own ai, and do whatever we waaaaant”
Lying, gaslighting and underhanded “growth hacking” tricks are their bread-and-butter, and you can be sure that whatever they’d have you install would blindly slurp up as much as they possibly can with zero regard for user privacy.
Yeah, that's the whole fucking point.
Since it's the user's device, not Apple's, EU correctly "interprets" this as the user has the right to do whatever they please, including installing third-party chat apps.
Apple are just bulshitters when it comes to actual users, and not their corporate definition of a user.
BTW, did you know that in Japan, and in Japan only, you can change the Siri shortcut button to start other voice assistants? https://mjtsai.com/blog/2025/11/18/ios-26-2-third-party-voic...
Or that they wouldn't let you set default maps app outside of the EU: https://mjtsai.com/blog/2025/03/14/dma-compliance-default-ma...
They were mandated to create a scheme in isolation on a deadline, without having input either from navigation apps or from consumers, and without any requirement that web browsers or other operating systems would need to support the same scheme.
As another comment pointed out - it doesn't work. Websites and apps still integrate with a navigation product directly, rather than use this scheme. And why wouldn't they? Even if it was launched worldwide on iOS, it still is just a defined subset of any particular navigation product functionality. It also is just yet another navigation option to integrate into your platform, since the feature still wouldn't be available on desktops/Android.
Until everyone is sitting at the table wanting to work towards interoperability, the feature simply can't work. So why perpetuate a broken chooser into other markets?
Self-imposed isolation and deadline.
> without having input either from navigation apps or from consumers
Because Apple never asked either navigation app developers or consumers since "Apple knows best" and spent several years fighting DMA instead of implementing these features.
> Websites and apps still integrate with a navigation product directly, rather than use this scheme.
Because there was no scheme to begin with, and when Apple finally relented and made it, it only made it available in the EU.
> Until everyone is sitting at the table wanting to work towards interoperability, the feature simply can't work.
Yes, Apple doesn't want to sit at the table to work towards interoperability.
Apple Maps was made default on iOS in 2012. They literally only implemented the "scheme" last year, 13 years later.
DMA entered force in 2022. Apple had known about it coming for at least two years before that.
And even without DMA that would be a proper thing to do to begin with which they had to be forced to do by government action.
It’s paternalistic, but I agree with Apple that free for all access to this kind of data is not a great idea. Ironically, before this could work we’d actually need much more EU style data regulation, and more consistently enforced.
Ultimately I think it's important for the EU to regulate companies like apple to ensure competition. But in this instance, it doesn't seem like we have all the other pieces in place that would be necessary for a sensible rollout of that.
Funny how the word user never enters these conversations. As in user device that the user has paid for and where the user should have a choice of what the user wants to do.
And we know why. E.g. Apple literally argues that giving users more choice forces Apple to give users less choice: https://www.apple.com/newsroom/2025/09/the-digital-markets-a...
Apple uses "privacy and security" as a cudgel to prevent anyone from breaking into the vendor lock in. To the point that EU actually had to explicitly tell Apple what to do [1], as Apple delayed features, made them extremely hard or convoluted for third-parties to use, and pulled every trick out of the malicious compliance manual.
This whole virtual assistants thing will drag on for another several years.
Edit: I mean they show their models accessing and changing a password on the user's bank site at the same time as accessing and changing passwords on another random site. Which is one prompt away from exfiltrating user data. So spare me the "Apple knows best about privacy and security so they should keep any access to their platforms locked down"
[1] https://digital-markets-act.ec.europa.eu/developer-portal/in...
Apples incentives are not, currently, as strongly misaligned with their user interests as many other tech firms (meta, google, random startups, etc). Going slowly might not be a bad idea for most people here.
That said, I hadn't seen the demo you mention. If they do do that (bank passwords etc) they are stupider than I thought they would be.
Unless Apple proves otherwise I'm more inclined to believe they're either 1. Using this to try and shape the DMA in their own interest (definitely not their users' interest) or 2. Doing something with the data that would not be allowed in the EU (also not in their users' interest at all) or both.
https://www.macworld.com/article/3156959/apple-to-use-google...
People have to stop thinking Apple is somehow different.
> Apple’s going to try to run as much of the new Siri as possible on-device
Anthropic and OpenAI don't have edge models.
https://www.apple.com/newsroom/2026/06/due-to-dma-siri-ai-de...
I primarily want Apple to provide extension points so that I can select my own provider, just as I can choose where to host my mail or install another app as my instant messenger.
Sure, I could install another provider's app, but it wouldn't have the same integrations, similar to how an instant messaging app would be less useful if notifications were limited to iMessage.
Apple doesn’t want to configure its private cloud to run every model. This seems fine.
The alternative would be to just stop invasive tracking and add the cookie when it’s actually needed.
Many US based companies also do this for US visitors, which is absolutely not required by the GDPR and related regulations, because they don't apply there.
The law states:
> Receive users’ consent before you use any cookies except strictly necessary cookies.
Strictly necessary:
> These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies.
You don't need consent for MOST reasonable uses of cookies. If compliance theatre wasn't such an industry the web would be a lot tidier and we could stop blaming the EU for implementing important privacy and data controls.
I agree with you that cookies banners are used more than legally necessary. They are a consequence of the law nonetheless.
For what it's worth, Apple claimed they proposed an "equivalent access" framework with some kind of "trusted agent framework" approach, but that it was shot down by the EU. I suspect it was way more inconvenient for third-party developers than Apple lets on.
“Make your reminder app’s actions available to Apple Intelligence and Siri by adopting schemas for common reminder actions.”
https://developer.apple.com/documentation/appintents/app-sch...
If anything it should concern fellow Europeans that consumers are paying more for less and later.
You can run smaller models on cheap commodity hardware.
Your phone can probably run one of these:
https://play.google.com/store/apps/details?id=com.google.ai....
https://apps.apple.com/us/app/google-ai-edge-gallery/id67496...
I’m not saying people who hold this view are being dishonest at all. But sometimes, to me, brands like Harley-Davidson or Apple seem closer to a cult than to a typical corporation.
I probably wouldn't use it without that. It's one thing sending my shitty code to be trained on, and another thing entirely to give these companies access to my personal life and information.
I bet it's Apple and not the user.
I suspect if you paid apple enough money, and were willing to prove that your personal Private Cloud Compute did meet their requirements, it wouldn’t be impossible.
The hardware isn't a real justification, just a convenient fig leaf.
When you have to image a highly irrational reason to explain why groups of people do the things they do, there's a decent chance you just don't understand their perspective. They may be acting reasonably rationally from their own perspective. (As you said yourself: "I honestly don't understand...")
What a blunder, they resisted AI for like 2 years when it was all the buzz, and now when the bubble is about to bust and every user has AI fatigue they decide to finally dip into the fad?
Before it was as if avoiding AI was a conscious design decision, and if there was an AI crash, Apple would be the only survivor left. Now it feels like they weren't in on the meme out of incompetence and are now late to the party.
No one can know what Jobs' stance would be, but I like to think he would be anti-slop
I can recommend my own layered approach, using the lowest capability models that get stuff done:
1. I maximally use local models like gemma4:26b-a4b-it-qat for everything that works with this free option.
2. I like paying for inexpensive APIs for mid-tier models like deepseek v4 flash, gcp-5-mini, gemini-2-flash for things that option 1. fails at. This option is almost free.
3. Pay for more expensive APIs like deepseek v4 pro, gemini 3.5 flash, etc. This option is not too expensive.
4. If all else fails on a class of tasks, then pay for awesomeness of Claude Opus. $$ expensive, I try not to use unless absolutely necessary.
I think developers and companies that just cram everything into Claude Opus are unprofessional.
LLMs we all agreed were amazing back in 2023-2024.
What's happening now with AI is more of a corporate phenomenon quite removed from the actual tech.
Yes LLMs are useful, but replacing customer support with an LLM that gives user accounts away, or calling LLMs on a loop where the bottleneck is your checkbook and calling it AGI, those are phenomenons that are separate from LLMs.
Also I have seen that Apple has some strange lust towards image generation as if that's what people really want. I have this slop image generation thing on my phone and it is useless.
Here's what I want: natural language interaction to achieve complex workflows in iPhone. Example: find the cheapest way to go from A to B and book it using the Deutsche Bahn Train app.
If they don’t like this in the future they can just change to the less convenient, less secure, and likely more expensive bedrock + SOTA.
Even if it's a bad take, call out what's wrong with the take, rather than attack the author.