Apple offers $1 Million for AI ‘Bug Hunters’

quantri
08/07/2025
10 months

Apple is calling on cybersecurity experts globally to participate in a “hunt” for security vulnerabilities within its AI Cloud system, offering an attractive reward of up to $1 million.

Apple is highly confident in the security capabilities of its in-house developed artificial intelligence system, evidenced by the company’s offer of a $1 million bounty for anyone who can hack its system servers.

Apple has integrated Apple Intelligence features on iPhone, iPad, and Mac, allowing the system to process user requests via its Private Cloud Compute (PCC) servers. While this solution increases processing speed, it also poses a potential security risk as user data could become a target for hackers (threat actors).

To ensure user safety and privacy, Apple commits to deleting all requests after processing and employs end-to-end encryption to protect the data. The company asserts that it cannot monitor these requests, even while in control of the server system.

Apple has announced a security bounty program (or bug bounty program), encouraging security researchers to seek security flaws (or vulnerabilities) in the PCC server system.

The highest reward, up to $1 million, is designated for an individual or group capable of a remote attack and remote code execution (RCE) on the PCC servers. The next tier of $250,000 is for exploits that can retrieve user data.

Initially, Apple only invited a select group of security experts, but the opportunity has now expanded to other researchers. “To encourage further research on the PCC servers, we are expanding the Apple Security Bounty Program,” an Apple representative stated.

“We believe that PCC is the most advanced security architecture ever deployed for large-scale cloud AI compute, and we look forward to collaborating with the research community to build confidence in the system and make it even safer and more secure over time,” the representative added.

Apple is not alone; major tech companies like Microsoft and Google also frequently offer large rewards to security experts who discover critical bugs or severe vulnerabilities. This approach helps companies save costs compared to having to deal with the aftermath when security vulnerabilities are exploited by hackers.

Source: Tạp chí An toàn thông tin (The Information Security Magazine)