Starting in the spring of 2025, Google engaged NCC Group to conduct a series of reviews involving selected aspects of their Private AI Compute in the cloud system. The purpose of the Private AI Compute system is to extend the AI capabilities of a mobile device with more powerful cloud computing resources while aiming for the user data to still have the same privacy guarantees as with local-only computations.
This program of work consisted of the following:
- Phase 1: focused on an architecture review of the Private AI Compute system.
- Phase 2: detailed review of selected components of the Private AI Compute system, further broken down into two stages:
- Stage 1: cryptography security assessment of the Oak Session Library and the implementation of attestation and encryption between front-end services and Model Serving Component.
- Stage 2: security analysis of IP-blinding relay, a cryptography security assessment of the T-Log system, a configuration review of Outbound RPC Enforcement, and a source code review of Private AI Compute frontend server.
Phase 1 took place in April-May, while Phase 2 took place in June-September. The program was delivered remotely by ten consultants, with a total effort of 100 person-days.