RSS

Home Menu Apple's Siri-AI, or more shouting into the void about "private" agents

cdrnsf1 pts0 comments

Apple’s Siri-AI, or more shouting into the void about "private" agents – A Few Thoughts on Cryptographic Engineering

Skip to content

Home

Menu

Apple’s Siri-AI, or more shouting into the void about "private" agents

Matthew Green<br>in Apple, privacy

June 9, 2026June 9, 2026

2,681 Words

Yesterday Apple announced a big step towards deploying real AI in their Siri ecosystem. The deal describes a partnership with Google to inject that company’s advanced LLM models into Siri. In some ways this is good and inevitable: Siri is one of the world’s most preeminent voice agents, and it would probably be good if it didn’t suck. The idea that Apple would boost its capabilities with models from a frontier LLM lab wasn’t so much a matter of "if", but a question of "when" and "who".

The who turns out to be Google: Apple looks like it will use some combination of Google Gemini models, combined with Google’s Confidential Inference and Apple’s own Private Cloud Compute for private hosting. These systems will process both your questions and evaluate private data from your devices. Apple pitches the advantages as follows:

First, since your phone already has context about you — i.e., your private information, schedules, email, text messages — Google-Siri can potentially offer much more useful and personalized answers to your practical questions than other LLMs. Want to schedule a reservation for next week’s birthday party? In theory, a future Siri-AI might know who’s coming, and what cuisine they like.

Of course, what Apple calls "context" is the raw data of your life. It can’t just be shipped to random adtech companies (or Sam Altman) for processing. This data needs to be protected, and Apple is a privacy company.

Apple has addressed this apparent contradiction with a service it calls Private Cloud Compute, or PCC. PCC was introduced in 2024 as a private model inference system that ran entirely on Apple Silicon, using a set of "trusted" hardware security modules running in Apple’s datacenters. The goal of this system is to ensure that your data never leaves Apple’s hardware: it’s encrypted from your phone to the server, and then it disappears once a response reaches your phone. This ensures (in principle) that even Apple can’t see what you’re doing with it.

Apple has since "expanded" PCC to encompass Google’s hardware as well. I will confess that I find the details of the new "expanded" PCC just a tad vague. It sounds a lot like Apple is really just going to rely on Google’s existing confidential compute (running in Google datacenters) to process this data, but they’re bolting on a new layer of technical security to control which software is actually running. In any case, this is all fine. Security experts can argue about whether this is good enough to keep Cozy Bear away from your data. What I will grant is that it’s certainly good enough to keep Google and Apple from accessing your stuff, which is what most people are worried about in the first place.

So why am I so nervous?

Private inference is nice, but to be useful, agents need to talk to people.

Let me walk you through the future of personal agents. Or rather, not the future. But one possible future that you might experience over the next couple of years. To illustrate how agents might work, it’s helpful to consider an example use case.

Let’s imagine that you’re planning a business dinner for six people. This involves several subtasks:

You need to juggle the participants’ schedules, know when they’re in town and available to meet.

You need to choose the appropriate restaurant based on menu and location. This might depend on what you know about the participants’ preferences: Mike is wildly allergic to szechuan peppercorn, for example, which rules out many options.

With these time/cuisine/location constraints in place, you’ll need to search for a restaurant that actually has a table for six in the right place.

Finally, you’ll need to book the reservation, mark your calendar, and alert your attendees.

In the past, this type of scheduling required a significant amount of human effort. The beauty of AI agents is that, in theory, this is exactly the sort of project that can be automated. The agent can scan your recent conversations to answer the questions of steps (1) & (2), then perform the searches in step (3). With a nod from you, it can even author the calendar invites and text messages required to complete step (4).

So what’s the problem here?

A first observation is that being really useful on (1) requires your agent to have context, which means: relatively unrestricted access to your private data. You know about your invitees’ availability because they texted it to you. You know about Mike’s allergy because you’ve talked about it with him or jotted it down somewhere. (This could mean iMessages, email, contacts, or personal notes.) Re-entering all of this data into an agent would be annoying and time consuming and the whole point of an agent is to...

apple private google siri agents data

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.