Public Report from NCC Group: Google Private AI Compute Review (www.nccgroup.com)

Google commissioned NCC Group in spring 2025 to perform a multi-stage security review of Private AI Compute, its cloud system designed to extend on-device AI while preserving local privacy guarantees. The engagement ran April–September and was delivered remotely by ten consultants over 100 person-days. Phase 1 (April–May) was an architecture review; Phase 2 (June–September) drilled into selected components: Stage 1 analyzed cryptography in the Oak Session Library and the attestation/encryption flow between front-end services and the Model Serving Component; Stage 2 examined the IP‑blinding relay, performed a cryptographic assessment of the T‑Log system, reviewed Outbound RPC Enforcement configuration, and conducted a source‑code review of the Private AI Compute frontend server. For the AI/ML community this signals stronger third‑party scrutiny of hybrid device→cloud pipelines that promise local‑equivalent privacy while using remote compute. The technical focus—attestation and encryption for front-end↔model serving, IP‑blinding to prevent model or data exfiltration, T‑Log integrity, and outbound RPC controls—targets the core primitives that preserve confidentiality, integrity, and anti‑exfiltration in model serving. Broader implications include improved trust and operational hardening of privacy‑preserving ML deployments, a precedent for independent audits of such systems, and potentially clearer best practices for cryptographic attestation, telemetry logs, and RPC containment in production ML stacks.