Google Private AI Compute [pdf] (services.google.com)

Google today published Private AI Compute, a cloud service and architecture for running private, high‑capacity inference of its latest Gemini models while preserving user data confidentiality. The offering aims to deliver “on‑device‑like” privacy for richer, proactive personal assistants that need access to sensitive signals (audio, messages, screens) but require the scale of cloud models. Google says the initial design was externally audited and supports millions of queries per second on a globally distributed serving stack powered by hardened TPUs (Titanium Intelligence Enclave) and confidential CPU VMs. Technically, Private AI Compute combines hardware roots of trust (AMO/AMD SEV‑SNP TEEs for CPU workloads, hardened TPU platform for LLM workloads), mutual attestation, end‑to‑end encrypted channels (Noise + ALTS), binary authorization, IOMMU/memory encryption, and ephemeral VM isolation to minimize the trusted computing base and defend against insider or physical attacks. It also supports confidential federated analytics (open‑source Oak on SEV‑SNP) to surface only differentially private aggregates. Practical implications: developers can run large, private inferences in the cloud without exposing raw user data to Google operators, enabling richer personalized AI while retaining strong auditability and cryptographic protections — though broader independent attestation and ongoing transparency are listed as future steps.