Google details cloud-based Private AI Compute system for securing Pixel data

Google LLC today detailed Private AI Compute, a cloud-based system it uses to power its Pixel handsets’ artificial intelligence features.

Some of the AI models used by the latest Pixel 10 smartphone series are too large to run on-device. As a result, Google hosts them in its cloud. Private AI Compute is designed to protect the user data that Pixel 10 phones send to the search giant’s cloud-based AI models.

The models run on servers equipped with Google’s custom tensor processing unit machine learning accelerators. The company debuted its newest TPU, Ironwood, in April. It runs in clusters that contain up to 9,216 chips with 42.5 exaflops of aggregate performance.

The TPUs that power Private AI Compute are installed in specialized, hardened servers. Google has disabled the machines’ shell access, a capability that enables administrators to modify sensitive software components. Many cyberattacks exploit shell access to install malware.

Pixel devices don’t connect to TPUs directly, but rather go through intermediary servers powered by central processing units from Advanced Micro Devices Inc. Google uses a feature called SEV-SNP that AMD ships with its CPUs to reduce the risk of breaches.

SEV-SNP splits a server’s memory into encrypted segments that can only be accessed by the virtual machines that use them. As a result, the memory can’t be decrypted by the hypervisor or operating system. That means the operator of the underlying infrastructure, in this case Google, has no way of viewing users’ data.

SEV-SNP also includes mitigations against side channel attacks. Those are cyberattacks that attempt to extract sensitive data by analyzing physical server properties such as fluctuations in a machine’s power consumption.

Pixel phones connect to Google’s AMD-powered intermediary servers via encrypted connections. Before establishing a connection, the search giant verifies the servers using a technique called attestation. The method uses technical data about a system to check that it’s not malicious. 

Google routes Private AI Compute network traffic through systems called IP blinding relays. The purpose of the systems is to hide Pixel users’ IP addresses. Without an IP address, a hacker seeking to eavesdrop on a specific user has no way of distinguishing the user’s traffic from other network data, which makes cyberattacks impractical to carry out.

The company is using Private AI Compute to power Pixel’s Recorder transcription app. According to the search giant, the system enables Recorder to provide transcription summaries in more languages than would otherwise be possible. Private AI Compute also underpins Magic Cue, a new set of Pixel features that help users find data stored in Google services.

“This is just the beginning,” Jay Yagnik, Google’s vice president of AI innovation and research, wrote in a blog post. “Private AI Compute opens up a new set of possibilities for helpful AI experiences now that we can use both on-device and advanced cloud models for the most sensitive use cases.”

Image: Google

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

• 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
• 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.

About SiliconANGLE Media

SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.