August 14, 2025 – Yesterday, on August 13, tech media outlet AppleInsider posted a blog post revealing that Apple recently made public the recorded speeches and research findings from its 2025 Privacy-Preserving Machine Learning (PPML) Workshop. The event centered on the security mechanisms for safeguarding user data during AI processing.
Over the two-day gathering, experts from tech behemoths like Apple, Microsoft, and Google DeepMind, along with scholars from various universities, came together. They engaged in in-depth discussions about the overlapping challenges of privacy and AI.
According to the blog post, the workshop was structured around four main topics: private learning and statistics, attacks and security, the theoretical foundations of differential privacy, and large models and privacy. The overarching goal was to drive forward the development of technologies that “foster innovation while protecting privacy.”
Several research projects at the meeting focused on direct protection mechanisms for users. For instance, Google’s AirGapAgent proposed a way to prevent information leakage from conversational agents by restricting data access. This approach effectively thwarted “single-query context hijacking attacks.” Experiments showed that such attacks could cause a sharp drop in the data protection rate of Gemini Ultra, from 94% to just 45%. However, with AirGapAgent in place, the protection rate remained at a high 97%.
On the technical implementation front, Apple introduced Wally, a scalable private search system. It supports efficient semantic and keyword queries. Traditional solutions struggle with scalability because they perform high-cost encryption operations on every database record. In contrast, Wally achieves higher throughput through architectural optimizations.
Other research papers presented at the workshop covered theoretical advancements in differential privacy. These included the “Generalized Binary Tree Mechanism for All-Pairs Distance Approximation in Differential Privacy” and the “Nearly Tight Black-Box Auditing Method.” Additionally, the “Elephant Never Forgets” mechanism was introduced to tackle the issue of privacy budget management in scenarios with continuous state.
