Apple ML researcher Vitaly Feldman Presentation at the workshop – Image credit: Apple
Apple shares recordings of talks from workshops on privacy and machine learning, showing how to consider how to use AI to protect user data while it is being processed.
Apple has repeatedly claimed to be a privacy-ready company, including its AI and machine learning efforts. Following the workshop on privacy preservation in machine learning, Apple shared details and presented public works announced at the event.
The Privacy Machine Learning (PPML) workshop was a two-day event in 2025. He played the host of researchers both inside and outside Apple to discuss PPML in general.
The presentation lists participants from various universities, Google Research, Google Deepmind and Microsoft Research.
The workshop focuses on four areas: private learning and statistics, attack and security, discriminatory privacy fundamentals, basic models and privacy.
Apple explains that presentations and discussions are about evolving the intersection of privacy, security and AI landscapes. There was a discussion about the challenges of building a privacy-enabled AI system.
The privacy debate “fosters innovation while protecting user privacy,” Apple writes.
Deep Thoughts
Apple's work from the presented presentations and events covers a considerable area of the field of AI and privacy.
One topic that was discussed multiple times was ways to protect users more directly, such as creating a privacy-enabled conversation agent. With the potential threat of malicious actors exploiting the contextual knowledge skills of chatbots, Airgapagent has been proposed as a way to prevent leaks through limited data access.
This paper argues that it is stronger than the agents currently available. The “single query context hijacking attack” against Gemini Ultra Agent reduced user data protection from 94% to 45%, while Airgapagent maintained a 97% rate.
Similarly, “user inference attacks on large-scale language models” describes how malicious actors can determine whether responses from LLM have been fine-tuned using user data. If so, the paper asks what can be discovered and how can it protect such attacks.
Another presented a scalable private search system called Wally, which supports efficient semantics and keyword queries. This paper explains how systems do it at a larger scale than others. This can get stuck due to the machining-intensive encryption operations used for each database entry.
Other talks include “Generalized binary tree mechanisms for discriminantly private approximation of all pair distances, “A near-tight black box audit of discriminantly private machine learning,” and “Elephants never forget: Discriminatory privacy with state continuity for privacy budgets.”
Privacy and innovation
This is not the first workshop Apple has dedicated itself to machine learning subjects. In 2024, we held a workshop on “human-centered machine learning” and presented a lecture in July 2025.
The release of published papers from a privacy-focused workshop is also very appropriate, given the constant criticism that the machine learning industry has to deal with.
In July, Apple had to argue that AI training was ethical. This is because if the publisher doesn't agree with the practice, it won't rub the data from the source.
However, in August it was revealed that AI startup baffling was actively working on restrictions like robots.txt. The report determined that even if you said you couldn't use robots.txt, you would still use the second browser agent to crawl the webpage.
Apple's own efforts in machine learning have been seemingly upset in public, and the extended delays affecting the much-anticipated Siri upgrade under Apple Intelligence.
By continuing to push the message that privacy is most important and demonstrating walking on walks, Apple shows that at least its field work is as ethical as possible compared to its rivals.
Even though it's quite behind in comparison.
