What happened
Apple unveiled an upgraded Siri at its Worldwide Developers Conference, enabling the assistant to execute complex, cross-app tasks like planning events and drafting messages without user intervention. This new Siri AI, powered by Apple Foundation Models and a "system orchestrator," requires deep access to personal data including mail, photos, and calendars. Complex requests offload to Private Cloud Compute, which Apple states does not retain user data and is inspectable. The largest cloud model reportedly derives from a 1.2 trillion parameter Gemini model licensed from Google for approximately $1 billion annually. Siri AI will not launch on iPhones or iPads in the EU due to Digital Markets Act concerns.
Why it matters
Siri's expanded cross-app functionality significantly broadens the attack surface for prompt injection, exposing sensitive user data to potential misuse. Security architects and platform engineers must now contend with the "lethal trifecta" risk, where an agent reading private data, ingesting untrusted content, and transmitting information can be exploited, as demonstrated by the EchoLeak vulnerability in Microsoft 365 Copilot. This deep data access, coupled with a reported $1 billion annual licensing fee for a Google model, introduces new third-party dependencies and privacy challenges, particularly evident in Apple's decision to restrict the feature's EU rollout on certain devices. Procurement teams face new scrutiny over model licensing and cloud compute arrangements.
