In spring 2025, Google hired NCC Group to review its Private AI Compute system, which aims to enhance mobile AI capabilities using cloud resources while maintaining user privacy. The review process involved two main phases, focusing on both architecture and specific security components. Phase 1 consisted of an architecture review, conducted over April and May. This laid the groundwork for understanding how the system was structured. Phase 2, spanning June to September, included a more granular examination of selected components, divided into two stages. The first stage assessed cryptography security, particularly the Oak Session Library and the mechanisms for attestation and encryption between the front-end services and the Model Serving Component. The second stage covered a range of security evaluations, including the IP-blinding relay, the T-Log system, Outbound RPC Enforcement, and a source code review of the Private AI Compute frontend server. The entire program involved ten consultants working remotely, totaling 100 person-days of effort. This thorough review aimed to ensure that Google’s cloud-based AI services could offer enhanced performance without compromising the privacy and security of user data.