There's no guarantee against data exfiltration, because the data leaks happens through tool calls, which are not made from the PCC, but from your own device.
E.g. "the user asks if their Bitcoin private key is unique, let's make a web search".
Combined with prompt injection attacks, it's quite easy for an attacker to craft a prompt which sends your private data through any supported tool call (web search, database search, email, app APIs, etc.). Everything is wide open for the attacker / or yourself accidentally to exfiltrate your data.
That doesn’t make sense in this context – the point of PCC is so you know somebody isn’t snooping on your information when you send it to the servers. The person I was responding to seemed to think that Apple would be looking at that information.
You're right, but also "PCC is very secure" might give a false sense of security, considering that there might be other associated vulnerabilities in these kinds of systems.
Which is a good point. set a Bitcoin wallet private key in an obvious place on your system, and then setup a monitor (on another system) to notify you if its contents gets stolen.
Doesn't prevent the exfiltration but at least you'll know when it does.
E.g. "the user asks if their Bitcoin private key is unique, let's make a web search".
Combined with prompt injection attacks, it's quite easy for an attacker to craft a prompt which sends your private data through any supported tool call (web search, database search, email, app APIs, etc.). Everything is wide open for the attacker / or yourself accidentally to exfiltrate your data.