https://engineering.fb.com/2025/04/29/security/whatsapp-private-processing-ai-tools/
Meta’s WhatsApp has announced a new privacy-focused technology called ‘Private Processing’ that will allow users to access advanced artificial intelligence features while maintaining data security. The system is designed to enable AI functionalities like message summarization and writing suggestions that are too computationally intensive to run directly on users’ devices.
The new feature, which will be rolled out gradually over the coming weeks, will be entirely opt-in and disabled by default, giving users complete control over when their data leaves their device for AI processing.
Private Processing employs several layers of security to protect user privacy. When activated, the system first performs anonymous authentication through the user’s WhatsApp client. It then retrieves public encryption keys from a third-party content delivery network (CDN), ensuring Meta cannot trace requests back to specific individuals.
To further enhance privacy, users’ devices connect to Meta’s gateway through a third-party relay that masks their real IP addresses. The connection establishes a secure session between the user’s device and Meta’s Trusted Execution Environment (TEE), using remote attestation and TLS protocols.
All requests for AI processing use end-to-end encryption with ephemeral keys, and the processing occurs inside a Confidential Virtual Machine (CVM) that remains isolated from Meta’s main systems. According to Meta, the processing environment is stateless, with all messages deleted after processing, retaining only “non-sensitive” logs.
“The AI-generated response is encrypted with a unique key only known to the device and processing CVM and is sent back over the secure session for decryption on the user’s device,” the company explained.
To build trust in the system, WhatsApp has promised to share the CVM binary and portions of the source code for external validation. The company also plans to publish a detailed white paper explaining the secure design principles behind Private Processing.
Despite these security measures, privacy experts note that sending sensitive data to cloud servers always carries some inherent risk, even with robust encryption in place. Users concerned about data privacy can either keep the feature disabled or utilize WhatsApp’s recently launched ‘Advanced Chat Privacy’ feature, which provides more granular control over when data can leave the device.