Rakshita Tandon, Google
Understanding real-world usage is critical for improving Generative AI, yet traditional analytics often risk exposing sensitive input data. This talk outlines Provably Private Insights (PPI), a novel framework that enables developers to gain deep analytical utility without compromising user privacy. PPI bridges the gap between raw data and actionable insights by integrating Trusted Execution Environments (TEEs) for external transparency and verifiability, "Data Expert" LLMs for interpreting unstructured data within secure enclaves, and Differential Privacy (DP) for mathematically-guaranteed anonymity in aggregation. The talk describes the open-sourced system architecture, and its real-world application in the Recorder app. This framework illustrates the shift beyond classic data analytics toward a "provably private" standard where server-side processing is transparent, verifiable, and restricted to privacy-preserving computations.
Authors: Albert Cheu, Artem Lagzdin, Brett McLarnon, Daniel Ramage, Katharine Daly, Marco Gruteser, Peter Kairouz, Rakshita Tandon, Stanislav Chiknavaryan, Timon Van Overveldt, Zoe Gong
I'm a Software Engineer at Google Research, specializing in the development of privacy-preserving technologies. My current work focuses on building large scale systems to enable provably private machine learning and data science on decentralized data by leveraging externally verifiable Trusted Execution Environments (TEEs). Previously, I graduated from the University of Pennsylvania (UPenn) with a Master's in Computer and Information Sciences and a B.Tech from the University of Delhi.
author = {Rakshita Tandon},
title = {Toward Provably Private Insights into {AI} Use},
year = {2026},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}
