What we learned about TEE security from auditing WhatsApp's Private Inference (blog.trailofbits.com) AI

Trail of Bits reports findings from an audit of Meta’s WhatsApp “Private Inference,” which uses TEEs to run AI message summarization without exposing plaintext to Meta. The review found 28 issues, including high-severity problems that could undermine the privacy model, and describes fixes focused on correctly measuring and validating inputs, verifying firmware patch levels, and ensuring attestations can’t be replayed. The authors argue TEEs can support privacy-preserving AI features, but security depends on many deployment details—such as input validation, attestation freshness, and negative testing—not just the underlying TEE isolation.