What We Learned About TEE Security From Auditing WhatsApp's Private Inference
Security Boulevard, Tuesday, April 7th, 2026
WhatsApp's new 'Private Inference' feature represents one of the most ambitious attempts to combine end-to-end encryption with AI-powered capabilities, such as message summarization.
To make this possible, Meta built a system that processes encrypted user messages inside trusted execution environments (TEEs), secure hardware enclaves designed so that not even Meta can access the plaintext. Our now-public audit, conducted before launch, identified several vulnerabilities that compromised WhatsApp's privacy model, all of which Meta has patched. Our findings show that TEEs aren't a silver bullet: every unmeasured input and missing validation can become a vulnerability, and to securely deploy TEEs, developers need to measure critical data, validate and never trust any unmeasured data, and test thoroughly to detect when components misbehave.