FPF Hosts Frontiers Workshop on Privacy, AI, and Emerging Infrastructure
On June 10, 2026, the FPF Center for Artificial Intelligence convened a Frontiers Workshop in Washington, DC. Held as part of FPF’s National Science Foundation (NSF) and the Department of Energy (DoE)-funded Privacy-Enhancing Technologies (PETs) Research Coordination Network, the workshop brought together privacy and frontier AI practitioners to examine challenges at the intersection of data governance and AI systems.
Across three sessions, participants explored the technical infrastructure needed to responsibly deploy AI tools in sensitive data environments. Discussions centered on the systems, protocols, and evaluation methods that enable privacy-preserving AI in practice, including: the infrastructure that supports AI deployment; approaches for evaluating AI systems without exposing sensitive information; and the ways AI assistants collect, process, and reveal information about their users.
The workshop featured presentations from Andrew Gruen, CEO at Working Paper and FPF Senior Fellow; Bennett Hillenbrand, President and CPO at Working Paper and Head of Product at MLCommons AIRR; and Libby Hemphill, Associate Professor at the Inter-university Consortium for Political and Social Research (ICPSR), University of Michigan; each highlighting a different aspect of the problem space:
- E-waste as a privacy-enhancing technology: Libby Hemphill (ICPSR) examined the challenges researchers face when using AI tools on sensitive datasets governed by institutional protocols, IRB rules, and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the GDPR. Because these requirements often prohibit sending sensitive data to commercial AI services, organizations rely on compliant alternatives, such as cloud and local data centers, which are costly and carbon intensive. Hemphill presented an alternative approach using repurposed smartphones, run as air-gapped local clusters, demonstrating how existing hardware could support private, auditable, portable, and sustainable on-premises AI.
- Federated evaluation with MedPerf: Bennett Hillenbrand (MLCommons) focused on a common challenge in AI evaluation: balancing the privacy requirements of data holders, the intellectual property interests of model providers, and the integrity of the benchmark itself. Hillenbrand demonstrated how, with confidential computing, evaluations can be performed where the data resides without exposing either the underlying data or the model itself, returning only test results.
- Model Context Protocol (MCP) servers and the instrumented document: Andrew Gruen (Working Paper) concluded the presentations with a live demonstration of how AI can turn a static privacy policy into an interactive tool that answers users’ questions. The demonstration also highlighted an important privacy consideration: the same systems that enable interactive assistance can also infer and log unexpected information about users.
Across all three sessions, the binding constraints involved infrastructure and protocol rather than policy. When AI is brought into sensitive data settings, the decisive controls increasingly live in the physical substrate (what hardware runs the model and where), the execution environment (whether data and tests are exposed during evaluation), and the interface layer (what an AI assistant discloses about its user). As one presenter put it, physical security beats policy: a contract can be circumvented, but physics cannot. The corollary, recurring throughout, is that the same instrumentation that makes these systems governable also generates new and sensitive data — insight and liability arrive together.
The workshop concluded with a collaborative discussion of outstanding concerns for the AI governance community: governance of the “output space” in federated evaluation, standards for local AI inference, user visibility and authorization, the reliability of self-reported intent data in the presence of persona manipulation, and approaches for measuring system reliability that could support market-based governance.
Interested in receiving more information about events like this? Email us at [email protected].
The Research Coordination Network (RCN) for Privacy-Preserving Data Sharing and Analytics is supported by the U.S. National Science Foundation (Award #2413978) and the Department of Energy (Award #DE-SC0024884).