Chainfeeds Summary:
Users should always be empowered and retain true control over the system as much as possible.
Article source:
https://vitalik.eth.limo/general/2026/04/02/secure_llms.html
Article Author:
Vitalik Buterin
Opinion:
Vitalik Buterin: Ultimately, local AI is still far from sufficient to perform many of the important tasks I care about. There is indeed a class of tasks with limitations, such as transcription, summarization, translation, spelling, and grammar checking, which local AI can already perform quite well even on laptops and phones with performance far inferior to my test devices. But there is another class of tasks that will continue to significantly benefit from “stronger intelligence,” tasks that local AI is currently far from capable of handling. For me, writing code is a prime example, as is complex intellectual work. The weaker your device, the fewer things a local large model can do. Ideally, I would like to see a multi-layered, defensive approach to using remote large models, minimizing the personal information you expose. This includes hiding both the origin and content of requests: 1) Privacy-preserving ZK API calls: allowing you to call APIs without the server knowing who you are or even being able to determine if two requests come from the same user. Deanonymization is now very easy, so each query must be uncorrelated with the others. This can be achieved through zero-knowledge cryptography; for example, the ZK-API scheme I proposed with Davide, and the OpenAnonymity project, which is building a similar system. 2) Mixnets: By scrambling network paths, servers cannot associate a request with its preceding and following requests via IP address. 3) Inference in a TEE: A Trusted Execution Environment (TEE) is a type of hardware that ensures no information is leaked except for program output and provides cryptographic proofs of what the currently running program is. Therefore, you can verify the hardware proof to confirm that it is simply executing the process of "decrypting data → running large model inference → cryptographic output" without logging in between. Of course, TEEs are frequently compromised and cannot be considered absolutely secure; however, as long as you verify its proof signature locally, it can still significantly reduce the risk of data leakage. The combination of ZK-API and mixnets was originally designed for privacy-preserving large model inference, but it is actually applicable to almost all interactions with the outside world. Search engine queries can leak a lot of personal information, and you may also need to call various APIs. Many APIs are free now, but with the pressure of increasing AI usage, they may gradually become paid. In this context, promoting the adoption of ZK-API for all paid APIs, or at least providing an easy-to-use ZK-API proxy, is a logical direction. If API providers are concerned about abuse, ZK-API solutions also include slashing mechanisms to penalize abusive requests; if necessary, these rules can even be adjudicated by a pre-agreed large model and executed via on-chain smart contracts. Simultaneously, making hybrid networks the default mode of internet communication is equally important.
Content source 
