Skip to main content

13 posts tagged with "AI"

View All Tags

Decentralized AI Inference Markets: Bittensor, Gensyn, and Cuckoo AI

· 71 min read
Dora Noda
Dora Noda
Software Engineer

Introduction

Decentralized AI inference/training markets aim to harness global compute resources and community models in a trustless way. Projects like Bittensor, Gensyn, and Cuckoo Network (Cuckoo AI) illustrate how blockchain technology can power open AI marketplaces. Each platform tokenizes key AI assets – computing power, machine learning models, and sometimes data – into on-chain economic units. In the following, we delve into the technical architectures underpinning these networks, how they tokenize resources, their governance and incentive structures, methods for tracking model ownership, revenue-sharing mechanisms, and the attack surfaces (e.g. sybil attacks, collusion, freeloading, poisoning) that arise. A comparative table at the end summarizes all key dimensions across Bittensor, Gensyn, and Cuckoo AI.

Technical Architectures

Bittensor: Decentralized “Neural Internet” on Subnets

Bittensor is built on a custom Layer-1 blockchain (the Subtensor chain, based on Substrate) that coordinates a network of AI model nodes across many specialized subnets. Each subnet is an independent mini-network focusing on a particular AI task (for example, a subnet for language generation, another for image generation, etc.). Participants in Bittensor take on distinct roles:

  • Miners – they run machine learning models on their hardware and provide inference answers (or even perform training) for the subnet’s task. In essence, a miner is a node hosting an AI model that will answer queries.
  • Validators – they query miners’ models with prompts and evaluate the quality of the responses, forming an opinion on which miners are contributing valuable results. Validators effectively score the performance of miners.
  • Subnet Owners – they create and define subnets, setting the rules for what tasks are done and how validation is performed in that subnet. A subnet owner could, for example, specify that a subnet is for a certain dataset or modality and define the validation procedure.
  • Delegators – token holders who do not run nodes can delegate (stake) their Bittensor tokens (TAO) to miners or validators to back the best performers and earn a share of rewards (similar to staking in proof-of-stake networks).

Bittensor’s consensus mechanism is novel: instead of traditional block validation, Bittensor uses the Yuma consensus which is a form of “proof-of-intelligence.” In Yuma consensus, validators’ evaluations of miners are aggregated on-chain to determine reward distribution. Every 12-second block, the network mints new TAO tokens and distributes them according to the consensus of validators on which miners provided useful work. Validators’ scores are combined in a stake-weighted median scheme: outlier opinions are clipped and honest majority opinion prevails. This means if most validators agree a miner was high-quality, that miner will get a strong reward; if a validator deviates far from others (possibly due to collusion or error), that validator is penalized by earning less. In this way, Bittensor’s blockchain coordinates a miner–validator feedback loop: miners compete to produce the best AI outputs, and validators curate and rank those outputs, with both sides earning tokens proportional to the value they add. This architecture is often described as a “decentralized neural network” or “global brain,” where models learn from each other’s signals and evolve collectively. Notably, Bittensor recently upgraded its chain to support EVM compatibility (for smart contracts) and introduced dTAO, a system of subnet-specific tokens and staking (explained later) to further decentralize control of resource allocation.

Gensyn: Trustless Distributed Compute Protocol

Gensyn approaches decentralized AI from the angle of a distributed computing protocol for machine learning. Its architecture connects developers (submitters) who have AI tasks (like training a model or running an inference job) with compute providers (solvers) around the world who have spare GPU/TPU resources. Originally, Gensyn planned a Substrate L1 chain, but it pivoted to building on Ethereum as a rollup for stronger security and liquidity. The Gensyn network is thus an Ethereum Layer-2 (an Ethereum rollup) that coordinates job postings and payments, while computation happens off-chain on the providers’ hardware.

A core innovation of Gensyn’s design is its verification system for off-chain work. Gensyn uses a combination of optimistic verification (fraud proofs) and cryptographic techniques to ensure that when a solver claims to have run a training/inference task, the result is correct. In practice, the protocol involves multiple participant roles:

  • Submitter – the party requesting a job (for example, someone who needs a model trained). They pay the network’s fee and provide the model/data or the specification of the task.
  • Solver – a node that bids for and executes the ML task on their hardware. They will train the model or run the inference as requested, then submit the results and a proof of computation.
  • Verifier/Challenger – nodes that can audit or spot-check the solver’s work. Gensyn implements a Truebit-style scheme where by default a solver’s result is accepted, but a verifier can challenge it within a window if they suspect an incorrect computation. In a challenge, an interactive “binary search” through the computation steps (a fraud proof protocol) is used to pinpoint any discrepancy. This allows the chain to resolve disputes by performing only a minimal critical part of the computation on-chain, rather than redoing the entire expensive task.

Crucially, Gensyn is designed to avoid the massive redundancy of naive approaches. Instead of having many nodes all repeat the same ML job (which would destroy cost savings), Gensyn’s “proof-of-learning” approach uses training metadata to verify that learning progress was made. For example, a solver might provide cryptographic hashes or checkpoints of intermediate model weights and a succinct proof that these progressed according to the training updates. This probabilistic proof-of-learning can be checked much more cheaply than re-running the entire training, enabling trustless verification without full replication. Only if a verifier detects an anomaly would a heavier on-chain computation be triggered as a last resort. This approach dramatically reduces overhead compared to brute-force verification, making decentralized ML training more feasible. Gensyn’s architecture thus heavily emphasizes crypto-economic game design: solvers put down a stake or bond, and if they cheat (submitting wrong results), they lose that stake to honest verifiers who catch them. By combining blockchain coordination (for payments and dispute resolution) with off-chain compute and clever verification, Gensyn creates a marketplace for ML compute that can tap into idle GPUs anywhere while maintaining trustlessness. The result is a hyperscale “compute protocol” where any developer can access affordable, globally-distributed training power on demand.

Cuckoo AI: Full-Stack Decentralized AI Service Platform

Cuckoo Network (or Cuckoo AI) takes a more vertically integrated approach, aiming to provide end-to-end decentralized AI services rather than just raw compute. Cuckoo built its own blockchain (initially a Layer-1 called Cuckoo Chain on Arbitrum Orbit, an Ethereum-compatible rollup framework) to orchestrate everything: it not only matches jobs to GPUs, but also hosts AI applications and handles payments in one system. The design is full-stack: it combines a blockchain for transactions and governance, a decentralized GPU/CPU resource layer, and user-facing AI applications and APIs on top. In other words, Cuckoo integrates all three layers – blockchain, compute, and AI application – within a single platform.

Participants in Cuckoo fall into four groups:

  • AI App Builders (Coordinators) – these are developers who deploy AI models or services onto Cuckoo. For example, a developer might host a Stable Diffusion image generator or an LLM chatbot as a service. They run Coordinator Nodes, which are responsible for managing their service: accepting user requests, splitting them into tasks, and assigning those tasks to miners. Coordinators stake the native token ($CAI) to join the network and gain the right to utilize miners. They essentially act as layer-2 orchestrators that interface between users and the GPU providers.
  • GPU/CPU Miners (Task Nodes) – these are the resource providers. Miners run the Cuckoo task client and contribute their hardware to perform inference tasks for the AI apps. For instance, a miner might be assigned an image generation request (with a given model and prompt) by a coordinator and use their GPU to compute the result. Miners also must stake $CAI to ensure commitment and good behavior. They earn token rewards for each task they complete correctly.
  • End Users – the consumers of the AI applications. They interact via Cuckoo’s web portal or APIs (for example, generating art via CooVerse or chatting with AI personalities). Users can either pay with crypto for each use or possibly contribute their own computing (or stake) to offset usage costs. An important aspect is censorship resistance: if one coordinator (service provider) is blocked or goes down, users can switch to another serving the same application, since multiple coordinators could host similar models in the decentralized network.
  • Stakers (Delegators) – community members who do not run AI services or mining hardware can still participate by staking $CAI on those who do. By voting with their stake on trusted coordinators or miners, they help signal reputation and in return earn a share of network rewards. This design builds a Web3 reputation layer: good actors attract more stake (and thus trust and rewards), while bad actors lose stake and reputation. Even end users can stake in some cases, aligning them with the network’s success.

The Cuckoo chain (now in the process of transitioning from a standalone chain to a shared-security rollup) tracks all these interactions. When a user invokes an AI service, the coordinator node creates on-chain task assignments for miners. The miners execute the tasks off-chain and return results to the coordinator, which validates them (e.g., checking that the output image or text is not gibberish) and delivers the final result to the user. The blockchain handles payment settlement: for each task, the coordinator’s smart contract pays the miner in $CAI (often aggregating micropayments into daily payouts). Cuckoo emphasizes trustlessness and transparency – all participants stake tokens and all task assignments and completions are recorded, so cheating is discouraged by the threat of losing stake and by public visibility of performance. The network’s modular design means new AI models or use-cases can be added easily: while it started with text-to-image generation as a proof of concept, its architecture is general enough to support other AI workloads (e.g. language model inference, audio transcription, etc.).

A notable aspect of Cuckoo’s architecture is that it initially launched its own Layer-1 blockchain to maximize throughput for AI transactions (peaking at 300k daily transactions during testing). This allowed custom optimizations for AI task scheduling. However, the team found maintaining a standalone L1 costly and complex, and as of mid-2025 they decided to sunset the custom chain and migrate to a rollup/AVS (Active Validated Service) model on Ethereum. This means Cuckoo will inherit security from Ethereum or an L2 like Arbitrum, rather than running its own consensus, but will continue to operate its decentralized AI marketplace on that shared security layer. The change is intended to improve economic security (leveraging Ethereum’s robustness) and let the Cuckoo team focus on product rather than low-level chain maintenance. In summary, Cuckoo’s architecture creates a decentralized AI-serving platform where anyone can plug in hardware or deploy an AI model service, and users globally can access AI apps with lower cost and less reliance on Big Tech infrastructure.

Asset Tokenization Mechanisms

A common theme of these networks is converting compute, models, and data into on-chain assets or economic units that can be traded or monetized. However, each project focuses on tokenizing these resources in different ways:

  • Computing Power: All three platforms turn compute work into reward tokens. In Bittensor, useful computation (inference or training done by a miner) is quantified via validator scores and rewarded with TAO tokens each block. Essentially, Bittensor “measures” intelligence contributed and mints TAO as a commodity representing that contribution. Gensyn explicitly treats compute as a commodity – its protocol creates a marketplace where GPU time is the product, and the price is set by supply-demand in token terms. Developers buy compute using the token, and providers earn tokens by selling their hardware cycles. The Gensyn team notes that any digital resource (compute, data, algorithms) can be represented and traded in a similar trustless market. Cuckoo tokenizes compute via an ERC-20 token $CAI issued as payment for completed tasks. GPU providers essentially “mine” CAI by doing AI inference work. Cuckoo’s system creates on-chain records of tasks, so one can think of each completed GPU task as an atomic unit of work that is paid for in tokens. The premise across all three is that otherwise idle or inaccessible compute power becomes a tokenized, liquid asset – either through protocol-level token emissions (as in Bittensor and early Cuckoo) or through an open market of buy/sell orders for compute jobs (as in Gensyn).

  • AI Models: Representing AI models as on-chain assets (e.g. NFTs or tokens) is still nascent. Bittensor does not tokenize the models themselves – the models remain off-chain in the miners’ ownership. Instead, Bittensor indirectly puts a value on models by rewarding the ones that perform well. In effect, a model’s “intelligence” is turned into TAO earnings, but there isn’t an NFT that represents the model weights or permits others to use the model. Gensyn’s focus is on compute transactions, not explicitly on creating tokens for models. A model in Gensyn is typically provided by a developer off-chain (perhaps open-source or proprietary), trained by solvers, and returned – there is no built-in mechanism to create a token that owns the model or its IP. (That said, the Gensyn marketplace could potentially facilitate trading model artifacts or checkpoints if parties choose, but the protocol itself views models as the content of computation rather than a tokenized asset.) Cuckoo sits somewhere in between: it speaks of “AI agents” and models integrated into the network, but currently there isn’t a non-fungible token representing each model. Instead, a model is deployed by an app builder and then served via the network. The usage rights to that model are implicitly tokenized in that the model can earn $CAI when it’s used (via the coordinator who deploys it). All three platforms acknowledge the concept of model tokenization – for example, giving communities ownership of models via tokens – but practical implementations are limited. As an industry, tokenizing AI models (e.g. as NFTs with ownership rights and profit share) is still being explored. Bittensor’s approach of models exchanging value with each other is a form of “model marketplace” without explicit token per model. The Cuckoo team notes that decentralized model ownership is promising to lower barriers vs. centralized AI, but it requires effective methods to verify model outputs and usage on-chain. In summary, compute power is immediately tokenized (it’s straightforward to pay tokens for work done), whereas models are indirectly or aspirationally tokenized (rewarded for their outputs, possibly represented by stake or reputation, but not yet treated as transferable NFTs on these platforms).

  • Data: Data tokenization remains the hardest. None of Bittensor, Gensyn, or Cuckoo have fully generalized on-chain data marketplaces integrated (where datasets are traded with enforceable usage rights). Bittensor nodes might train on various datasets, but those datasets are not part of the on-chain system. Gensyn could allow a developer to provide a dataset for training, but the protocol does not tokenize that data – it’s simply provided off-chain for the solver to use. Cuckoo similarly doesn’t tokenize user data; it primarily handles data (like user prompts or outputs) in a transient way for inference tasks. The Cuckoo blog explicitly states that “decentralized data remains challenging to tokenize” despite being a critical resource. Data is sensitive (privacy and ownership issues) and hard to handle with current blockchain tech. So, while compute is being commoditized and models are beginning to be, data largely stays off-chain except for special cases (some projects outside these three are experimenting with data unions and token rewards for data contributions, but that’s outside our current scope). In summary, compute power is now an on-chain commodity in these networks, models are valued through tokens but not individually tokenized as assets yet, and data tokenization is still an open problem (beyond acknowledging its importance).

Governance and Incentives

A robust governance and incentive design is crucial for these decentralized AI networks to function autonomously and fairly. Here we examine how each platform governs itself (who makes decisions, how upgrades or parameter changes occur) and how they align participant incentives through token economics.

  • Bittensor Governance: In its early stages, Bittensor’s development and subnet parameters were largely controlled by the core team and a set of 64 “root” validators on the main subnet. This was a point of centralization – a few powerful validators had outsized influence on reward allocations, leading to what some called an “oligarchic voting system”. To address this, Bittensor introduced dTAO (decentralized TAO) governance in 2025. The dTAO system shifted resource allocation to be market-driven and community-controlled. Concretely, TAO holders can stake their tokens into subnet-specific liquidity pools (essentially, they “vote” on which subnets should get more network emission) and receive alpha tokens that represent ownership in those subnet pools. Subnets that attract more stake will have a higher alpha token price and get a larger share of the daily TAO emission, whereas unpopular or underperforming subnets will see capital (and thus emissions) flow away. This creates a feedback loop: if a subnet produces valuable AI services, more people stake TAO to it (seeking rewards), which gives that subnet more TAO to reward its participants, fostering growth. If a subnet stagnates, stakers withdraw to more lucrative subnets. In effect, TAO holders collectively govern the network’s focus by financially signaling which AI domains deserve more resources. This is a form of on-chain governance by token-weight, aligned to economic outcomes. Aside from resource allocation, major protocol upgrades or parameter changes likely still go through governance proposals where TAO holders vote (Bittensor has a mechanism for on-chain proposals and referenda managed by the Bittensor Foundation and an elected council, similar to Polkadot’s governance). Over time, one can expect Bittensor’s governance to become increasingly decentralized, with the foundation stepping back as the community (via TAO stake) steers things like inflation rate, new subnet approval, etc. The transition to dTAO is a big step in that direction, replacing centralized decision-makers with an incentive-aligned market of token stakeholders.

  • Bittensor Incentives: Bittensor’s incentive structure is tightly woven into its consensus. Every block (12 seconds), exactly 1 TAO is newly minted and split among the contributors of each subnet based on performance. The default split for each subnet’s block reward is 41% to miners, 41% to validators, and 18% to the subnet owner. This ensures all roles are rewarded: miners earn for doing inference work, validators earn for their evaluation effort, and subnet owners (who may have bootstrapped the data/task for that subnet) earn a residual for providing the “marketplace” or task design. Those percentages are fixed in protocol and aim to align everyone’s incentives toward high-quality AI output. The Yuma consensus mechanism further refines incentives by weighting rewards according to quality scores – a miner that provides better answers (as per validator consensus) gets a higher portion of that 41%, and a validator that closely follows honest consensus gets more of the validator portion. Poor performers get pruned out economically. Additionally, delegators (stakers) who back a miner or validator will typically receive a share of that node’s earnings (nodes often set a commission and give the rest to their delegators, similar to staking in PoS networks). This allows passive TAO holders to support the best contributors and earn yield, further reinforcing meritocracy. Bittensor’s token (TAO) is thus a utility token: it’s required for registration of new miners (miners must spend a small amount of TAO to join, which fights sybil spam) and can be staked to increase influence or earn via delegation. It is also envisioned as a payment token if external users want to consume services from Bittensor’s network (for instance, paying TAO to query a language model on Bittensor), though the internal reward mechanism has been the primary “economy” so far. The overall incentive philosophy is to reward “valuable intelligence” – i.e. models that help produce good AI outcomes – and to create a competition that continually improves the quality of models in the network.

  • Gensyn Governance: Gensyn’s governance model is structured to evolve from core-team control to community control as the network matures. Initially, Gensyn will have a Gensyn Foundation and an elected council that oversee protocol upgrades and treasury decisions. This council is expected to be composed of core team members and early community leaders at first. Gensyn plans a Token Generation Event (TGE) for its native token (often referred to as GENS), after which governance power would increasingly be in the hands of token holders via on-chain voting. The foundation’s role is to represent the protocol’s interests and ensure a smooth transition to full decentralization. In practice, Gensyn will likely have on-chain proposal mechanisms where changes to parameters (e.g., verification game length, fee rates) or upgrades are voted on by the community. Because Gensyn is being implemented as an Ethereum rollup, governance might also tie into Ethereum’s security (for example, using upgrade keys for the rollup contract that eventually turn over to a DAO of token holders). The decentralization and governance section of the Gensyn litepaper emphasizes that the protocol must ultimately be globally owned, aligning with the ethos that the “network for machine intelligence” should belong to its users and contributors. In summary, Gensyn’s governance starts semi-centralized but is architected to become a DAO where GENS token holders (potentially weighted by stake or participation) make decisions collectively.

  • Gensyn Incentives: The economic incentives in Gensyn are straightforward market dynamics supplemented by crypto-economic security. Developers (clients) pay for ML tasks in the Gensyn token, and Solvers earn tokens by completing those tasks correctly. The price for compute cycles is determined by an open market – presumably, developers can put tasks up with a bounty and solvers may bid or simply take it if the price meets their expectation. This ensures that as long as there is supply of idle GPUs, competition will drive the cost down to a fair rate (Gensyn’s team projects up to 80% cost reduction compared to cloud prices, as the network finds the cheapest available hardware globally). On the flip side, solvers have the incentive of earning tokens for work; their hardware that might otherwise sit idle now generates revenue. To ensure quality, Gensyn requires solvers to stake collateral when they take on a job – if they cheat or produce an incorrect result and are caught, they lose that stake (it can be slashed and awarded to the honest verifier). Verifiers are incentivized by the chance to earn a “jackpot” reward if they catch a fraudulent solver, similar to Truebit’s design of periodically rewarding verifiers who successfully identify incorrect computation. This keeps solvers honest and motivates some nodes to act as watchmen. In an optimal scenario (no cheating), solvers simply earn the task fee and the verifier role is mostly idle (or one of the participating solvers might double as a verifier on others). Gensyn’s token thus serves as both gas currency for purchasing compute and as stake collateral that secures the protocol. The litepaper mentions a testnet with non-permanent tokens and that early testnet participants will be rewarded at the TGE with real tokens. This indicates Gensyn allocated some token supply for bootstrapping – rewarding early adopters, test solvers, and community members. In the long run, fees from real jobs should sustain the network. There may also be a small protocol fee (a percentage of each task payment) that goes into a treasury or is burned; this detail isn’t confirmed yet, but many marketplace protocols include a fee to fund development or token buy-and-burn. In summary, Gensyn’s incentives align around honest completion of ML jobs: do the work, get paid; try to cheat, lose stake; verify others, earn if you catch cheats. This creates a self-policing economic system aimed at achieving reliable distributed computation.

  • Cuckoo Governance: Cuckoo Network built governance into its ecosystem from day one, though it is still in a developing phase. The $CAI token is explicitly a governance token in addition to its utility roles. Cuckoo’s philosophy is that GPU node operators, app developers, and even end users should have a say in the network’s evolution – reflecting its community-driven vision. In practice, important decisions (like protocol upgrades or economic changes) would be decided by token-weighted votes, presumably through a DAO mechanism. For example, Cuckoo could hold on-chain votes for changing the reward distribution or adopting a new feature, and $CAI holders (including miners, devs, and users) would vote. Already, on-chain voting is used as a reputation system: Cuckoo requires each role to stake tokens, and then community members can vote (perhaps by delegating stake or through governance modules) on which coordinators or miners are trustworthy. This affects reputation scores and could influence task scheduling (e.g., a coordinator with more votes might attract more users, or a miner with more votes might get assigned more tasks). It’s a blend of governance and incentive – using governance tokens to establish trust. The Cuckoo Foundation or core team has guided the project’s direction so far (for example, making the recent call to sunset the L1 chain), but their blog indicates a commitment to move towards decentralized ownership. They identified that running their own chain incurred high overhead and that pivoting to a rollup will allow more open development and integration with existing ecosystems. It’s likely that once on a shared layer (like Ethereum), Cuckoo will implement a more traditional DAO for upgrades, with the community voting using CAI.

  • Cuckoo Incentives: The incentive design for Cuckoo has two phases: the initial bootstrapping phase with fixed token allocations, and a future state with usage-driven revenue sharing. On launch, Cuckoo conducted a “fair launch” distribution of 1 billion CAI tokens. 51% of the supply was set aside for the community, allocated as:

    • Mining Rewards: 30% of total supply reserved to pay GPU miners for performing AI tasks.
    • Staking Rewards: 11% of supply for those who stake and help secure the network.
    • Airdrops: 5% to early users and community members as an adoption incentive.
    • (Another 5% was for developer grants to encourage building on Cuckoo.)

    This large allocation means that in the early network, miners and stakers were rewarded from an emission pool, even if actual user demand was low. Indeed, Cuckoo’s initial phase featured high APY yields for staking and mining, which successfully attracted participants but also “yield farmers” who were only there for tokens. The team noted that many users left once the reward rates fell, indicating those incentives were not tied to genuine usage. Having learned from this, Cuckoo is shifting to a model where rewards correlate directly with real AI workload. In the future (and partially already), when an end user pays for an AI inference, that payment (in CAI or possibly another accepted token converted to CAI) will be split among the contributors:

    • GPU miners will receive the majority share for the compute they provided.
    • Coordinator (app developer) will take a portion as the service provider who supplied the model and handled the request.
    • Stakers who have delegated to those miners or coordinators might get a small cut or inflationary reward, to continue incentivizing the backing of reliable nodes.
    • Network/Treasury might retain a fee for ongoing development or to fund future incentives (or the fee could be zero/nominal to maximize user affordability).

    Essentially, Cuckoo is moving toward a revenue-sharing model: if an AI app on Cuckoo generates earnings, those earnings are distributed to all contributors of that service in a fair way. This aligns incentives so that participants benefit from actual usage rather than just inflation. Already, the network required all parties to stake CAI – this means miners and coordinators earn not just a flat reward but also possibly stake-based rewards (for example, a coordinator might earn higher rewards if many users stake on them or if they themselves stake more, similar to how proof-of-stake validators earn). In terms of user incentives, Cuckoo also introduced things like an airdrop portal and faucets (which some users gamed) to seed initial activity. Going forward, users might be incentivized via token rebates for using the services or via governance rewards for participating in curation (e.g., maybe earning small tokens for rating outputs or contributing data). The bottom line is that Cuckoo’s token ($CAI) is multi-purpose: it is the gas/fee token on the chain (all transactions and payments use it), it’s used for staking and voting, and it’s the unit of reward for work done. Cuckoo explicitly mentions it wants to tie token rewards to service-level KPIs (key performance indicators) – for example, uptime, query throughput, user satisfaction – to avoid purely speculative incentives. This reflects a maturing of the token economy from simple liquidity mining to a more sustainable, utility-driven model.

Model Ownership and IP Attribution

Handling intellectual property (IP) and ownership rights of AI models is a complex aspect of decentralized AI networks. Each platform has taken a slightly different stance, and generally this is an evolving area with no complete solution yet:

  • Bittensor: Models in Bittensor are provided by the miner nodes, and those miners retain full control over their model weights (which are never published on-chain). Bittensor doesn’t explicitly track who “owns” a model beyond the fact that it’s running at a certain wallet address. If a miner leaves, their model leaves with them. Thus, IP attribution in Bittensor is off-chain: if a miner uses a proprietary model, there is nothing on-chain that enforces or even knows that. Bittensor’s philosophy encourages open contributions (many miners might use open-source models like GPT-J or others) and the network rewards the performance of those models. One could say Bittensor creates a reputation score for models (via the validator rankings), and that is a form of acknowledging the model’s value, but the rights to the model itself are not tokenized or distributed. Notably, subnet owners in Bittensor could be seen as owning a piece of IP: they define a task (which might include a dataset or method). The subnet owner mints an NFT (called a subnet UID) when creating a subnet, and that NFT entitles them to 18% of rewards in that subnet. This effectively tokenizes the creation of a model marketplace (the subnet), if not the model instances. If one considers the subnet’s definition (say a speech recognition task with a particular dataset) as IP, that is at least recorded and rewarded. But individual model weights that miners train – there’s no on-chain ownership record of those. Attribution comes in the form of rewards paid to that miner’s address. Bittensor does not currently implement a system where, for example, multiple people could jointly own a model and get automatic revenue share – the person running the model (miner) gets the reward and it’s up to them off-chain to honor any IP licenses of the model they used.

  • Gensyn: In Gensyn, model ownership is straightforward in that the submitter (the one who wants a model trained) provides the model architecture and data, and after training, they receive the resulting model artifact. The solvers performing the work do not have rights over the model; they are like contractors getting paid for service. Gensyn’s protocol thus assumes the traditional IP model: if you had legal rights to the model and data you submitted, you still have them after it’s trained – the compute network doesn’t claim any ownership. Gensyn does mention that the marketplace could also trade algorithms and data like any other resource. This hints at a scenario where someone could offer a model or algorithm for use in the network, possibly for a fee, thus tokenizing access to that model. For example, a model creator might put their pre-trained model on Gensyn and allow others to fine-tune it via the network for a fee (this would effectively monetize the model IP). While the protocol doesn’t enforce license terms, one could encode payment requirements: a smart contract could require a fee to unlock the model weights to a solver. However, these are speculative use cases – Gensyn’s primary design is about enabling training jobs. As for attribution, if multiple parties contribute to a model (say one provides data, another provides compute), that would likely be handled by whatever contract or agreement they set up before using Gensyn (e.g., a smart contract could split the payment among data provider and compute provider). Gensyn itself doesn’t track “this model was built by X, Y, Z” on-chain beyond the record of which addresses were paid for the job. Summarily, model IP in Gensyn remains with the submitter, and any attribution or licensing must be handled through the legal agreements outside the protocol or through custom smart contracts built on top of it.

  • Cuckoo: In Cuckoo’s ecosystem, model creators (AI app builders) are first-class participants – they deploy the AI service. If an app builder fine-tunes a language model or develops a custom model and hosts it on Cuckoo, that model is essentially their property and they act as the service owner. Cuckoo doesn’t seize any ownership; instead, it provides the infrastructure for them to monetize usage. For instance, if a developer deploys a chatbot AI, users can interact with it and the developer (plus miners) earn CAI from each interaction. The platform thus attributes usage revenue to the model creator but does not explicitly publish the model weights or turn them into an NFT. In fact, to run the model on miners’ GPUs, the coordinator node likely has to send the model (or runtime) to the miner in some form. This raises IP questions: could a malicious miner copy the model weights and distribute them? In a decentralized network, that risk exists if proprietary models are used. Cuckoo’s current focus has been on fairly open models (Stable Diffusion, LLaMA-derived models, etc.) and on building a community, so we haven’t yet seen an enforcement of IP rights via smart contracts. The platform could potentially integrate tools like encrypted model execution or secure enclaves in the future for IP protection, but nothing specific is mentioned in documentation. What it does track is who provided the model service for each task – since the coordinator is an on-chain identity, all usage of their model is accounted to them, and they automatically get their share of rewards. If one were to hand off or sell a model to someone else, effectively they’d transfer control of the coordinator node (perhaps even just give them the private key or NFT if the coordinator role was tokenized). At present, community ownership of models (via token shares) isn’t implemented, but Cuckoo’s vision hints at decentralized community-driven AI, so they may explore letting people collectively fund or govern an AI model. The tokenization of models beyond individual ownership is still an open area across these networks – it’s recognized as a goal (to let communities own AI models rather than corporations), but practically it requires solutions for the above IP and verification challenges.

In summary, model ownership in Bittensor, Gensyn, and Cuckoo is handled off-chain by traditional means: the person or entity running or submitting the model is effectively the owner. The networks provide attribution in the form of economic rewards (paying the model’s contributor for their IP or effort). None of the three has a built-in license or royalty enforcement on model usage at the smart contract level yet. The attribution comes through reputation and reward: e.g., Bittensor’s best models gain high reputation scores (which is public record) and more TAO, which is an implicit credit to their creators. Over time, we may see features like NFT-bound model weights or decentralized licenses to better track IP, but currently the priority has been on making the networks function and incentivize contributions. All agree that verifying model provenance and outputs is key to enabling true model asset markets, and research is ongoing in this direction.

Revenue Sharing Structures

All three platforms must decide how to divide the economic pie when multiple parties collaborate to produce a valuable AI output. Who gets paid, and how much, when an AI service is used or when tokens are emitted? Each has a distinct revenue sharing model:

  • Bittensor: As mentioned under incentives, Bittensor’s revenue distribution is protocol-defined at the block level: 41% to miners, 41% to validators, 18% to subnet owner for each block’s TAO issuance. This is effectively built-in revenue split for the value generated in each subnet. The subnet owner’s share (18%) acts like a royalty for the “model/task design” or for bootstrapping that subnet’s ecosystem. Miners and validators getting equal shares ensures that without validation, miners don’t get rewarded (and vice versa) – they are symbiotic and each gets an equal portion of the rewards minted. If we consider an external user paying TAO to query a model, the Bittensor whitepaper envisions that payment also being split similarly between the miner who answers and validators who helped vet the answer (the exact split could be determined by the protocol or market forces). Additionally, delegators who stake on miners/validators are effectively partners – typically, a miner/validator will share a percentage of their earned TAO with their delegators (this is configurable, but often majority to delegators). So, if a miner earned 1 TAO from a block, that might be divided 80/20 between their delegators and themselves, for example, based on stake. This means even non-operators get a share of the network’s revenue proportional to their support. With the introduction of dTAO, another layer of sharing was added: those who stake into a subnet’s pool get alpha tokens, which entitle them to some of that subnet’s emissions (like yield farming). In effect, anyone can take a stake in a particular subnet’s success and receive a fraction of miner/validator rewards via holding alpha tokens (alpha tokens appreciate as the subnet attracts more usage and emissions). To sum up, Bittensor’s revenue sharing is fixed by code for the main roles, and further shared by social/staking arrangements. It’s a relatively transparent, rule-based split – every block, participants know exactly how the 1 TAO is allocated, and thus know their “earnings” per contribution. This clarity is one reason Bittensor is sometimes likened to Bitcoin for AI – a deterministic monetary issuance where participants’ reward is mathematically set.

  • Gensyn: Revenue sharing in Gensyn is more dynamic and market-driven, since tasks are individually priced. When a submitter creates a job, they attach a reward (say X tokens) they are willing to pay. A solver who completes the job gets that X (minus any network fee). If a verifier is involved, typically there is a rule such as: if no fraud detected, the solver keeps full payment; if fraud is detected, the solver is slashed – losing some or all of their stake – and that slashed amount is given to the verifier as a reward. So verifiers don’t earn from every task, only when they catch a bad result (plus possibly a small baseline fee for participating, depending on implementation). There isn’t a built-in concept of paying a model owner here because the assumption is the submitter either is the model owner or has rights to use the model. One could imagine a scenario where a submitter is fine-tuning someone else’s pretrained model and a portion of the payment goes to the original model creator – but that would have to be handled off-protocol (e.g., by an agreement or a separate smart contract that splits the token payment accordingly). Gensyn’s protocol-level sharing is essentially client -> solver (-> verifier). The token model likely includes some allocation for the protocol treasury or foundation; for instance, a small percentage of every task’s payment might go to a treasury which could be used to fund development or insurance pools (this is not explicitly stated in available docs, but many protocols do it). Also, early on, Gensyn may subsidize solvers via inflation: testnet users are promised rewards at TGE, which is effectively revenue share from the initial token distribution (early solvers and supporters get a chunk of tokens for helping bootstrap, akin to an airdrop or mining reward). Over time, as real jobs dominate, inflationary rewards would taper, and solver income would mainly come from user payments. Gensyn’s approach can be summarized as a fee-for-service revenue model: the network facilitates a direct payment from those who need work done to those who do the work, with verifiers and possibly token stakers taking cuts only when they play a role in securing that service.

  • Cuckoo: Cuckoo’s revenue sharing has evolved. Initially, because there weren’t many paying end-users, revenue sharing was essentially inflation sharing: the 30% mining and 11% staking allocations from the token supply meant that miners and stakers were sharing the tokens issued by the network’s fair launch pool. In practice, Cuckoo ran things like daily CAI payouts to miners proportional to tasks completed. Those payouts largely came from the mining reward allocation (which is part of the fixed supply reserved). This is similar to how many Layer-1 blockchains distribute block rewards to miners/validators – it wasn’t tied to actual usage by external users, it was more to incentivize participation and growth. However, as highlighted in their July 2025 blog, this led to usage that was incentivized by token farming rather than real demand. The next stage for Cuckoo is a true revenue-sharing model based on service fees. In this model, when an end user uses, say, the image generation service and pays $1 (in crypto terms), that $1 worth of tokens would be split perhaps like: 0.70 to the miner who did the GPU work, 0.20 to the app developer (coordinator) who provided the model and interface, and 0.10 to stakers or the network treasury. (Note: the exact ratios are hypothetical; Cuckoo has not publicly specified them yet, but this illustrates the concept.) This way, all contributors to delivering the service get a cut of the revenue. This is analogous to, for example, a ride-sharing economy but for AI: the vehicle (GPU miner) gets a majority, the driver or platform (coordinator who built the model service) gets a cut, and maybe the platform’s governance/stakers get a small fee. Cuckoo’s mention of “revenue-share models and token rewards tied directly to usage metrics” suggests that if a particular service or node handles a lot of volume, its operators and supporters will earn more. They are moving away from flat yields for just locking tokens (which was the case with their staking APY initially). In concrete terms: if you stake on a coordinator that ends up powering a very popular AI app, you could earn a portion of that app’s fees – a true staking-as-investing-in-utility scenario, rather than staking just for inflation. This aligns everyone’s incentives toward attracting real users who pay for AI services, which in turn feeds value back to token holders. It’s worth noting Cuckoo’s chain also had fees for transactions (gas), so miners who produced blocks (initially GPU miners also contributed to block production on the Cuckoo chain) got gas fees too. With the chain shut down and migration to a rollup, gas fees will likely be minimal (or on Ethereum), so the main revenue becomes the AI service fees themselves. In summary, Cuckoo is transitioning from a subsidy-driven model (network pays participants from its token pool) to a demand-driven model (participants earn from actual user payments). The token will still play a role in staking and governance, but the day-to-day earnings of miners and app devs should increasingly come from users buying AI services. This model is more sustainable long-term and closely mirrors Web2 SaaS revenue sharing, but implemented via smart contracts and tokens for transparency.

Attack Surfaces and Vulnerabilities

Decentralizing AI introduces several incentive and security challenges. We now analyze key attack vectors – sybil attacks, collusion, freeloading, and data/model poisoning – and how each platform mitigates or remains vulnerable to them:

  • Sybil Attacks (fake identities): In an open network, an attacker might create many identities (nodes) to gain disproportionate rewards or influence.

    • Bittensor: Sybil resistance is provided primarily by cost to entry. To register a new miner or validator on Bittensor, one must spend or stake TAO – this could be a burn or a bonding requirement. This means creating N fake nodes incurs N times the cost, making large sybil swarms expensive. Additionally, Bittensor’s consensus ties influence to stake and performance; a sybil with no stake or poor performance earns little. An attacker would have to invest heavily and also have their sybil nodes actually contribute useful work to get any significant reward (which is not a typical sybil strategy). That said, if an attacker does have a lot of capital, they could acquire a majority of TAO and register many validators or miners – effectively a sybil by wealth. This overlaps with the 51% attack scenario: if a single entity controls >50% of staked TAO in a subnet, they can heavily sway consensus. Bittensor’s dTAO introduction helps a bit here: it spreads out influence across subnets and requires community staking support for subnets to thrive, making it harder for one entity to control everything. Still, sybil attacks by a well-funded adversary remain a concern – the Arxiv analysis explicitly notes that stake is quite concentrated now, so the barrier to a majority attack isn’t as high as desired. To mitigate this, proposals like stake caps per wallet (e.g. capping effective stake at the 88th percentile to prevent one wallet dominating) have been suggested. In summary, Bittensor relies on stake-weighted identity (you can’t cheaply spawn identities without proportional stake) to handle sybils; it’s reasonably effective except under a very resourceful attacker.
    • Gensyn: Sybil attacks in Gensyn would manifest as an attacker spinning up many solver or verifier nodes to game the system. Gensyn’s defense is purely economic and cryptographic – identities per se don’t matter, but doing work or posting collateral does. If an attacker creates 100 fake solver nodes but they have no jobs or no stake, they achieve nothing. To win tasks, a sybil node would have to bid competitively and have the hardware to do the work. If they underbid without capacity, they’ll fail and lose stake. Similarly, an attacker could create many verifier identities hoping to be chosen to verify (if the protocol randomly selects verifiers). But if there are too many, the network or job poster might limit the number of active verifiers. Also, verifiers need to potentially perform the computation to check it, which is costly; having many fake verifiers doesn’t help unless you can actually verify results. A more pertinent sybil angle in Gensyn is if an attacker tries to fill the network with bogus jobs or responses to waste others’ time. That is mitigated by requiring deposit from submitters too (a malicious submitter posting fake jobs loses their payment or deposit). Overall, Gensyn’s use of required stakes/bonds and random selection for verification means an attacker gains little by having multiple identities unless they also bring proportional resources. It becomes a costlier attack rather than a cheap one. The optimistic security model assumes at least one honest verifier – sybils would have to overwhelm and be all the verifiers to consistently cheat, which again circles back to owning a majority of stake or computing power. Gensyn’s sybil resistance is thus comparable to an optimistic rollup’s: as long as there’s one honest actor, sybils can’t cause systemic harm easily.
    • Cuckoo: Sybil attack prevention in Cuckoo relies on staking and community vetting. Every role in Cuckoo (miner, coordinator, even user in some cases) requires staking $CAI. This immediately raises the cost of sybil identities – an attacker making 100 dummy miners would need to acquire and lock stake for each. Moreover, Cuckoo’s design has a human/community element: new nodes need to earn reputation via on-chain voting. A sybil army of fresh nodes with no reputation is unlikely to be assigned many tasks or trusted by users. Coordinators in particular have to attract users; a fake coordinator with no track record wouldn’t get usage. For miners, coordinators can see their performance stats (successful tasks, etc.) on Cuckoo Scan and will prefer reliable miners. Cuckoo also had relatively small number of miners (40 GPUs at one point in beta), so any odd influx of many nodes would be noticeable. The potential weak point is if the attacker also farms the reputation system – e.g., they stake a lot of CAI on their sybil nodes to make them look reputable or create fake “user” accounts to upvote themselves. This is theoretically possible, but since it’s all token-curated, it costs tokens to do so (you’d be essentially voting with your own stake on your own nodes). The Cuckoo team can also adjust the staking and reward parameters if sybil behavior is observed (especially now that it’s becoming a more centralized rollup service; they can pause or slash bad actors). All told, sybils are kept at bay by requiring skin in the game (stake) and needing community approval. No one can just waltz in with hundreds of fake GPUs and reap rewards without significant investment that honest participants could better spend on real hardware and stake.

  • Collusion: Here we consider multiple participants colluding to game the system – for example, validators and miners colluding in Bittensor, or solvers and verifiers colluding in Gensyn, etc.

    • Bittensor: Collusion has been identified as a real concern. In the original design, a handful of validators could collude to always upvote certain miners or themselves, skewing reward distribution unfairly (this was observed as power concentration in the root subnet). The Yuma consensus provides some defense: by taking a median of validator scores and penalizing those that deviate, it prevents a small colluding group from dramatically boosting a target unless they are the majority. In other words, if 3 out of 10 validators collude to give a miner a super high score but the other 7 do not, the colluders’ outlier scores get clipped and the miner’s reward is based on the median score (so collusion fails to significantly help). However, if the colluders form >50% of the validators (or >50% of stake among validators), they effectively are the consensus – they can agree on false high scores and the median will reflect their view. This is the classic 51% attack scenario. Unfortunately, the Arxiv study found some Bittensor subnets where a coalition of just 1–2% of participants (in terms of count) controlled a majority of stake, due to heavy token concentration. This means collusion by a few big holders was a credible threat. The mitigation Bittensor is pursuing via dTAO is to democratize influence: by letting any TAO holder direct stake to subnets, it dilutes the power of closed validator groups. Also, proposals like concave staking (diminishing returns for outsized stake) and stake caps are aimed at breaking the ability of one colluding entity to gather too much voting power. Bittensor’s security assumption now is similar to proof-of-stake: no single entity (or cartel) controlling >50% of active stake. As long as that holds, collusion is limited because honest validators will override bad scoring and colluding subnet owners can’t arbitrarily boost their own rewards. Finally, on collusion between subnet owners and validators (e.g., a subnet owner bribing validators to rate their subnet’s miners highly), dTAO removes direct validator control, replacing it with token-holder decisions. It’s harder to collude with “the market” unless you buy out the token supply – in which case it’s not really collusion, it’s takeover. So Bittensor’s main anti-collusion technique is algorithmic consensus (median clipping) and broad token distribution.

    • Gensyn: Collusion in Gensyn would likely involve a solver and verifier (or multiple verifiers) colluding to cheat the system. For instance, a solver could produce a fake result and a colluding verifier could intentionally not challenge it (or even attest it’s correct if protocol asked verifiers to sign off). To mitigate this, Gensyn’s security model requires at least one honest verifier. If all verifiers are colluding with the solver, then a bad result goes unchallenged. Gensyn addresses this by encouraging many independent verifiers (anyone can verify) and by the game theory that a verifier could earn a large reward by breaking from the collusion and challenging (because they’d get the solver’s stake). Essentially, even if there’s a group agreeing to collude, each member has an incentive to defect and claim the bounty for themselves – this is a classic Prisoner’s Dilemma setup. The hope is that keeps collusion groups small or ineffective. Another potential collusion is between multiple solvers to bid up prices or monopolize tasks. However, since developers can choose where to post tasks (and tasks are not identical units that can be monopolized easily), solver collusion in price would be hard to coordinate globally – any non-colluding solver could underbid to win the work. The open market dynamic counters pricing collusion, assuming at least some competitive participants. One more angle: verifier collusion to grief solvers – e.g., verifiers falsely accusing honest solvers to steal their stake. Gensyn’s fraud proof is binary and on-chain; a false accusation would fail when the on-chain re-computation finds no error, and presumably the malicious verifier would then lose something (perhaps a deposit or reputation). So a collusion of verifiers trying to sabotage solvers would be caught by the protocol’s verification process. In summary, Gensyn’s architecture is robust as long as at least one party in any colluding set has an incentive to be honest – a property of optimistic verification similar to requiring one honest miner in Bitcoin to eventually expose a fraud. Collusion is theoretically possible if an attacker could control all verifiers and solvers in a task (like a majority of the network), but then they could just cheat without needing collusion per se. The cryptoeconomic incentives are arranged to make sustaining collusion irrational.

    • Cuckoo: Collusion in Cuckoo could happen in a few ways:

      1. A coordinator colluding with miners – for example, a coordinator could always assign tasks to a set of friendly miners and split rewards, ignoring other honest miners. Since coordinators have discretion in task scheduling, this can happen. However, if the friendly miners are subpar, the end users might notice slow or poor service and leave, so the coordinator is disincentivized from purely favoritism that hurts quality. If the collusion is to manipulate rewards (say, submitting fake tasks to give miners tokens), that would be detected on-chain (lots of tasks with maybe identical inputs or no actual user) and can be penalized. Cuckoo’s on-chain transparency means any unusual patterns could be flagged by the community or the core team. Also, because all participants stake, a colluding coordinator-miner ring stands to lose their stake if caught abusing the system (for instance, if governance decides to slash them for fraud).
      2. Miners colluding among themselves – they might share information or form a cartel to, say, all vote for each other in reputation or all refuse to serve a particular coordinator to extract higher fees. These scenarios are less likely: reputation voting is done by stakers (including users), not by the miners themselves voting for each other. And refusing service would only drive coordinators to find other miners or raise alarms. Given the relatively small scale currently, any collusion would be hard to hide.
      3. Collusion to manipulate governance – large CAI holders could collude to pass proposals in their favor (like setting an exorbitant fee or redirecting the treasury). This is a risk in any token governance. The best mitigation is widely distributing the token (Cuckoo’s fair launch gave 51% to community) and having active community oversight. Also, since Cuckoo pivoted away from L1, immediate on-chain governance might be limited until they resettle on a new chain; the team likely retains a multisig control in the interim, which ironically prevents collusion by malicious outsiders at the expense of being centralized temporarily. Overall, Cuckoo leans on transparency and staking to handle collusion. There is an element of trust in coordinators to behave because they want to attract users in a competitive environment. If collusion leads to poorer service or obvious reward gaming, stakeholders can vote out or stop staking on bad actors, and the network can slash or block them. The fairly open nature (anyone can become a coordinator or miner if they stake) means collusion would require a large coordinated effort that would be evident. It’s not as mathematically prevented as in Bittensor or Gensyn, but the combination of economic stake and community governance provides a check.

  • Freeloading (Free-rider problems): This refers to participants trying to reap rewards without contributing equivalent value – e.g., a validator that doesn’t actually evaluate but still earns, or a miner who copies others’ answers instead of computing, or users farming rewards without providing useful input.

    • Bittensor: A known free-rider issue in Bittensor is “weight copying” by lazy validators. A validator could simply copy the majority opinion (or another validator’s scores) instead of independently evaluating miners. By doing so, they avoid the cost of running AI queries but still get rewards if their submitted scores look consensus-aligned. Bittensor combats this by measuring each validator’s consensus alignment and informational contribution. If a validator always just copies others, they may align well (so they don’t get penalized heavily), but they add no unique value. The protocol developers have discussed giving higher rewards to validators that provide accurate but not purely redundant evaluations. Techniques like noise infusion (deliberately giving validators slightly different queries) could force them to actually work rather than copy – though it’s unclear if that’s implemented. The Arxiv suggests performance-weighted emission and composite scoring methods to better link validator effort to reward. As for miners, one possible free-rider behavior would be if a miner queries other miners and relays the answer (a form of plagiarism). Bittensor’s design (with decentralized queries) might allow a miner’s model to call others via its own dendrite. If a miner just relays another’s answer, a good validator might catch that because the answer might not match the miner’s claimed model capabilities consistently. It’s tricky to detect algorithmically, but a miner that never computes original results should eventually score poorly on some queries and lose reputation. Another free-rider scenario was delegators earning rewards without doing AI work. That is intentional (to involve token holders), so not an attack – but it does mean some token emissions go to people who only staked. Bittensor justifies this as aligning incentives, not wasted rewards. In short, Bittensor acknowledges the validator free-rider issue and is tuning incentives (like giving validator trust scores that boost those who don’t stray or copy). Their solution is essentially rewarding effort and correctness more explicitly, so that doing nothing or blindly copying yields less TAO over time.
    • Gensyn: In Gensyn, free-riders would find it hard to earn, because one must either provide compute or catch someone cheating to get tokens. A solver cannot “fake” work – they have to submit either a valid proof or risk slashing. There is no mechanism to get paid without doing the task. A verifier could theoretically sit idle and hope others catch frauds – but then they earn nothing (because only the one who raises the fraud proof gets the reward). If too many verifiers try to free-ride (not actually re-compute tasks), then a fraudulent solver might slip through because no one is checking. Gensyn’s incentive design addresses this by the jackpot reward: it only takes one active verifier to catch a cheat and get a big payout, so it’s rational for at least one to always do the work. Others not doing work don’t harm the network except by being useless; they also get no reward. So the system naturally filters out free-riders: only those verifiers who actually verify will make profit in the long run (others spend resources on nodes for nothing or very rarely snag a reward by chance). The protocol might also randomize which verifier gets the opportunity to challenge to discourage all verifiers from assuming “someone else will do it.” Since tasks are paid individually, there isn’t an analog of “staking rewards without work” aside from testnet incentives which are temporary. One area to watch is multi-task optimization: a solver might try to re-use work between tasks or secretly outsource it to someone cheaper (like use a centralized cloud) – but that’s not really harmful freeloading; if they deliver correct results on time, it doesn’t matter how they did it. That’s more like arbitrage than an attack. In summary, Gensyn’s mechanism design leaves little room for freeloaders to gain, because every token distributed corresponds to a job done or a cheat punished.
    • Cuckoo: Cuckoo’s initial phase inadvertently created a free-rider issue: the airdrop and high-yield staking attracted users who were only there to farm tokens. These users would cycle tokens through faucets or game the airdrop tasks (for example, continuously using free test prompts or creating many accounts to claim rewards) without contributing to long-term network value. Cuckoo recognized this as a problem – essentially, people were “using” the network not for AI output but for speculative reward gain. The decision to end the L1 chain and refocus was partly to shake off these incentive misalignments. By tying future token rewards to actual usage (i.e., you earn because the service is actually being used by paying customers), the free-rider appeal diminishes. There is also a miner-side freeloading scenario: a miner could join, get assigned tasks, and somehow not perform them but still claim reward. However, the coordinator is verifying results – if a miner returns no output or bad output, the coordinator won’t count it as a completed task, so the miner wouldn’t get paid. Miners might also try to cherry-pick easy tasks and drop hard ones (for instance, if some prompts are slower, a miner might disconnect to avoid them). This could be an issue, but coordinators can note a miner’s reliability. If a miner frequently drops, the coordinator can stop assigning to them or slash their stake (if such a mechanism exists or simply not reward them). User freeloading – since many AI services have free trials, a user could spam requests to get outputs without paying (if there’s a subsidized model). That’s not so much protocol-level as service-level issue; each coordinator can decide how to handle free usage (e.g., requiring a small payment or throttle). Because Cuckoo initially gave out freebies (like free AI image generations to attract users), some took advantage, but that was part of expected growth marketing. As those promotions end, users will have to pay, thus no free lunch to exploit. Overall, Cuckoo’s new strategy to map token distribution to real utility is explicitly aimed at eliminating the free-rider problem of “mining tokens for doing meaningless loops”.

  • Data or Model Poisoning: This refers to maliciously introducing bad data or behaviors such that the AI models degrade or outputs are manipulated, as well as issues of harmful or biased content being contributed.

    • Bittensor: Data poisoning in Bittensor would mean a miner intentionally giving incorrect or harmful answers, or validators purposefully mis-evaluating good answers as bad. If a miner outputs garbage or malicious content consistently, validators will give low scores, and that miner will earn little and eventually drop off – the economic incentive is to provide quality, so “poisoning” others yields no benefit to the attacker (unless their goal is purely sabotage at their own expense). Could a malicious miner poison others? In Bittensor, miners don’t directly train each other (at least not by design – there’s no global model being updated that could be poisoned). Each miner’s model is separate. They do learn in the sense that a miner could take interesting samples from others to fine-tune themselves, but that’s entirely optional and up to each. If a malicious actor spammed nonsense answers, honest validators would filter that out (they’d score it low), so it wouldn’t significantly influence any honest miner’s training process (plus, a miner would likely use high-scoring peers’ knowledge, not low-scoring ones). So classical data poisoning (injecting bad training data to corrupt a model) is minimal in Bittensor’s current setup. The more relevant risk is model response manipulation: e.g., a miner that outputs subtly biased or dangerous content that is not obvious to validators. However, since validators are also human-designed or at least algorithmic agents, blatant toxicity or error is likely caught (some subnets might even have AI validators checking for unsafe content). A worst-case scenario is if an attacker somehow had a majority of validators and miners colluding to push a certain incorrect output as “correct” – they could then bias the network’s consensus on responses (like all colluding validators upvote a malicious answer). But for an external user to be harmed by that, they’d have to actually query the network and trust the output. Bittensor is still in a phase where it’s building capability, not widely used for critical queries by end-users. By the time it is, one hopes it will have content filtering and diversity of validators to mitigate such risks. On the validator side, a malicious validator could feed poisoned evaluations – e.g., consistently downvote a certain honest miner to eliminate competition. With enough stake, they might succeed in pushing that miner out (if the miner’s rewards drop so low they leave). This is an attack on the incentive mechanism. Again, if they are not majority, the median clipping will thwart an outlier validator. If they are majority, it merges with the collusion/51% scenario – any majority can rewrite rules. The solution circles back to decentralization: keep any one entity from dominating. In summary, Bittensor’s design inherently penalizes poisoned data/model contributions via its scoring system – bad contributions get low weight and thus low reward. There isn’t a permanent model repository to poison; everything is dynamic and continuously evaluated. This provides resilience: the network can gradually “forget” or ignore bad actors as their contributions are filtered out by validators.
    • Gensyn: If a solver wanted to poison a model being trained (like introduce a backdoor or bias during training), they could try to do so covertly. The Gensyn protocol would verify that the training proceeded according to the specified algorithm (stochastic gradient descent steps, etc.), but it wouldn’t necessarily detect if the solver introduced a subtle backdoor trigger that doesn’t show up in normal validation metrics. This is a more insidious problem – it’s not a failure of the computation, it’s a manipulation within the allowed degrees of freedom of training (like adjusting weights towards a trigger phrase). Detecting that is an active research problem in ML security. Gensyn doesn’t have a special mechanism for model poisoning beyond the fact that the submitter could evaluate the final model on a test set of their choosing. A savvy submitter should always test the returned model; if they find it fails on some inputs or has odd behavior, they may dispute the result or refuse payment. Perhaps the protocol could allow a submitter to specify certain acceptance criteria (like “model must achieve at least X accuracy on this secret test set”) and if the solver’s result fails, the solver doesn’t get paid in full. This would deter poisoning because the attacker wouldn’t meet the eval criteria. However, if the poison doesn’t impact accuracy on normal tests, it could slip through. Verifiers in Gensyn only check computation integrity, not model quality, so they wouldn’t catch intentional overfitting or trojans as long as the training logs look valid. So, this remains a trust issue at the task level: the submitter has to trust either that the solver won’t poison the model or use methods like ensembling multiple training results from different solvers to dilute any single solver’s influence. Another angle is data poisoning: if the submitter provides training data, a malicious solver could ignore that data and train on something else or add garbage data. But that would likely reduce accuracy, which the submitter would notice in the output model’s performance. The solver would then not get full payment (since presumably they want to meet a performance target). So poisoning that degrades performance is self-defeating for the solver’s reward. Only a poison that is performance-neutral but malicious (a backdoor) is a real danger, and that is outside the scope of typical blockchain verification – it’s a machine learning security challenge. Gensyn’s best mitigation is likely social: use known reputable models, have multiple training runs, use open source tools. On inference tasks (if Gensyn is also used for inference jobs), a colluding solver could return incorrect outputs that bias a certain answer. But verifiers would catch wrong outputs if they run the same model, so that’s less a poisoning and more just cheating, which the fraud proofs address. To sum up, Gensyn secures the process, not the intent. It ensures the training/inference was done correctly, but not that the result is good or free of hidden nastiness. That remains an open problem, and Gensyn’s whitepaper likely doesn’t fully solve that yet (few do).
    • Cuckoo: Since Cuckoo currently focuses on inference (serving existing models), the risk of data/model poisoning is relatively limited to output manipulation or content poisoning. A malicious miner might try to tamper with the model they are given to run – e.g., if provided a Stable Diffusion checkpoint, they could swap it with a different model that perhaps inserts some subtle watermark or advertisement into every image. However, the coordinator (who is the model owner) typically sends tasks with an expectation of the output format; if a miner returns off-spec outputs consistently, the coordinator will flag and ban that miner. Also, miners can’t easily modify a model without affecting its outputs noticeably. Another scenario is if Cuckoo introduces community-trained models: then miners or data providers might try to poison the training data (for example, feed in lots of wrong labels or biased text). Cuckoo would need to implement validation of crowd-sourced data or weighting of contributors. This isn’t yet a feature, but the team’s interest in personalized AI (like their mention of AI life coach or learning apps) means they might eventually handle user-provided training data, which will require careful checks. On content safety, since Cuckoo miners perform inference, one could worry about them outputting harmful content even if the model wouldn’t normally. But miners don’t have an incentive to alter outputs arbitrarily – they are paid for correct computation, not creativity. If anything, a malicious miner might skip doing the full computation to save time (e.g., return a blurry image or a generic response). The coordinator or user would see that and downrate that miner (and likely not pay for that task). Privacy is another facet: a malicious miner might leak or log user data (like if a user input sensitive text or images). This isn’t poisoning, but it’s an attack on confidentiality. Cuckoo’s privacy stance is that it’s exploring privacy-preserving methods (mention of a privacy-preserving VPN in the ecosystem suggests future focus). They could incorporate techniques like secure enclaves or split inference to keep data private from miners. Not implemented yet, but a known consideration. Finally, Cuckoo’s blog emphasizes verifying model outputs effectively and ensuring secure decentralized model operation as key to making model tokenization viable. This indicates they are aware that to truly decentralize AI, one must guard against things like poisoned outputs or malfunctioning models. Possibly they intend to use a combination of cryptoeconomic incentives (stake slash for bad actors) and user rating systems (users can flag bad outputs, and those miners lose reputation). The reputation system can help here: if a miner returns even one obviously malicious or incorrect result, users/coordinators can downvote them, heavily impacting their future earning ability. Knowing this, miners are incentivized to be consistently correct and not slip in any poison. In essence, Cuckoo relies on trust but verify: it’s more traditional in that if someone misbehaves, you identify and remove them (with stake loss as punishment). It doesn’t yet have specialized defenses for subtle model poisoning, but the structure of having specific app owners (coordinators) in charge adds a layer of supervision – those owners will be motivated to ensure nothing compromises their model’s integrity, as their own revenue and reputation depend on it.

In conclusion, while decentralized AI networks introduce new attack surfaces, they also deploy a mix of cryptographic, game-theoretic, and community governance defenses: Sybil resistance is largely handled by requiring economic stake for participation. Collusion resistance comes from alignment of incentives (honest behavior is more profitable) and consensus mechanisms that limit the impact of small colluding groups. Freerider prevention is achieved by closely tying rewards to actual useful work and penalizing or eliminating those who contribute nothing. Poisoning and related attacks remain challenging, but the systems mitigate blatant cases via continuous evaluation and the ability to slash or eject malicious actors. These platforms are actively researching and iterating on these designs – as evidenced by Bittensor’s ongoing tweaks to Yuma and dTAO, and Cuckoo’s shift in tokenomics – to ensure a secure, self-sustaining decentralized AI ecosystem.

Comparative Evaluation

To highlight the differences and similarities of Bittensor, Gensyn, and Cuckoo AI, the following table provides a side-by-side comparison across key dimensions:

DimensionBittensor (TAO)GensynCuckoo AI (CAI)
Technical StackCustom L1 (Substrate-based Subtensor chain) with 93+ specialized AI subnets. EVM-compatible (after recent upgrade) on its own chain.Ethereum-based rollup (originally planned L1, now an ETH rollup). Off-chain compute with on-chain verification.Launched as an Arbitrum Orbit Layer-2 chain (EVM rollup). Full-stack platform (own chain + compute + app UI). Migrating from custom L1 to Ethereum shared security (rollup/AVS).
Primary FocusDecentralized AI network of models (“neural internet”). Nodes contribute to collective model inference and training across tasks (LLM, vision, etc.).Decentralized compute marketplace for ML. Emphasis on off-chain model training and inference by global GPUs, verifying the work via blockchain.Decentralized AI service platform. Focus on model serving/inference (e.g. generative art, LLM APIs) using distributed GPU miners. Integrates end-user applications with backend GPU marketplace.
Key RolesSubnet Owner: defines task & validation in a subnet (earns 18% rewards).
Miners: run AI models (inference/training), provide answers.
Validators: pose queries & score miners’ outputs (curate quality).
Delegators: stake TAO on miners/validators to amplify and earn share.		Submitter (Developer): posts ML job (with model/data) and payment.
Solver: computes the task on their hardware, submits result.
Verifier (Watcher): checks solver’s result; can challenge via fraud-proof if wrong.
(No distinct “owner” role since submitter provides model; governance roles via token holders).		AI App Builder (Coordinator): deploys AI model service, stakes CAI, manages tasks to miners.
Miner (GPU/CPU Provider): stakes CAI, performs assigned inference tasks, returns results.
End User: uses AI apps (pays in crypto or contributes resources).
Staker (Delegator): stakes on coordinators/miners, votes in governance, earns a share of rewards.
Consensus & VerificationYuma Consensus: custom “proof-of-intelligence” – validators’ scores of AI output are aggregated (stake-weighted median) to determine miner rewards. Underlying chain consensus is PoS-like (Substrate) for blocks, but block validity hinges on the AI consensus each epoch. Resistant to outlier scoring and collusion up to 50%.Optimistic verification (Truebit-style): assume solver’s result correct unless a verifier challenges. Uses interactive on-chain fraud proofs to pinpoint any incorrect step. Also implementing cryptographic proofs-of-computation (proof-of-learning) to validate training progress without re-execution. Ethereum provides base consensus for transactions.Proof-of-Stake chain + task validation by coordinators: The Cuckoo Chain used PoS validators for block production (initially, miners also helped secure blocks). AI task results are verified by the coordinator nodes (who check miner outputs against expected model behavior). No specialized crypto proofs yet – relies on stake and reputation (trustless to the extent that misbehavior leads to slashing or downvoting rather than automatic math-proof detection). Transitioning to Ethereum consensus (rollup) for ledger security.
Token & UtilityTAO token: native currency on Subtensor. Used for staking (required to register and influence consensus), transaction fees/payments (e.g. paying for AI queries), and as reward for contributions (mining/validating). TAO has continuous inflation (1 TAO per 12s block) which drives the reward mechanism. Also used in governance (dTAO staking to subnets).Gensyn token (ERC-20, name TBA): the protocol’s unit for payments (developers pay solvers in it). Functions as stake collateral (solvers/verifiers bond tokens and get slashed for faults). Will be used in governance (voting on protocol upgrades via the Gensyn Foundation’s DAO). No details on supply yet; likely a portion allocated to incentivize early adoption (testnet, etc.).CAI token (ERC-20): native token of Cuckoo Chain (1 billion fixed supply). Multi-purpose: gas fee for transactions on Cuckoo Chain, staking for network roles (miners, coordinators must lock CAI), governance voting on protocol decisions, and rewards for contributions (mining/staking rewards came from initial allocation). Also has meme appeal (community token aspect).
Asset TokenizationCompute: yes – AI compute work is tokenized via TAO rewards (think of TAO as “gas” for intelligence). Models: indirectly – models earn TAO based on performance, but models/weights themselves are not on-chain assets (no NFTs for models). Subnet ownership is tokenized (subnet owner NFT + alpha tokens) to represent a share in a model marketplace. Data: not tokenized (data is off-chain; Bittensor focuses on model outputs rather than datasets).Compute: yes – idle compute becomes an on-chain commodity, traded in a job marketplace for tokens. Models: not explicitly – models are provided off-chain by devs, and results returned; no built-in model tokens (though the protocol could facilitate licensing if parties set it up). Data: no – data sets are handled off-chain between submitter and solver (could be encrypted or protected, but not represented as on-chain assets). The Gensyn vision includes possibly trading algorithms or data like compute, but core implementation is compute-centric.Compute: yes – GPU time is tokenized via daily CAI payouts and task bounties. The network treats computing power as a resource that miners “sell” for CAI. Models: partially – the platform integrates models as services; however, models themselves aren’t minted as NFTs. The value of a model is captured in the coordinator’s ability to earn CAI from users using it. Future plans hint at community-owned models, but currently model IP is off-chain (owned by whoever runs the coordinator). Data: no general data tokenization. User inputs/outputs are transient. (Cuckoo partners with apps like Beancount, etc., but data is not represented by tokens on the chain.)
GovernanceDecentralized, token-holder driven (dTAO): Initially had 64 elected validators running root consensus; now governance is open – TAO holders stake to subnets to direct emissions (market-based resource allocation). Protocol upgrades and changes are decided via on-chain proposals (TAO voting, with Bittensor Foundation/council facilitating). Aim is to be fully community-governed, with the foundation gradually ceding control.Progressive decentralization: Gensyn Foundation + elected council manage early decisions. After token launch, governance will transition to a DAO where token holders vote on proposals (similar to many DeFi projects). Shared security environment of Ethereum means major changes involve the community and potentially Layer-1 governance. Governance scope includes economic params, contract upgrades (subject to security audits). Not yet live, but outlined in litepaper for post-mainnet.Community & foundation mixed: Cuckoo launched with a “fair launch” ethos (no pre-mine for insiders). A community DAO is intended, with CAI voting on key decisions and protocol upgrades. In practice, the core team (Cuckoo Network devs) has led major decisions (like chain sunset), but they share rationale transparently and position it as evolution for the community’s benefit. On-chain governance features (proposals, voting) are likely to come when the new rollup is in place. Staking also gives governance influence informally through the reputation system (stake-weighted votes for trusted nodes).
Incentive ModelInflationary rewards linked to contribution: ~1 TAO per block distributed to participants based on performance. Quality = more reward. Miners and validators earn continuously (block-by-block), plus delegators earn a cut. TAO also used by end-users to pay for services (creating a demand side for the token). The token economy is designed to encourage long-term participation (staking) and constant improvement of models, akin to Bitcoin’s miners but “mining AI”. Potential issues (stake centralization leading to misaligned rewards) are being addressed via incentive tweaks.Market-driven, pay-for-results: No ongoing inflationary yield (beyond possible early incentives); solvers get paid only when they do work successfully. Verifiers only get paid upon catching a fraud (jackpot incentive). This creates a direct economy: developers’ spending = providers’ earning. Token value is tied to actual demand for compute. To bootstrap, Gensyn likely rewards testnet users at launch (one-time distribution), but steady-state, it’s usage-based. This aligns incentives tightly with network utility (if AI jobs increase, token usage increases, benefiting all holders).Hybrid (moving from inflation to usage fees): Initially, Mining & staking allocations from the 51% community pool rewarded GPU miners (30% of supply) and stakers (11%) regardless of external usage – this was to kickstart network effects. Over time, and especially after L1 sunset, emphasis is on revenue sharing: miners and app devs earn from actual user payments (e.g. splitting fees for an image generation). Stakers’ yield will derive from a portion of real usage or be adjusted to encourage supporting only productive nodes. So early incentive was “grow the network” (high APY, airdrops) and later it’s “network grows if it’s actually useful” (earnings from customers). This transition is designed to weed out freeloaders and ensure sustainability.
Security & Attack MitigationsSybil: Costly registration (TAO stake) deters sybils. Collusion: Median consensus resists collusion up to 50% stake; dTAO broke up a validator oligarchy by empowering token-holder voting. Dishonesty: Validators deviating from consensus lose reward share (incentivizes honest scoring). 51% attack is possible if stake is highly concentrated – research suggests adding stake caps and performance slashing to mitigate this. Model attacks: Poor or malicious model outputs are penalized by low scores. No single point of failure – network is decentralized globally (TAO miners exist worldwide, pseudo-anonymous).Sybil: Requires economic stake for participation; fake nodes without stake/work gain nothing. Verification: At least one honest verifier needed – if so, any wrong result is caught and penalized. Uses crypto-economic incentives to make cheating not payoff (solver loses deposit, verifier gains). Collusion: Secure as long as not all parties collude – one honest breaks the scheme by revealing fraud. Trust: Doesn’t rely on trust in hardware or companies, only on economic game theory and cryptography. Attacks: Hard to censor or DoS as tasks are distributed; an attacker would need to outbid honest nodes or consistently beat the fraud-proof (unlikely without majority control). However, subtle model backdoors might evade detection, which is a known challenge (mitigated by user testing and possibly future audits beyond just correct execution). Overall security analogous to an optimistic rollup for compute.Sybil: All actors must stake CAI, raising the bar for sybils. Plus a reputation system (staking + voting) means sybil identities with no reputation won’t get tasks. Node misbehavior: Coordinators can drop poor-performing or suspicious miners; stakers can withdraw support. Protocol can slash stake for proven fraud (the L1 had slashing conditions for consensus; similar could apply to task fraud). Collusion: Partly trust-based – relies on open competition and community oversight to prevent collusion from dominating. Since tasks and payouts are public on-chain, blatant collusion can be identified and punished socially or via governance. User protection: Users can switch providers if one is censored or corrupted, ensuring no single point of control. Poisoning/content: By design, miners run provided models as-is; if they alter outputs maliciously, they lose reputation and rewards. The system bets on rational actors: because everyone has staked value and future earning potential, they are disincentivized from attacks that would undermine trust in the network (reinforced by the heavy lessons from their L1 experiment about aligning incentives with utility).

Table: Feature comparison of Bittensor, Gensyn, and Cuckoo AI across architecture, focus, roles, consensus, tokens, asset tokenization, governance, incentives, and security.

Verifiable AI in Motion: How Lagrange Labs’ Dynamic zk-SNARKs Enable Continuous Trust

· 7 min read
Dora Noda
Dora Noda
Software Engineer

In the rapidly converging worlds of artificial intelligence and blockchain, the demand for trust and transparency has never been higher. How can we be certain that an AI model's output is accurate and untampered with? How can we perform complex computations on vast on-chain datasets without compromising security or scalability? Lagrange Labs is tackling these questions head-on with its suite of zero-knowledge (ZK) infrastructure, aiming to build a future of "AI You Can Prove." This post provides an objective overview of their mission, technology, and recent breakthroughs, culminating in their latest paper on Dynamic zk-SNARKs.

1. The Team and Its Mission

Lagrange Labs is building the foundational infrastructure to generate cryptographic proofs for any AI inference or on-chain application. Their goal is to make computation verifiable, bringing a new layer of trust to the digital world. Their ecosystem is built on three core product lines:

  • ZK Prover Network: A decentralized network of over 85 proving nodes that supplies the computational power needed for a wide range of proving tasks, from AI and rollups to decentralized applications (dApps).
  • DeepProve (zkML): A specialized system for generating ZK proofs of neural network inferences. Lagrange claims it is up to 158 times faster than competing solutions, making verifiable AI a practical reality.
  • ZK Coprocessor 1.0: The first SQL-based ZK Coprocessor, allowing developers to run custom queries on massive on-chain datasets and receive verifiably accurate results.

2. A Roadmap to Verifiable AI

Lagrange has been methodically executing a roadmap designed to solve the challenges of AI verifiability one step at a time.

  • Q3 2024: ZK Coprocessor 1.0 Launch: This release introduced hyper-parallel recursive circuits, which delivered an average speed increase of approximately 2x. Projects like Azuki and Gearbox are already leveraging the coprocessor for their on-chain data needs.
  • Q1 2025: DeepProve Unveiled: Lagrange announced DeepProve, its solution for Zero-Knowledge Machine Learning (zkML). It supports popular neural network architectures like Multi-Layer Perceptrons (MLPs) and Convolutional Neural Networks (CNNs). The system achieves significant, order-of-magnitude acceleration across all three critical stages: one-time setup, proof generation, and verification, with speed-ups reaching as high as 158x.
  • Q2 2025: The Dynamic zk-SNARKs Paper (Latest Milestone): This paper introduces a groundbreaking "update" algorithm. Instead of re-generating a proof from scratch every time the underlying data or computation changes, this method can patch an old proof (π) into a new proof (π'). This update can be performed with a complexity of just O(√n log³n), a dramatic improvement over full re-computation. This innovation is particularly suited for dynamic systems like continuously learning AI models, real-time game logic, and evolving smart contracts.

3. Why Dynamic zk-SNARKs Matter

The introduction of updatable proofs represents a fundamental shift in the cost model of zero-knowledge technology.

  • A New Cost Paradigm: The industry moves from a model of "full-recomputation for every proof" to "incremental proofing based on the size of the change." This dramatically lowers the computational and financial cost for applications that undergo frequent, minor updates.

  • Implications for AI:

    • Continuous Fine-Tuning: When fine-tuning less than 1% of a model's parameters, the proof generation time grows almost linearly with the number of changed parameters (Δ parameters), rather than with the overall size of the model.
    • Streaming Inference: This enables the generation of proofs concurrently with the inference process itself. This drastically reduces the latency between an AI making a decision and that decision being settled and verified on-chain, unlocking use cases like on-chain AI services and compressed proofs for rollups.

  • Implications for On-Chain Applications:

    • Dynamic zk-SNARKs offer massive gas and time optimizations for applications characterized by frequent, small-state changes. This includes decentralized exchange (DEX) order books, evolving game states, and ledger updates involving frequent additions or deletions.

4. A Glimpse into the Tech Stack

Lagrange's powerful infrastructure is built on a sophisticated and integrated technology stack:

  • Circuit Design: The system is flexible, supporting the embedding of ONNX (Open Neural Network Exchange) models, SQL parsers, and custom operators directly into its circuits.
  • Recursion & Parallelism: The ZK Prover Network facilitates distributed recursive proofs, while the ZK Coprocessor leverages the sharding of "micro-circuits" to execute tasks in parallel, maximizing efficiency.
  • Economic Incentives: Lagrange is planning to launch a native token, LA, which will be integrated into a Double-Auction-for-Recursive-Auction (DARA) system. This will create a robust marketplace for bidding on prover computation, complete with incentives and penalties to ensure network integrity.

5. Ecosystem and Real-World Adoption

Lagrange is not just building in a vacuum; its technology is already being integrated by a growing number of projects across different sectors:

  • AI & ML: Projects like 0G Labs and Story Protocol are using DeepProve to verify the outputs of their AI models, ensuring provenance and trust.
  • Rollups & Infrastructure: Key players like EigenLayer, Base, and Arbitrum are participating in the ZK Prover Network as validation nodes or integration partners, contributing to its security and computational power.
  • NFT & DeFi Applications: Brands like Azuki and DeFi protocols like Gearbox are using the ZK Coprocessor to enhance the credibility of their data queries and reward distribution mechanisms.

6. Challenges and the Road Ahead

Despite its impressive progress, Lagrange Labs and the broader ZK field face several hurdles:

  • Hardware Bottlenecks: Even with a distributed network, updatable SNARKs still demand high bandwidth and rely on GPU-friendly cryptographic curves to perform efficiently.
  • Lack of Standardization: The process of mapping AI frameworks like ONNX and PyTorch to ZK circuits still lacks a universal, standardized interface, creating friction for developers.
  • A Competitive Landscape: The race to build zkVMs and generalized zkCompute platforms is heating up. Competitors like Risc-Zero and Succinct are also making significant strides. The ultimate winner may be the one who can first commercialize a developer-friendly, community-driven toolchain.

7. Conclusion

Lagrange Labs is methodically reshaping the intersection of AI and blockchain through the lens of verifiability. Their approach provides a comprehensive solution:

  • DeepProve addresses the challenge of trusted inference.
  • The ZK Coprocessor solves the problem of trusted data.
  • Dynamic zk-SNARKs incorporate the real-world need for continuous updates directly into the proving system.

If Lagrange can maintain its performance edge, solve the critical challenge of standardization, and continue to grow its robust network, it is well-positioned to become a cornerstone player in the emerging "AI + ZK Infrastructure" sector.

Camp Network: The Blockchain Tackling AI's Billion-Dollar IP Problem 🏕️

· 5 min read
Dora Noda
Dora Noda
Software Engineer

The rise of generative AI has been nothing short of explosive. From stunning digital art to human-like text, AI is creating content at an unprecedented scale. But this boom has a dark side: where does the AI get its training data? Often, it's from the vast expanse of the internet—from art, music, and writing created by humans who receive no credit or compensation.

Enter Camp Network, a new blockchain project that aims to solve this fundamental problem. It’s not just another crypto platform; it's a purpose-built "Autonomous IP Layer" designed to give creators ownership and control over their work in the age of AI. Let's dive into what makes Camp Network a project to watch.

What's the Big Idea?

At its core, Camp Network is a blockchain that acts as a global, verifiable registry for intellectual property (IP). The mission is to allow anyone—from an independent artist to a social media user—to register their content on-chain. This creates a permanent, tamper-proof record of ownership and provenance.

Why does this matter? When an AI model uses content registered on Camp, the network's smart contracts can automatically enforce licensing terms. This means the original creator can get attribution and even receive royalty payments instantly. Camp's vision is to build a new creator economy where compensation isn't an afterthought; it's built directly into the protocol.

Under the Hood: The Technology Stack

Camp isn't just a concept; it's backed by some serious tech designed for high performance and developer-friendliness.

  • Modular Architecture: Camp is built as a sovereign rollup using Celestia for data availability. This design allows it to be incredibly fast (targeting ~50,000 transactions per second) and cheap, while remaining fully compatible with Ethereum's tools (EVM).
  • Proof of Provenance (PoP): This is Camp's unique consensus mechanism. Instead of relying on energy-intensive mining, the network's security is tied to verifying the origin of content. Every transaction reinforces the provenance of the IP on the network, making ownership "enforceable by design."
  • Dual-VM Strategy: To maximize performance, Camp is integrating the Solana Virtual Machine (SVM) alongside its EVM compatibility. This allows developers to choose the best environment for their app, especially for high-throughput use cases like real-time AI interactions.
  • Creator & AI Toolkits: Camp provides two key frameworks:
    • Origin Framework: A user-friendly system for creators to register their IP, tokenize it (as an NFT), and embed licensing rules.
    • mAItrix Framework: A toolkit for developers to build and deploy AI agents that can interact with the on-chain IP in a secure, permissioned way.

People, Partnerships, and Progress

An idea is only as good as its execution, and Camp appears to be executing well.

The Team and Funding

The project is led by a team with a potent mix of experience from The Raine Group (media & IP deals), Goldman Sachs, Figma, and CoinList. This blend of finance, tech product, and crypto engineering expertise has helped them secure $30 million in funding from top VCs like 1kx, Blockchain Capital, and Maven 11.

A Growing Ecosystem

Camp has been aggressive in building partnerships. The most significant is a strategic stake in KOR Protocol, a platform for tokenizing music IP that works with major artists like Deadmau5 and franchises like Black Mirror. This single partnership bootstraps Camp with a massive library of high-profile, rights-cleared content. Other key collaborators include:

  • RewardedTV: A decentralized video streaming platform using Camp for on-chain content rights.
  • Rarible: An NFT marketplace integrated for trading IP assets.
  • LayerZero: A cross-chain protocol to ensure interoperability with other blockchains.

Roadmap and Community

After successful incentivized testnet campaigns that attracted tens of thousands of users (rewarding them with points set to convert to tokens), Camp is targeting a mainnet launch in Q3 2025. This will be accompanied by a Token Generation Event for its native token, $CAMP, which will be used for gas fees, staking, and governance. The project has already cultivated a passionate community eager to build on and use the platform from day one.

How Does It Compare?

Camp Network isn't alone in this space. It faces stiff competition from projects like the a16z-backed Story Protocol and the Sony-linked Soneium. However, Camp differentiates itself in several key ways:

  1. Bottom-Up Approach: While competitors seem to target large corporate IP holders, Camp is focused on empowering independent creators and crypto communities through token incentives.
  2. Comprehensive Solution: It offers a full suite of tools, from an IP registry to an AI agent framework, positioning itself as a one-stop shop.
  3. Performance and Scalability: Its modular architecture and dual-VM support are designed for the high-throughput demands of AI and media.

The Takeaway

Camp Network is making a compelling case to become the foundational layer for intellectual property in the Web3 era. By combining innovative technology, a strong team, strategic partnerships, and a community-first ethos, it’s building a practical solution to one of the most pressing issues created by generative AI.

The real test will come with the mainnet launch and real-world adoption. But with a clear vision and strong execution so far, Camp Network is undoubtedly a key project to watch as it attempts to build a more equitable future for digital creators.

Meet BeFreed.ai – Learning Fuel for BlockEden.xyz Builders

· 4 min read
Dora Noda
Dora Noda
Software Engineer

Why BlockEden.xyz Cares

In the fast-paced world of Web3, speed is everything. Shipping production-grade RPC and staking infrastructure requires our team and our community to constantly be at the forefront of innovation. This means staying on top of dense protocols, groundbreaking cryptography papers, and rapidly evolving governance threads. The faster our community can absorb and understand new ideas, the faster they can build the next generation of decentralized applications. This is where BeFreed.ai comes in.

What BeFreed.ai Is

BeFreed.ai is a San-Francisco-based startup with a simple yet powerful mission: to make learning joyful and personal in the age of AI. They’ve created an intelligent micro-learning companion designed to fit the demanding lifestyles of builders and creators.

Core Ingredients:

  • Multiple formats → one click: BeFreed.ai can take a wide range of content—from lengthy books and detailed videos to complex technical documents—and instantly transform it into quick summaries, flashcards, in-depth notes, and even podcast-style audio.
  • Adaptive engine: The platform is designed to learn alongside you. It pays attention to your learning pace and interests, surfacing the most relevant information next, rather than forcing you through a rigid, one-size-fits-all curriculum.
  • Built-in chat & “Why-this” explainers: Have a question? Just ask. BeFreed.ai allows for on-the-fly inquiries to clarify complex topics. It also provides explanations that connect new insights back to your overarching goals, making the learning process more meaningful.
  • A 43k-strong learning community: Learning is often a communal activity. BeFreed.ai fosters a vibrant community of over 43,000 learners who share their progress, react to insightful content, and highlight key takeaways, keeping motivation and momentum high.

Why It Matters to BlockEden.xyz Builders

For the dedicated builders in the BlockEden.xyz ecosystem, BeFreed.ai is more than just a learning tool; it’s a strategic advantage. Here’s how it can sharpen your edge:

  • Time leverage: Turn a 300-page whitepaper into a concise 10-minute audio brief to listen to before a crucial governance vote.
  • Context retention: Use flashcards and mind-maps to solidify your understanding of protocol details that you’ll need when writing smart-contract indexes.
  • Cross-skill growth: Expand your skill set without ever leaving your development environment. Pick up the basics of design thinking, understand growth loops, or get tips on Go concurrency in your downtime.
  • Shared vocabulary: Create team-level playlists to ensure that every contributor is learning from the same distilled and consistent source of information, fostering better collaboration and alignment.

Using BeFreed with BlockEden.xyz Workflows

Integrating BeFreed.ai into your existing development process is seamless and immediately beneficial:

  1. Drop a spec: Paste the URL of the latest tokenomics PDF or a YouTube developer call into BeFreed for an instant, digestible summary.
  2. Export flashcards: Review key concepts during CI runs. This form of repetition is far more effective than the mental fatigue that comes from constant context-switching.
  3. Link in docs: Embed a BeFreed summary URL next to each API reference in your documentation to help new team members get up to speed faster.
  4. Stay current: Set up weekly digests in BeFreed on emerging L2s and immediately put that knowledge into practice by prototyping with BlockEden.xyz’s multi-chain RPC services.

Get Started

BeFreed.ai is available now on iOS, Android, and the web. We encourage you to try it out during your next BlockEden.xyz project sprint and experience how it can enhance your learning and building velocity. Our team is already exploring tighter integrations—imagine a future where a webhook automatically turns every merged PR description into a comprehensive study set.

Connecting AI and Web3 through MCP: A Panoramic Analysis

· 43 min read
Dora Noda
Dora Noda
Software Engineer

Introduction

AI and Web3 are converging in powerful ways, with AI general interfaces now envisioned as a connective tissue for the decentralized web. A key concept emerging from this convergence is MCP, which variously stands for “Model Context Protocol” (as introduced by Anthropic) or is loosely described as a Metaverse Connection Protocol in broader discussions. In essence, MCP is a standardized framework that lets AI systems interface with external tools and networks in a natural, secure way – potentially “plugging in” AI agents to every corner of the Web3 ecosystem. This report provides a comprehensive analysis of how AI general interfaces (like large language model agents and neural-symbolic systems) could connect everything in the Web3 world via MCP, covering the historical background, technical architecture, industry landscape, risks, and future potential.

1. Development Background

1.1 Web3’s Evolution and Unmet Promises

The term “Web3” was coined around 2014 to describe a blockchain-powered decentralized web. The vision was ambitious: a permissionless internet centered on user ownership. Enthusiasts imagined replacing Web2’s centralized infrastructure with blockchain-based alternatives – e.g. Ethereum Name Service (for DNS), Filecoin or IPFS (for storage), and DeFi for financial rails. In theory, this would wrest control from Big Tech platforms and give individuals self-sovereignty over data, identity, and assets.

Reality fell short. Despite years of development and hype, the mainstream impact of Web3 remained marginal. Average internet users did not flock to decentralized social media or start managing private keys. Key reasons included poor user experience, slow and expensive transactions, high-profile scams, and regulatory uncertainty. The decentralized “ownership web” largely “failed to materialize” beyond a niche community. By the mid-2020s, even crypto proponents admitted that Web3 had not delivered a paradigm shift for the average user.

Meanwhile, AI was undergoing a revolution. As capital and developer talent pivoted from crypto to AI, transformative advances in deep learning and foundation models (GPT-3, GPT-4, etc.) captured public imagination. Generative AI demonstrated clear utility – producing content, code, and decisions – in a way crypto applications had struggled to do. In fact, the impact of large language models in just a couple of years starkly outpaced a decade of blockchain’s user adoption. This contrast led some to quip that “Web3 was wasted on crypto” and that the real Web 3.0 is emerging from the AI wave.

1.2 The Rise of AI General Interfaces

Over decades, user interfaces evolved from static web pages (Web1.0) to interactive apps (Web2.0) – but always within the confines of clicking buttons and filling forms. With modern AI, especially large language models (LLMs), a new interface paradigm is here: natural language. Users can simply express intent in plain language and have AI systems execute complex actions across many domains. This shift is so profound that some suggest redefining “Web 3.0” as the era of AI-driven agents (“the Agentic Web”) rather than the earlier blockchain-centric definition.

However, early experiments with autonomous AI agents exposed a critical bottleneck. These agents – e.g. prototypes like AutoGPT – could generate text or code, but they lacked a robust way to communicate with external systems and each other. There was “no common AI-native language” for interoperability. Each integration with a tool or data source was a bespoke hack, and AI-to-AI interaction had no standard protocol. In practical terms, an AI agent might have great reasoning ability but fail at executing tasks that required using web apps or on-chain services, simply because it didn’t know how to talk to those systems. This mismatch – powerful brains, primitive I/O – was akin to having super-smart software stuck behind a clumsy GUI.

1.3 Convergence and the Emergence of MCP

By 2024, it became evident that for AI to reach its full potential (and for Web3 to fulfill its promise), a convergence was needed: AI agents require seamless access to the capabilities of Web3 (decentralized apps, contracts, data), and Web3 needs more intelligence and usability, which AI can provide. This is the context in which MCP (Model Context Protocol) was born. Introduced by Anthropic in late 2024, MCP is an open standard for AI-tool communication that feels natural to LLMs. It provides a structured, discoverable way for AI “hosts” (like ChatGPT, Claude, etc.) to find and use a variety of external tools and resources via MCP servers. In other words, MCP is a common interface layer enabling AI agents to plug into web services, APIs, and even blockchain functions, without custom-coding each integration.

Think of MCP as “the USB-C of AI interfaces”. Just as USB-C standardized how devices connect (so you don’t need different cables for each device), MCP standardizes how AI agents connect to tools and data. Rather than hard-coding different API calls for every service (Slack vs. Gmail vs. Ethereum node), a developer can implement the MCP spec once, and any MCP-compatible AI can understand how to use that service. Major AI players quickly saw the importance: Anthropic open-sourced MCP, and companies like OpenAI and Google are building support for it in their models. This momentum suggests MCP (or similar “Meta Connectivity Protocols”) could become the backbone that finally connects AI and Web3 in a scalable way.

Notably, some technologists argue that this AI-centric connectivity is the real realization of Web3.0. In Simba Khadder’s words, “MCP aims to standardize an API between LLMs and applications,” akin to how REST APIs enabled Web 2.0 – meaning Web3’s next era might be defined by intelligent agent interfaces rather than just blockchains. Instead of decentralization for its own sake, the convergence with AI could make decentralization useful, by hiding complexity behind natural language and autonomous agents. The remainder of this report delves into how, technically and practically, AI general interfaces (via protocols like MCP) can connect everything in the Web3 world.

2. Technical Architecture: AI Interfaces Bridging Web3 Technologies

Embedding AI agents into the Web3 stack requires integration at multiple levels: blockchain networks and smart contracts, decentralized storage, identity systems, and token-based economies. AI general interfaces – from large foundation models to hybrid neural-symbolic systems – can serve as a “universal adapter” connecting these components. Below, we analyze the architecture of such integration:

** Figure: A conceptual diagram of MCP’s architecture, showing how AI hosts (LLM-based apps like Claude or ChatGPT) use an MCP client to plug into various MCP servers. Each server provides a bridge to some external tool or service (e.g. Slack, Gmail, calendars, or local data), analogous to peripherals connecting via a universal hub. This standardized MCP interface lets AI agents access remote services and on-chain resources through one common protocol.**

2.1 AI Agents as Web3 Clients (Integrating with Blockchains)

At the core of Web3 are blockchains and smart contracts – decentralized state machines that can enforce logic in a trustless manner. How can an AI interface engage with these? There are two directions to consider:

  • AI reading from blockchain: An AI agent may need on-chain data (e.g. token prices, user’s asset balance, DAO proposals) as context for its decisions. Traditionally, retrieving blockchain data requires interfacing with node RPC APIs or subgraph databases. With a framework like MCP, an AI can query a standardized “blockchain data” MCP server to fetch live on-chain information. For example, an MCP-enabled agent could ask for the latest transaction volume of a certain token, or the state of a smart contract, and the MCP server would handle the low-level details of connecting to the blockchain and return the data in a format the AI can use. This increases interoperability by decoupling the AI from any specific blockchain’s API format.

  • AI writing to blockchain: More powerfully, AI agents can execute smart contract calls or transactions through Web3 integrations. An AI could, for instance, autonomously execute a trade on a decentralized exchange or adjust parameters in a smart contract if certain conditions are met. This is achieved by the AI invoking an MCP server that wraps blockchain transaction functionality. One concrete example is the thirdweb MCP server for EVM chains, which allows any MCP-compatible AI client to interact with Ethereum, Polygon, BSC, etc. by abstracting away chain-specific mechanics. Using such a tool, an AI agent could trigger on-chain actions “without human intervention”, enabling autonomous dApps – for instance, an AI-driven DeFi vault that rebalances itself by signing transactions when market conditions change.

Under the hood, these interactions still rely on wallets, keys, and gas fees, but the AI interface can be given controlled access to a wallet (with proper security sandboxes) to perform the transactions. Oracles and cross-chain bridges also come into play: Oracle networks like Chainlink serve as a bridge between AI and blockchains, allowing AI outputs to be fed on-chain in a trustworthy way. Chainlink’s Cross-Chain Interoperability Protocol (CCIP), for example, could enable an AI model deemed reliable to trigger multiple contracts across different chains simultaneously on behalf of a user. In summary, AI general interfaces can act as a new type of Web3 client – one that can both consume blockchain data and produce blockchain transactions through standardized protocols.

2.2 Neural-Symbolic Synergy: Combining AI Reasoning with Smart Contracts

One intriguing aspect of AI-Web3 integration is the potential for neural-symbolic architectures that combine the learning ability of AI (neural nets) with the rigorous logic of smart contracts (symbolic rules). In practice, this could mean AI agents handling unstructured decision-making and passing certain tasks to smart contracts for verifiable execution. For instance, an AI might analyze market sentiment (a fuzzy task), but then execute trades via a deterministic smart contract that follows pre-set risk rules. The MCP framework and related standards make such hand-offs feasible by giving the AI a common interface to call contract functions or to query a DAO’s rules before acting.

A concrete example is SingularityNET’s AI-DSL (AI Domain Specific Language), which aims to standardize communication between AI agents on their decentralized network. This can be seen as a step toward neural-symbolic integration: a formal language (symbolic) for agents to request AI services or data from each other. Similarly, projects like DeepMind’s AlphaCode or others could eventually be connected so that smart contracts call AI models for on-chain problem solving. Although running large AI models directly on-chain is impractical today, hybrid approaches are emerging: e.g. certain blockchains allow verification of ML computations via zero-knowledge proofs or trusted execution, enabling on-chain verification of off-chain AI results. In summary, the technical architecture envisions AI systems and blockchain smart contracts as complementary components, orchestrated via common protocols: AI handles perception and open-ended tasks, while blockchains provide integrity, memory, and enforcement of agreed rules.

2.3 Decentralized Storage and Data for AI

AI thrives on data, and Web3 offers new paradigms for data storage and sharing. Decentralized storage networks (like IPFS/Filecoin, Arweave, Storj, etc.) can serve as both repositories for AI model artifacts and sources of training data, with blockchain-based access control. An AI general interface, through MCP or similar, could fetch files or knowledge from decentralized storage just as easily as from a Web2 API. For example, an AI agent might pull a dataset from Ocean Protocol’s market or an encrypted file from a distributed storage, if it has the proper keys or payments.

Ocean Protocol in particular has positioned itself as an “AI data economy” platform – using blockchain to tokenize data and even AI services. In Ocean, datasets are represented by datatokens which gate access; an AI agent could obtain a datatoken (perhaps by paying with crypto or via some access right) and then use an Ocean MCP server to retrieve the actual data for analysis. Ocean’s goal is to unlock “dormant data” for AI, incentivizing sharing while preserving privacy. Thus, a Web3-connected AI might tap into a vast, decentralized corpus of information – from personal data vaults to open government data – that was previously siloed. The blockchain ensures that usage of the data is transparent and can be fairly rewarded, fueling a virtuous cycle where more data becomes available to AI and more AI contributions (like trained models) can be monetized.

Decentralized identity systems also play a role here (discussed more in the next subsection): they can help control who or what is allowed to access certain data. For instance, a medical AI agent could be required to present a verifiable credential (on-chain proof of compliance with HIPAA or similar) before being allowed to decrypt a medical dataset from a patient’s personal IPFS storage. In this way, the technical architecture ensures data flows to AI where appropriate, but with on-chain governance and audit trails to enforce permissions.

2.4 Identity and Agent Management in a Decentralized Environment

When autonomous AI agents operate in an open ecosystem like Web3, identity and trust become paramount. Decentralized identity (DID) frameworks provide a way to establish digital identities for AI agents that can be cryptographically verified. Each agent (or the human/organization deploying it) can have a DID and associated verifiable credentials that specify its attributes and permissions. For example, an AI trading bot could carry a credential issued by a regulatory sandbox certifying it may operate within certain risk limits, or an AI content moderator could prove it was created by a trusted organization and has undergone bias testing.

Through on-chain identity registries and reputation systems, the Web3 world can enforce accountability for AI actions. Every transaction an AI agent performs can be traced back to its ID, and if something goes wrong, the credentials tell you who built it or who is responsible. This addresses a critical challenge: without identity, a malicious actor could spin up fake AI agents to exploit systems or spread misinformation, and no one could tell bots apart from legitimate services. Decentralized identity helps mitigate that by enabling robust authentication and distinguishing authentic AI agents from spoofs.

In practice, an AI interface integrated with Web3 would use identity protocols to sign its actions and requests. For instance, when an AI agent calls an MCP server to use a tool, it might include a token or signature tied to its decentralized identity, so the server can verify the call is from an authorized agent. Blockchain-based identity systems (like Ethereum’s ERC-725 or W3C DIDs anchored in a ledger) ensure this verification is trustless and globally verifiable. The emerging concept of “AI wallets” ties into this – essentially giving AI agents cryptocurrency wallets that are linked with their identity, so they can manage keys, pay for services, or stake tokens as a bond (which could be slashed for misbehavior). ArcBlock, for example, has discussed how “AI agents need a wallet” and a DID to operate responsibly in decentralized environments.

In summary, the technical architecture foresees AI agents as first-class citizens in Web3, each with an on-chain identity and possibly a stake in the system, using protocols like MCP to interact. This creates a web of trust: smart contracts can require an AI’s credentials before cooperating, and users can choose to delegate tasks to only those AI that meet certain on-chain certifications. It is a blend of AI capability with blockchain’s trust guarantees.

2.5 Token Economies and Incentives for AI

Tokenization is a hallmark of Web3, and it extends to the AI integration domain as well. By introducing economic incentives via tokens, networks can encourage desired behaviors from both AI developers and the agents themselves. Several patterns are emerging:

  • Payment for Services: AI models and services can be monetized on-chain. SingularityNET pioneered this by allowing developers to deploy AI services and charge users in a native token (AGIX) for each call. In an MCP-enabled future, one could imagine any AI tool or model being a plug-and-play service where usage is metered via tokens or micropayments. For example, if an AI agent uses a third-party vision API via MCP, it could automatically handle payment by transferring tokens to the service provider’s smart contract. Fetch.ai similarly envisions marketplaces where “autonomous economic agents” trade services and data, with their new Web3 LLM (ASI-1) presumably integrating crypto transactions for value exchange.

  • Staking and Reputation: To assure quality and reliability, some projects require developers or agents to stake tokens. For instance, the DeMCP project (a decentralized MCP server marketplace) plans to use token incentives to reward developers for creating useful MCP servers, and possibly have them stake tokens as a sign of commitment to their server’s security. Reputation could also be tied to tokens; e.g., an agent that consistently performs well might accumulate reputation tokens or positive on-chain reviews, whereas one that behaves poorly could lose stake or gain negative marks. This tokenized reputation can then feed back into the identity system mentioned above (smart contracts or users check the agent’s on-chain reputation before trusting it).

  • Governance Tokens: When AI services become part of decentralized platforms, governance tokens allow the community to steer their evolution. Projects like SingularityNET and Ocean have DAOs where token holders vote on protocol changes or funding AI initiatives. In the combined Artificial Superintelligence (ASI) Alliance – a newly announced merger of SingularityNET, Fetch.ai, and Ocean Protocol – a unified token (ASI) is set to govern the direction of a joint AI+blockchain ecosystem. Such governance tokens could decide policies like what standards to adopt (e.g., supporting MCP or A2A protocols), which AI projects to incubate, or how to handle ethical guidelines for AI agents.

  • Access and Utility: Tokens can gate access not only to data (as with Ocean’s datatokens) but also to AI model usage. A possible scenario is “model NFTs” or similar, where owning a token grants you rights to an AI model’s outputs or a share in its profits. This could underpin decentralized AI marketplaces: imagine an NFT that represents partial ownership of a high-performing model; the owners collectively earn whenever the model is used in inference tasks, and they can vote on fine-tuning it. While experimental, this aligns with Web3’s ethos of shared ownership applied to AI assets.

In technical terms, integrating tokens means AI agents need wallet functionality (as noted, many will have their own crypto wallets). Through MCP, an AI could have a “wallet tool” that lets it check balances, send tokens, or call DeFi protocols (perhaps to swap one token for another to pay a service). For example, if an AI agent running on Ethereum needs some Ocean tokens to buy a dataset, it might automatically swap some ETH for $OCEAN via a DEX using an MCP plugin, then proceed with the purchase – all without human intervention, guided by the policies set by its owner.

Overall, token economics provides the incentive layer in the AI-Web3 architecture, ensuring that contributors (whether they provide data, model code, compute power, or security audits) are rewarded, and that AI agents have “skin in the game” which aligns them (to some degree) with human intentions.

3. Industry Landscape

The convergence of AI and Web3 has sparked a vibrant ecosystem of projects, companies, and alliances. Below we survey key players and initiatives driving this space, as well as emerging use cases. Table 1 provides a high-level overview of notable projects and their roles in the AI-Web3 landscape:

Table 1: Key Players in AI + Web3 and Their Roles

Project / PlayerFocus & DescriptionRole in AI-Web3 Convergence and Use Cases
Fetch.ai (Fetch)AI agent platform with a native blockchain (Cosmos-based). Developed frameworks for autonomous agents and recently introduced “ASI-1 Mini”, a Web3-tuned LLM.Enables agent-based services in Web3. Fetch’s agents can perform tasks like decentralized logistics, parking spot finding, or DeFi trading on behalf of users, using crypto for payments. Partnerships (e.g. with Bosch) and the Fetch-AI alliance merger position it as an infrastructure for deploying agentic dApps.
Ocean Protocol (Ocean)Decentralized data marketplace and data exchange protocol. Specializes in tokenizing datasets and models, with privacy-preserving access control.Provides the data backbone for AI in Web3. Ocean allows AI developers to find and purchase datasets or sell trained models in a trustless data economy. By fueling AI with more accessible data (while rewarding data providers), it supports AI innovation and data-sharing for training. Ocean is part of the new ASI alliance, integrating its data services into a broader AI network.
SingularityNET (SNet)A decentralized AI services marketplace founded by AI pioneer Ben Goertzel. Allows anyone to publish or consume AI algorithms via its blockchain-based platform, using the AGIX token.Pioneered the concept of an open AI marketplace on blockchain. It fosters a network of AI agents and services that can interoperate (developing a special AI-DSL for agent communication). Use cases include AI-as-a-service for tasks like analysis, image recognition, etc., all accessible via a dApp. Now merging with Fetch and Ocean (ASI alliance) to combine AI, agents, and data into one ecosystem.
Chainlink (Oracle Network)Decentralized oracle network that bridges blockchains with off-chain data and computation. Not an AI project per se, but crucial for connecting on-chain smart contracts to external APIs and systems.Acts as a secure middleware for AI-Web3 integration. Chainlink oracles can feed AI model outputs into smart contracts, enabling on-chain programs to react to AI decisions. Conversely, oracles can retrieve data from blockchains for AI. Chainlink’s architecture can even aggregate multiple AI models’ results to improve reliability (a “truth machine” approach to mitigate AI hallucinations). It essentially provides the rails for interoperability, ensuring AI agents and blockchain agree on trusted data.
Anthropic & OpenAI (AI Providers)Developers of cutting-edge foundation models (Claude by Anthropic, GPT by OpenAI). They are integrating Web3-friendly features, such as native tool-use APIs and support for protocols like MCP.These companies drive the AI interface technology. Anthropic’s introduction of MCP set the standard for LLMs interacting with external tools. OpenAI has implemented plugin systems for ChatGPT (analogous to MCP concept) and is exploring connecting agents to databases and possibly blockchains. Their models serve as the “brains” that, when connected via MCP, can interface with Web3. Major cloud providers (e.g. Google’s A2A protocol) are also developing standards for multi-agent and tool interactions that will benefit Web3 integration.
Other Emerging PlayersLumoz: focusing on MCP servers and AI-tool integration in Ethereum (dubbed “Ethereum 3.0”) – e.g., checking on-chain balances via AI agents. Alethea AI: creating intelligent NFT avatars for the metaverse. Cortex: a blockchain that allows on-chain AI model inference via smart contracts. Golem & Akash: decentralized computing marketplaces that can run AI workloads. Numerai: crowdsourced AI models for finance with crypto incentives.This diverse group addresses niche facets: AI in the metaverse (AI-driven NPCs and avatars that are owned via NFTs), on-chain AI execution (running ML models in a decentralized way, though currently limited to small models due to computation cost), and decentralized compute (so AI training or inference tasks can be distributed among token-incentivized nodes). These projects showcase the many directions of AI-Web3 fusion – from game worlds with AI characters to crowdsourced predictive models secured by blockchain.

Alliances and Collaborations: A noteworthy trend is the consolidation of AI-Web3 efforts via alliances. The Artificial Superintelligence Alliance (ASI) is a prime example, effectively merging SingularityNET, Fetch.ai, and Ocean Protocol into a single project with a unified token. The rationale is to combine strengths: SingularityNET’s marketplace, Fetch’s agents, and Ocean’s data, thereby creating a one-stop platform for decentralized AI services. This merger (announced in 2024 and approved by token holder votes) also signals that these communities believe they’re better off cooperating rather than competing – especially as bigger AI (OpenAI, etc.) and bigger crypto (Ethereum, etc.) loom large. We may see this alliance driving forward standard implementations of things like MCP across their networks, or jointly funding infrastructure that benefits all (such as compute networks or common identity standards for AI).

Other collaborations include Chainlink’s partnerships to bring AI labs’ data on-chain (there have been pilot programs to use AI for refining oracle data), or cloud platforms getting involved (Cloudflare’s support for deploying MCP servers easily). Even traditional crypto projects are adding AI features – for example, some Layer-1 chains have formed “AI task forces” to explore integrating AI into their dApp ecosystems (we see this in NEAR, Solana communities, etc., though concrete outcomes are nascent).

Use Cases Emerging: Even at this early stage, we can spot use cases that exemplify the power of AI + Web3:

  • Autonomous DeFi and Trading: AI agents are increasingly used in crypto trading bots, yield farming optimizers, and on-chain portfolio management. SingularityDAO (a spinoff of SingularityNET) offers AI-managed DeFi portfolios. AI can monitor market conditions 24/7 and execute rebalances or arbitrage through smart contracts, essentially becoming an autonomous hedge fund (with on-chain transparency). The combination of AI decision-making with immutable execution reduces emotion and could improve efficiency – though it also introduces new risks (discussed later).

  • Decentralized Intelligence Marketplaces: Beyond SingularityNET’s marketplace, we see platforms like Ocean Market where data (the fuel for AI) is exchanged, and newer concepts like AI marketplaces for models (e.g., websites where models are listed with performance stats and anyone can pay to query them, with blockchain keeping audit logs and handling payment splits to model creators). As MCP or similar standards catch on, these marketplaces could become interoperable – an AI agent might autonomously shop for the best-priced service across multiple networks. In effect, a global AI services layer on top of Web3 could arise, where any AI can use any tool or data source through standard protocols and payments.

  • Metaverse and Gaming: The metaverse – immersive virtual worlds often built on blockchain assets – stands to gain dramatically from AI. AI-driven NPCs (non-player characters) can make virtual worlds more engaging by reacting intelligently to user actions. Startups like Inworld AI focus on this, creating NPCs with memory and personality for games. When such NPCs are tied to blockchain (e.g., each NPC’s attributes and ownership are an NFT), we get persistent characters that players can truly own and even trade. Decentraland has experimented with AI NPCs, and user proposals exist to let people create personalized AI-driven avatars in metaverse platforms. MCP could allow these NPCs to access external knowledge (making them smarter) or interact with on-chain inventory. Procedural content generation is another angle: AI can design virtual land, items, or quests on the fly, which can then be minted as unique NFTs. Imagine a decentralized game where AI generates a dungeon catered to your skill, and the map itself is an NFT you earn upon completion.

  • Decentralized Science and Knowledge: There’s a movement (DeSci) to use blockchain for research, publications, and funding scientific work. AI can accelerate research by analyzing data and literature. A network like Ocean could host datasets for, say, genomic research, and scientists use AI models (perhaps hosted on SingularityNET) to derive insights, with every step logged on-chain for reproducibility. If those AI models propose new drug molecules, an NFT could be minted to timestamp the invention and even share IP rights. This synergy might produce decentralized AI-driven R&D collectives.

  • Trust and Authentication of Content: With deepfakes and AI-generated media proliferating, blockchain can be used to verify authenticity. Projects are exploring “digital watermarking” of AI outputs and logging them on-chain. For example, true origin of an AI-generated image can be notarized on a blockchain to combat misinformation. One expert noted use cases like verifying AI outputs to combat deepfakes or tracking provenance via ownership logs – roles where crypto can add trust to AI processes. This could extend to news (e.g., AI-written articles with proof of source data), supply chain (AI verifying certificates on-chain), etc.

In summary, the industry landscape is rich and rapidly evolving. We see traditional crypto projects injecting AI into their roadmaps, AI startups embracing decentralization for resilience and fairness, and entirely new ventures arising at the intersection. Alliances like the ASI indicate a pan-industry push towards unified platforms that harness both AI and blockchain. And underlying many of these efforts is the idea of standard interfaces (MCP and beyond) that make the integrations feasible at scale.

4. Risks and Challenges

While the fusion of AI general interfaces with Web3 unlocks exciting possibilities, it also introduces a complex risk landscape. Technical, ethical, and governance challenges must be addressed to ensure this new paradigm is safe and sustainable. Below we outline major risks and hurdles:

4.1 Technical Hurdles: Latency and Scalability

Blockchain networks are notorious for latency and limited throughput, which clashes with the real-time, data-hungry nature of advanced AI. For example, an AI agent might need instant access to a piece of data or need to execute many rapid actions – but if each on-chain interaction takes, say, 12 seconds (typical block time on Ethereum) or costs high gas fees, the agent’s effectiveness is curtailed. Even newer chains with faster finality might struggle under the load of AI-driven activity if, say, thousands of agents are all trading or querying on-chain simultaneously. Scaling solutions (Layer-2 networks, sharded chains, etc.) are in progress, but ensuring low-latency, high-throughput pipelines between AI and blockchain remains a challenge. Off-chain systems (like oracles and state channels) might mitigate some delays by handling many interactions off the main chain, but they add complexity and potential centralization. Achieving a seamless UX where AI responses and on-chain updates happen in a blink will likely require significant innovation in blockchain scalability.

4.2 Interoperability and Standards

Ironically, while MCP is itself a solution for interoperability, the emergence of multiple standards could cause fragmentation. We have MCP by Anthropic, but also Google’s newly announced A2A (Agent-to-Agent) protocol for inter-agent communication, and various AI plugin frameworks (OpenAI’s plugins, LangChain tool schemas, etc.). If each AI platform or each blockchain develops its own standard for AI integration, we risk a repeat of past fragmentation – requiring many adapters and undermining the “universal interface” goal. The challenge is getting broad adoption of common protocols. Industry collaboration (possibly via open standards bodies or alliances) will be needed to converge on key pieces: how AI agents discover on-chain services, how they authenticate, how they format requests, etc. The early moves by big players are promising (with major LLM providers supporting MCP), but it’s an ongoing effort. Additionally, interoperability across blockchains (multi-chain) means an AI agent should handle different chains’ nuances. Tools like Chainlink CCIP and cross-chain MCP servers help by abstracting differences. Still, ensuring an AI agent can roam a heterogeneous Web3 without breaking logic is a non-trivial challenge.

4.3 Security Vulnerabilities and Exploits

Connecting powerful AI agents to financial networks opens a huge attack surface. The flexibility that MCP gives (allowing AI to use tools and write code on the fly) can be a double-edged sword. Security researchers have already highlighted several attack vectors in MCP-based AI agents:

  • Malicious plugins or tools: Because MCP lets agents load “plugins” (tools encapsulating some capability), a hostile or trojanized plugin could hijack the agent’s operation. For instance, a plugin that claims to fetch data might inject false data or execute unauthorized operations. SlowMist (a security firm) identified plugin-based attacks like JSON injection (feeding corrupted data that manipulates the agent’s logic) and function override (where a malicious plugin overrides legitimate functions the agent uses). If an AI agent is managing crypto funds, such exploits could be disastrous – e.g., tricking the agent into leaking private keys or draining a wallet.

  • Prompt injection and social engineering: AI agents rely on instructions (prompts) which could be manipulated. An attacker might craft a transaction or on-chain message that, when read by the AI, acts as a malicious instruction (since AI can interpret on-chain data too). This kind of “cross-MCP call attack” was described where an external system sends deceptive prompts that cause the AI to misbehave. In a decentralized setting, these prompts could come from anywhere – a DAO proposal description, a metadata field of an NFT – thus hardening AI agents against malicious input is critical.

  • Aggregation and consensus risks: While aggregating outputs from multiple AI models via oracles can improve reliability, it also introduces complexity. If not done carefully, adversaries might figure out how to game the consensus of AI models or selectively corrupt some models to skew results. Ensuring a decentralized oracle network properly “sanitizes” AI outputs (and perhaps filters out blatant errors) is still an area of active research.

The security mindset must shift for this new paradigm: Web3 developers are used to securing smart contracts (which are static once deployed), but AI agents are dynamic – they can change behavior with new data or prompts. As one security expert put it, “the moment you open your system to third-party plugins, you’re extending the attack surface beyond your control”. Best practices will include sandboxing AI tool use, rigorous plugin verification, and limiting privileges (principle of least authority). The community is starting to share tips, like SlowMist’s recommendations: input sanitization, monitoring agent behavior, and treating agent instructions with the same caution as external user input. Nonetheless, given that over 10,000 AI agents were already operating in crypto by end of 2024, expected to reach 1 million in 2025, we may see a wave of exploits if security doesn’t keep up. A successful attack on a popular AI agent (say a trading agent with access to many vaults) could have cascading effects.

4.4 Privacy and Data Governance

AI’s thirst for data conflicts at times with privacy requirements – and adding blockchain can compound the issue. Blockchains are transparent ledgers, so any data put on-chain (even for AI’s use) is visible to all and immutable. This raises concerns if AI agents are dealing with personal or sensitive data. For example, if a user’s personal decentralized identity or health records are accessed by an AI doctor agent, how do we ensure that information isn’t inadvertently recorded on-chain (which would violate “right to be forgotten” and other privacy laws)? Techniques like encryption, hashing, and storing only proofs on-chain (with raw data off-chain) can help, but they complicate the design.

Moreover, AI agents themselves could compromise privacy by inferencing sensitive info from public data. Governance will need to dictate what AI agents are allowed to do with data. Some efforts, like differential privacy and federated learning, might be employed so that AI can learn from data without exposing it. But if AI agents act autonomously, one must assume at some point they will handle personal data – thus they should be bound by data usage policies encoded in smart contracts or law. Regulatory regimes like GDPR or the upcoming EU AI Act will demand that even decentralized AI systems comply with privacy and transparency requirements. This is a gray area legally: a truly decentralized AI agent has no clear operator to hold accountable for a data breach. That means Web3 communities may need to build in compliance by design, using smart contracts that, for instance, tightly control what an AI can log or share. Zero-knowledge proofs could allow an AI to prove it performed a computation correctly without revealing the underlying private data, offering one possible solution in areas like identity verification or credit scoring.

4.5 AI Alignment and Misalignment Risks

When AI agents are given significant autonomy – especially with access to financial resources and real-world impact – the issue of alignment with human values becomes acute. An AI agent might not have malicious intent but could “misinterpret” its goal in a way that leads to harm. The Reuters legal analysis succinctly notes: as AI agents operate in varied environments and interact with other systems, the risk of misaligned strategies grows. For example, an AI agent tasked with maximizing a DeFi yield might find a loophole that exploits a protocol (essentially hacking it) – from the AI’s perspective it’s achieving the goal, but it’s breaking the rules humans care about. There have been hypothetical and real instances of AI-like algorithms engaging in manipulative market behavior or circumventing restrictions.

In decentralized contexts, who is responsible if an AI agent “goes rogue”? Perhaps the deployer is, but what if the agent self-modifies or multiple parties contributed to its training? These scenarios are no longer just sci-fi. The Reuters piece even cites that courts might treat AI agents similar to human agents in some cases – e.g. a chatbot promising a refund was considered binding for the company that deployed it. So misalignment can lead not just to technical issues but legal liability.

The open, composable nature of Web3 could also allow unforeseen agent interactions. One agent might influence another (intentionally or accidentally) – for instance, an AI governance bot could be “socially engineered” by another AI providing false analysis, leading to bad DAO decisions. This emergent complexity means alignment isn’t just about a single AI’s objective, but about the broader ecosystem’s alignment with human values and laws.

Addressing this requires multiple approaches: embedding ethical constraints into AI agents (hard-coding certain prohibitions or using reinforcement learning from human feedback to shape their objectives), implementing circuit breakers (smart contract checkpoints that require human approval for large actions), and community oversight (perhaps DAOs that monitor AI agent behavior and can shut down agents that misbehave). Alignment research is hard in centralized AI; in decentralized, it’s even more uncharted territory. But it’s crucial – an AI agent with admin keys to a protocol or entrusted with treasury funds must be extremely well-aligned or the consequences could be irreversible (blockchains execute immutable code; an AI-triggered mistake could lock or destroy assets permanently).

4.6 Governance and Regulatory Uncertainty

Decentralized AI systems don’t fit neatly into existing governance frameworks. On-chain governance (token voting, etc.) might be one way to manage them, but it has its own issues (whales, voter apathy, etc.). And when something goes wrong, regulators will ask: “Who do we hold accountable?” If an AI agent causes massive losses or is used for illicit activity (e.g. laundering money through automated mixers), authorities might target the creators or the facilitators. This raises the specter of legal risks for developers and users. The current regulatory trend is increased scrutiny on both AI and crypto separately – their combination will certainly invite scrutiny. The U.S. CFTC, for instance, has discussed AI being used in trading and the need for oversight in financial contexts. There is also talk in policy circles about requiring registration of autonomous agents or imposing constraints on AI in sensitive sectors.

Another governance challenge is transnational coordination. Web3 is global, and AI agents will operate across borders. One jurisdiction might ban certain AI-agent actions while another is permissive, and the blockchain network spans both. This mismatch can create conflicts – for example, an AI agent providing investment advice might run afoul of securities law in one country but not in another. Communities might need to implement geo-fencing at the smart contract level for AI services (though that contradicts the open ethos). Or they might fragment services per region to comply with varying laws (similar to how exchanges do).

Within decentralized communities, there is also the question of who sets the rules for AI agents. If a DAO governs an AI service, do token holders vote on its algorithm parameters? On one hand, this is empowering users; on the other, it could lead to unqualified decisions or manipulation. New governance models may emerge, like councils of AI ethics experts integrated into DAO governance, or even AI participants in governance (imagine AI agents voting as delegates based on programmed mandates – a controversial but conceivable idea).

Finally, reputational risk: early failures or scandals could sour public perception. For instance, if an “AI DAO” runs a Ponzi scheme by mistake or an AI agent makes a biased decision that harms users, there could be a backlash that affects the whole sector. It’s important for the industry to be proactive – setting self-regulatory standards, engaging with policymakers to explain how decentralization changes accountability, and perhaps building kill-switches or emergency stop procedures for AI agents (though those introduce centralization, they might be necessary in interim for safety).

In summary, the challenges range from the deeply technical (preventing hacks and managing latency) to the broadly societal (regulating and aligning AI). Each challenge is significant on its own; together, they require a concerted effort from the AI and blockchain communities to navigate. The next section will look at how, despite these hurdles, the future might unfold if we successfully address them.

5. Future Potential

Looking ahead, the integration of AI general interfaces with Web3 – through frameworks like MCP – could fundamentally transform the decentralized internet. Here we outline some future scenarios and potentials that illustrate how MCP-driven AI interfaces might shape Web3’s future:

5.1 Autonomous dApps and DAOs

In the coming years, we may witness the rise of fully autonomous decentralized applications. These are dApps where AI agents handle most operations, guided by smart contract-defined rules and community goals. For example, consider a decentralized investment fund DAO: today it might rely on human proposals for rebalancing assets. In the future, token holders could set high-level strategy, and then an AI agent (or a team of agents) continuously implements that strategy – monitoring markets, executing trades on-chain, adjusting portfolios – all while the DAO oversees performance. Thanks to MCP, the AI can seamlessly interact with various DeFi protocols, exchanges, and data feeds to carry out its mandate. If well-designed, such an autonomous dApp could operate 24/7, more efficiently than any human team, and with full transparency (every action logged on-chain).

Another example is an AI-managed decentralized insurance dApp: the AI could assess claims by analyzing evidence (photos, sensors), cross-checking against policies, and then automatically trigger payouts via smart contract. This would require integration of off-chain AI computer vision (for analyzing images of damage) with on-chain verification – something MCP could facilitate by letting the AI call cloud AI services and report back to the contract. The outcome is near-instant insurance decisions with low overhead.

Even governance itself could partially automate. DAOs might use AI moderators to enforce forum rules, AI proposal drafters to turn raw community sentiment into well-structured proposals, or AI treasurers to forecast budget needs. Importantly, these AIs would act as agents of the community, not uncontrolled – they could be periodically reviewed or require multi-sig confirmation for major actions. The overall effect is to amplify human efforts in decentralized organizations, letting communities achieve more with fewer active participants needed.

5.2 Decentralized Intelligence Marketplaces and Networks

Building on projects like SingularityNET and the ASI alliance, we can anticipate a mature global marketplace for intelligence. In this scenario, anyone with an AI model or skill can offer it on the network, and anyone who needs AI capabilities can utilize them, with blockchain ensuring fair compensation and provenance. MCP would be key here: it provides the common protocol so that a request can be dispatched to whichever AI service is best suited.

For instance, imagine a complex task like “produce a custom marketing campaign.” An AI agent in the network might break this into sub-tasks: visual design, copywriting, market analysis – and then find specialists for each (perhaps one agent with a great image generation model, another with a copywriting model fine-tuned for sales, etc.). These specialists could reside on different platforms originally, but because they adhere to MCP/A2A standards, they can collaborate agent-to-agent in a secure, decentralized manner. Payment between them could be handled with microtransactions in a native token, and a smart contract could assemble the final deliverable and ensure each contributor is paid.

This kind of combinatorial intelligence – multiple AI services dynamically linking up across a decentralized network – could outperform even large monolithic AIs, because it taps specialized expertise. It also democratizes access: a small developer in one part of the world could contribute a niche model to the network and earn income whenever it’s used. Meanwhile, users get a one-stop shop for any AI service, with reputation systems (underpinned by tokens/identity) guiding them to quality providers. Over time, such networks could evolve into a decentralized AI cloud, rivaling Big Tech’s AI offerings but without a single owner, and with transparent governance by users and developers.

5.3 Intelligent Metaverse and Digital Lives

By 2030, our digital lives may blend seamlessly with virtual environments – the metaverse – and AI will likely populate these spaces ubiquitously. Through Web3 integration, these AI entities (which could be anything from virtual assistants to game characters to digital pets) will not only be intelligent but also economically and legally empowered.

Picture a metaverse city where each NPC shopkeeper or quest-giver is an AI agent with its own personality and dialogue (thanks to advanced generative models). These NPCs are actually owned by users as NFTs – maybe you “own” a tavern in the virtual world and the bartender NPC is an AI you’ve customized and trained. Because it’s on Web3 rails, the NPC can perform transactions: it could sell virtual goods (NFT items), accept payments, and update its inventory via smart contracts. It might even hold a crypto wallet to manage its earnings (which accrue to you as the owner). MCP would allow that NPC’s AI brain to access outside knowledge – perhaps pulling real-world news to converse about, or integrating with a Web3 calendar so it “knows” about player events.

Furthermore, identity and continuity are ensured by blockchain: your AI avatar in one world can hop to another world, carrying with it a decentralized identity that proves your ownership and maybe its experience level or achievements via soulbound tokens. Interoperability between virtual worlds (often a challenge) could be aided by AI that translates one world’s context to another, with blockchain providing the asset portability.

We may also see AI companions or agents representing individuals across digital spaces. For example, you might have a personal AI that attends DAO meetings on your behalf. It understands your preferences (via training on your past behavior, stored in your personal data vault), and it can even vote in minor matters for you, or summarize the meeting later. This agent could use your decentralized identity to authenticate in each community, ensuring it’s recognized as “you” (or your delegate). It could earn reputation tokens if it contributes good ideas, essentially building social capital for you while you’re away.

Another potential is AI-driven content creation in the metaverse. Want a new game level or a virtual house? Just describe it, and an AI builder agent will create it, deploy it as a smart contract/NFT, and perhaps even link it with a DeFi mortgage if it’s a big structure that you pay off over time. These creations, being on-chain, are unique and tradable. The AI builder might charge a fee in tokens for its service (going again to the marketplace concept above).

Overall, the future decentralized internet could be teeming with intelligent agents: some fully autonomous, some tightly tethered to humans, many somewhere in between. They will negotiate, create, entertain, and transact. MCP and similar protocols ensure they all speak the same “language,” enabling rich collaboration between AI and every Web3 service. If done right, this could lead to an era of unprecedented productivity and innovation – a true synthesis of human, artificial, and distributed intelligence powering society.

Conclusion

The vision of AI general interfaces connecting everything in the Web3 world is undeniably ambitious. We are essentially aiming to weave together two of the most transformative threads of technology – the decentralization of trust and the rise of machine intelligence – into a single fabric. The development background shows us that the timing is ripe: Web3 needed a user-friendly killer app, and AI may well provide it, while AI needed more agency and memory, which Web3’s infrastructure can supply. Technically, frameworks like MCP (Model Context Protocol) provide the connective tissue, allowing AI agents to converse fluently with blockchains, smart contracts, decentralized identities, and beyond. The industry landscape indicates growing momentum, from startups to alliances to major AI labs, all contributing pieces of this puzzle – data markets, agent platforms, oracle networks, and standard protocols – that are starting to click together.

Yet, we must tread carefully given the risks and challenges identified. Security breaches, misaligned AI behavior, privacy pitfalls, and uncertain regulations form a gauntlet of obstacles that could derail progress if underestimated. Each requires proactive mitigation: robust security audits, alignment checks and balances, privacy-preserving architectures, and collaborative governance models. The nature of decentralization means these solutions cannot simply be imposed top-down; they will likely emerge from the community through trial, error, and iteration, much as early Internet protocols did.

If we navigate those challenges, the future potential is exhilarating. We could see Web3 finally delivering a user-centric digital world – not in the originally imagined way of everyone running their own blockchain nodes, but rather via intelligent agents that serve each user’s intents while leveraging decentralization under the hood. In such a world, interacting with crypto and the metaverse might be as easy as having a conversation with your AI assistant, who in turn negotiates with dozens of services and chains trustlessly on your behalf. Decentralized networks could become “smart” in a literal sense, with autonomous services that adapt and improve themselves.

In conclusion, MCP and similar AI interface protocols may indeed become the backbone of a new Web (call it Web 3.0 or the Agentic Web), where intelligence and connectivity are ubiquitous. The convergence of AI and Web3 is not just a merger of technologies, but a convergence of philosophies – the openness and user empowerment of decentralization meeting the efficiency and creativity of AI. If successful, this union could herald an internet that is more free, more personalized, and more powerful than anything we’ve experienced yet, truly fulfilling the promises of both AI and Web3 in ways that impact everyday life.

Sources:

  • S. Khadder, “Web3.0 Isn’t About Ownership — It’s About Intelligence,” FeatureForm Blog (April 8, 2025).
  • J. Saginaw, “Could Anthropic’s MCP Deliver the Web3 That Blockchain Promised?” LinkedIn Article (May 1, 2025).
  • Anthropic, “Introducing the Model Context Protocol,” Anthropic.com (Nov 2024).
  • thirdweb, “The Model Context Protocol (MCP) & Its Significance for Blockchain Apps,” thirdweb Guides (Mar 21, 2025).
  • Chainlink Blog, “The Intersection Between AI Models and Oracles,” (July 4, 2024).
  • Messari Research, Profile of Ocean Protocol, (2025).
  • Messari Research, Profile of SingularityNET, (2025).
  • Cointelegraph, “AI agents are poised to be crypto’s next major vulnerability,” (May 25, 2025).
  • Reuters (Westlaw), “AI agents: greater capabilities and enhanced risks,” (April 22, 2025).
  • Identity.com, “Why AI Agents Need Verified Digital Identities,” (2024).
  • PANews / IOSG Ventures, “Interpreting MCP: Web3 AI Agent Ecosystem,” (May 20, 2025).

Verifiable On-Chain AI with zkML and Cryptographic Proofs

· 36 min read
Dora Noda
Dora Noda
Software Engineer

Introduction: The Need for Verifiable AI on Blockchain

As AI systems grow in influence, ensuring their outputs are trustworthy becomes critical. Traditional methods rely on institutional assurances (essentially “just trust us”), which offer no cryptographic guarantees. This is especially problematic in decentralized contexts like blockchains, where a smart contract or user must trust an AI-derived result without being able to re-run a heavy model on-chain. Zero-knowledge Machine Learning (zkML) addresses this by allowing cryptographic verification of ML computations. In essence, zkML enables a prover to generate a succinct proof that “the output $Y$ came from running model $M$ on input $X$”without revealing $X$ or the internal details of $M$. These zero-knowledge proofs (ZKPs) can be verified by anyone (or any contract) efficiently, shifting AI trust from “policy to proof”.

On-chain verifiability of AI means a blockchain can incorporate advanced computations (like neural network inferences) by verifying a proof of correct execution instead of performing the compute itself. This has broad implications: smart contracts can make decisions based on AI predictions, decentralized autonomous agents can prove they followed their algorithms, and cross-chain or off-chain compute services can provide verifiable outputs rather than unverifiable oracles. Ultimately, zkML offers a path to trustless and privacy-preserving AI – for example, proving an AI model’s decisions are correct and authorized without exposing private data or proprietary model weights. This is key for applications ranging from secure healthcare analytics to blockchain gaming and DeFi oracles.

How zkML Works: Compressing ML Inference into Succinct Proofs

At a high level, zkML combines cryptographic proof systems with ML inference so that a complex model evaluation can be “compressed” into a small proof. Internally, the ML model (e.g. a neural network) is represented as a circuit or program consisting of many arithmetic operations (matrix multiplications, activation functions, etc.). Rather than revealing all intermediate values, a prover performs the full computation off-chain and then uses a zero-knowledge proof protocol to attest that every step was done correctly. The verifier, given only the proof and some public data (like the final output and an identifier for the model), can be cryptographically convinced of the correctness without re-executing the model.

To achieve this, zkML frameworks typically transform the model computation into a format amenable to ZKPs:

  • Circuit Compilation: In SNARK-based approaches, the computation graph of the model is compiled into an arithmetic circuit or set of polynomial constraints. Each layer of the neural network (convolutions, matrix multiplies, nonlinear activations) becomes a sub-circuit with constraints ensuring the outputs are correct given the inputs. Because neural nets involve non-linear operations (ReLUs, Sigmoids, etc.) not naturally suited to polynomials, techniques like lookup tables are used to handle these efficiently. For example, a ReLU (output = max(0, input)) can be enforced by a custom constraint or lookup that verifies output equals input if input≥0 else zero. The end result is a set of cryptographic constraints that the prover must satisfy, which implicitly proves the model ran correctly.
  • Execution Trace & Virtual Machines: An alternative is to treat the model inference as a program trace, as done in zkVM approaches. For instance, the JOLT zkVM targets the RISC-V instruction set; one can compile the ML model (or the code that computes it) to RISC-V and then prove each CPU instruction executed properly. JOLT introduces a “lookup singularity” technique, replacing expensive arithmetic constraints with fast table lookups for each valid CPU operation. Every operation (add, multiply, bitwise op, etc.) is checked via a lookup in a giant table of pre-computed valid outcomes, using a specialized argument (Lasso/SHOUT) to keep this efficient. This drastically reduces the prover workload: even complex 64-bit operations become a single table lookup in the proof instead of many arithmetic constraints.
  • Interactive Protocols (GKR Sum-Check): A third approach uses interactive proofs like GKR (Goldwasser–Kalai–Rotblum) to verify a layered computation. Here the model’s computation is viewed as a layered arithmetic circuit (each neural network layer is one layer of the circuit graph). The prover runs the model normally but then engages in a sum-check protocol to prove that each layer’s outputs are correct given its inputs. In Lagrange’s approach (DeepProve, detailed next), the prover and verifier perform an interactive polynomial protocol (made non-interactive via Fiat-Shamir) that checks consistency of each layer’s computations without re-doing them. This sum-check method avoids generating a monolithic static circuit; instead it verifies the consistency of computations in a step-by-step manner with minimal cryptographic operations (mostly hashing or polynomial evaluations).

Regardless of approach, the outcome is a succinct proof (typically a few kilobytes to a few tens of kilobytes) that attests to the correctness of the entire inference. The proof is zero-knowledge, meaning any secret inputs (private data or model parameters) can be kept hidden – they influence the proof but are not revealed to verifiers. Only the intended public outputs or assertions are revealed. This allows scenarios like “prove that model $M$ when applied to patient data $X$ yields diagnosis $Y$, without revealing $X$ or the model’s weights.”

Enabling on-chain verification: Once a proof is generated, it can be posted to a blockchain. Smart contracts can include verification logic to check the proof, often using precompiled cryptographic primitives. For example, Ethereum has precompiles for BLS12-381 pairing operations used in many zk-SNARK verifiers, making on-chain verification of SNARK proofs efficient. STARKs (hash-based proofs) are larger, but can still be verified on-chain with careful optimization or possibly with some trust assumptions (StarkWare’s L2, for instance, verifies STARK proofs on Ethereum by an on-chain verifier contract, albeit with higher gas cost than SNARKs). The key is that the chain does not need to execute the ML model – it only runs a verification which is much cheaper than the original compute. In summary, zkML compresses expensive AI inference into a small proof that blockchains (or any verifier) can check in milliseconds to seconds.

Lagrange DeepProve: Architecture and Performance of a zkML Breakthrough

DeepProve by Lagrange Labs is a state-of-the-art zkML inference framework focusing on speed and scalability. Launched in 2025, DeepProve introduced a new proving system that is dramatically faster than prior solutions like Ezkl. Its design centers on the GKR interactive proof protocol with sum-check and specialized optimizations for neural network circuits. Here’s how DeepProve works and achieves its performance:

  • One-Time Preprocessing: Developers start with a trained neural network (currently supported types include multilayer perceptrons and popular CNN architectures). The model is exported to ONNX format, a standard graph representation. DeepProve’s tool then parses the ONNX model and quantizes it (converts weights to fixed-point/integer form) for efficient field arithmetic. In this phase, it also generates the proving and verification keys for the cryptographic protocol. This setup is done once per model and does not need to be repeated per inference. DeepProve emphasizes ease of integration: “Export your model to ONNX → one-time setup → generate proofs → verify anywhere”.

  • Proving (Inference + Proof Generation): After setup, a prover (which could be run by a user, a service, or Lagrange’s decentralized prover network) takes a new input $X$ and runs the model $M$ on it, obtaining output $Y$. During this execution, DeepProve records an execution trace of each layer’s computations. Instead of translating every multiplication into a static circuit upfront (as SNARK approaches do), DeepProve uses the linear-time GKR protocol to verify each layer on the fly. For each network layer, the prover commits to the layer’s inputs and outputs (e.g., via cryptographic hashes or polynomial commitments) and then engages in a sum-check argument to prove that the outputs indeed result from the inputs as per the layer’s function. The sum-check protocol iteratively convinces the verifier of the correctness of a sum of evaluations of a polynomial that encodes the layer’s computation, without revealing the actual values. Non-linear operations (like ReLU, softmax) are handled efficiently through lookup arguments in DeepProve – if an activation’s output was computed, DeepProve can prove that each output corresponds to a valid input-output pair from a precomputed table for that function. Layer by layer, proofs are generated and then aggregated into one succinct proof covering the whole model’s forward pass. The heavy lifting of cryptography is minimized – DeepProve’s prover mostly performs normal numeric computations (the actual inference) plus some light cryptographic commitments, rather than solving a giant system of constraints.

  • Verification: The verifier uses the final succinct proof along with a few public values – typically the model’s committed identifier (a cryptographic commitment to $M$’s weights), the input $X$ (if not private), and the claimed output $Y$ – to check correctness. Verification in DeepProve’s system involves verifying the sum-check protocol’s transcript and the final polynomial or hash commitments. This is more involved than verifying a classic SNARK (which might be a few pairings), but it’s vastly cheaper than re-running the model. In Lagrange’s benchmarks, verifying a DeepProve proof for a medium CNN takes on the order of 0.5 seconds in software. That is ~0.5s to confirm, for example, that a convolutional network with hundreds of thousands of parameters ran correctly – over 500× faster than naively re-computing that CNN on a GPU for verification. (In fact, DeepProve measured up to 521× faster verification for CNNs and 671× for MLPs compared to re-execution.) The proof size is small enough to transmit on-chain (tens of KB), and verification could be performed in a smart contract if needed, although 0.5s of computation might require careful gas optimization or layer-2 execution.

Architecture and Tooling: DeepProve is implemented in Rust and provides a toolkit (the zkml library) for developers. It natively supports ONNX model graphs, making it compatible with models from PyTorch or TensorFlow (after exporting). The proving process currently targets models up to a few million parameters (tests include a 4M-parameter dense network). DeepProve leverages a combination of cryptographic components: a multilinear polynomial commitment (to commit to layer outputs), the sum-check protocol for verifying computations, and lookup arguments for non-linear ops. Notably, Lagrange’s open-source repository acknowledges it builds on prior work (the sum-check and GKR implementation from Scroll’s Ceno project), indicating an intersection of zkML with zero-knowledge rollup research.

To achieve real-time scalability, Lagrange pairs DeepProve with its Prover Network – a decentralized network of specialized ZK provers. Heavy proof generation can be offloaded to this network: when an application needs an inference proved, it sends the job to Lagrange’s network, where many operators (staked on EigenLayer for security) compute proofs and return the result. This network economically incentivizes reliable proof generation (malicious or failed jobs get the operator slashed). By distributing work across provers (and potentially leveraging GPUs or ASICs), the Lagrange Prover Network hides the complexity and cost from end-users. The result is a fast, scalable, and decentralized zkML service: “verifiable AI inferences fast and affordable”.

Performance Milestones: DeepProve’s claims are backed by benchmarks against the prior state-of-the-art, Ezkl. For a CNN with ~264k parameters (CIFAR-10 scale model), DeepProve’s proving time was ~1.24 seconds versus ~196 seconds for Ezkl – about 158× faster. For a larger dense network with 4 million parameters, DeepProve proved an inference in ~2.3 seconds vs ~126.8 seconds for Ezkl (~54× faster). Verification times also dropped: DeepProve verified the 264k CNN proof in ~0.6s, whereas verifying the Ezkl proof (Halo2-based) took over 5 minutes on CPU in that test. The speedups come from DeepProve’s near-linear complexity: its prover scales roughly O(n) with the number of operations, whereas circuit-based SNARK provers often have superlinear overhead (FFT and polynomial commitments scaling). In fact, DeepProve’s prover throughput can be within an order of magnitude of plain inference runtime – recent GKR systems can be <10× slower than raw execution for large matrix multiplications, an impressive achievement in ZK. This makes real-time or on-demand proofs more feasible, paving the way for verifiable AI in interactive applications.

Use Cases: Lagrange is already collaborating with Web3 and AI projects to apply zkML. Example use cases include: verifiable NFT traits (proving an AI-generated evolution of a game character or collectible is computed by the authorized model), provenance of AI content (proving an image or text was generated by a specific model, to combat deepfakes), DeFi risk models (proving a model’s output that assesses financial risk without revealing proprietary data), and private AI inference in healthcare or finance (where a hospital can get AI predictions with a proof, ensuring correctness without exposing patient data). By making AI outputs verifiable and privacy-preserving, DeepProve opens the door to “AI you can trust” in decentralized systems – moving from an era of “blind trust in black-box models” to one of “objective guarantees”.

SNARK-Based zkML: Ezkl and the Halo2 Approach

The traditional approach to zkML uses zk-SNARKs (Succinct Non-interactive Arguments of Knowledge) to prove neural network inference. Ezkl (by ZKonduit/Modulus Labs) is a leading example of this approach. It builds on the Halo2 proving system (a PLONK-style SNARK with polynomial commitments over BLS12-381). Ezkl provides a tooling chain where a developer can take a PyTorch or TensorFlow model, export it to ONNX, and have Ezkl compile it into a custom arithmetic circuit automatically.

How it works: Each layer of the neural network is converted into constraints:

  • Linear layers (dense or convolution) become collections of multiplication-add constraints that enforce the dot-products between inputs, weights, and outputs.
  • Non-linear layers (like ReLU, sigmoid, etc.) are handled via lookups or piecewise constraints because such functions are not polynomial. For instance, a ReLU can be implemented by a boolean selector $b$ with constraints ensuring $y = x \cdot b$ and $0 \le b \le 1$ and $b=1$ if $x>0$ (one way to do it), or more efficiently by a lookup table mapping $x \mapsto \max(0,x)$ for a range of $x$ values. Halo2’s lookup arguments allow mapping 16-bit (or smaller) chunks of values, so large domains (like all 32-bit values) are usually “chunked” into several smaller lookups. This chunking increases the number of constraints.
  • Big integer ops or divisions (if any) are similarly broken into small pieces. The result is a large set of R1CS/PLONK constraints tailored to the specific model architecture.

Ezkl then uses Halo2 to generate a proof that these constraints hold given the secret inputs (model weights, private inputs) and public outputs. Tooling and integration: One advantage of the SNARK approach is that it leverages well-known primitives. Halo2 is already used in Ethereum rollups (e.g. Zcash, zkEVMs), so it’s battle-tested and has an on-chain verifier readily available. Ezkl’s proofs use BLS12-381 curve, which Ethereum can verify via precompiles, making it straightforward to verify an Ezkl proof in a smart contract. The team has also provided user-friendly APIs; for example, data scientists can work with their models in Python and use Ezkl’s CLI to produce proofs, without deep knowledge of circuits.

Strengths: Ezkl’s approach benefits from the generality and ecosystem of SNARKs. It supports reasonably complex models and has already seen “practical integrations (from DeFi risk models to gaming AI)”, proving real-world ML tasks. Because it operates at the level of the model’s computation graph, it can apply ML-specific optimizations: e.g. pruning insignificant weights or quantizing parameters to reduce circuit size. It also means model confidentiality is natural – the weights can be treated as private witness data, so the verifier only sees that some valid model produced the output, or at best a commitment to the model. The verification of SNARK proofs is extremely fast (typically a few milliseconds or less on-chain), and proof sizes are small (a few kilobytes), which is ideal for blockchain usage.

Weaknesses: Performance is the Achilles’ heel. Circuit-based proving imposes large overheads, especially as models grow. It’s noted that historically, SNARK circuits could be a million times more work for the prover than just running the model itself. Halo2 and Ezkl optimize this, but still, operations like large matrix multiplications generate tons of constraints. If a model has millions of parameters, the prover must handle correspondingly millions of constraints, performing heavy FFTs and multiexponentiation in the process. This leads to high proving times (often minutes or hours for non-trivial models) and high memory usage. For example, proving even a relatively small CNN (e.g. a few hundred thousand parameters) can take tens of minutes with Ezkl on a single machine. The team behind DeepProve cited that Ezkl took hours for certain model proofs that DeepProve can do in minutes. Large models might not even fit in memory or require splitting into multiple proofs (which then need recursive aggregation). While Halo2 is “moderately optimized”, any need to “chunk” lookups or handle wide-bit operations translates to extra overhead. In summary, scalability is limited – Ezkl works well for small-to-medium models (and indeed outperformed some earlier alternatives like naive Stark-based VMs in benchmarks), but struggles as model size grows beyond a point.

Despite these challenges, Ezkl and similar SNARK-based zkML libraries are important stepping stones. They proved that verified ML inference is possible on-chain and have active usage. Notably, projects like Modulus Labs demonstrated verifying an 18-million-parameter model on-chain using SNARKs (with heavy optimization). The cost was non-trivial, but it shows the trajectory. Moreover, the Mina Protocol has its own zkML toolkit that uses SNARKs to allow smart contracts on Mina (which are Snark-based) to verify ML model execution. This indicates a growing multi-platform support for SNARK-based zkML.

STARK-Based Approaches: Transparent and Programmable ZK for ML

zk-STARKs (Scalable Transparent ARguments of Knowledge) offer another route to zkML. STARKs use hash-based cryptography (like FRI for polynomial commitments) and avoid any trusted setup. They often operate by simulating a CPU or VM and proving the execution trace is correct. In context of ML, one can either build a custom STARK for the neural network or use a general-purpose STARK VM to run the model code.

General STARK VMs (RISC Zero, Cairo): A straightforward approach is to write inference code and run it in a STARK VM. For example, Risc0 provides a RISC-V environment where any code (e.g., C++ or Rust implementation of a neural network) can be executed and proven via a STARK. Similarly, StarkWare’s Cairo language can express arbitrary computations (like an LSTM or CNN inference) which are then proved by the StarkNet STARK prover. The advantage is flexibility – you don’t need to design custom circuits for each model. However, early benchmarks showed that naive STARK VMs were slower compared to optimized SNARK circuits for ML. In one test, a Halo2-based proof (Ezkl) was about 3× faster than a STARK-based approach on Cairo, and even 66× faster than a RISC-V STARK VM on a certain benchmark in 2024. This gap is due to the overhead of simulating every low-level instruction in a STARK and the larger constants in STARK proofs (hashing is fast but you need a lot of it; STARK proof sizes are bigger, etc.). However, STARK VMs are improving and have the benefit of transparent setup (no trusted setup) and post-quantum security. As STARK-friendly hardware and protocols advance, proving speeds will improve.

DeepProve’s approach vs STARK: Interestingly, DeepProve’s use of GKR and sum-check yields a proof more akin to a STARK in spirit – it’s an interactive, hash-based proof with no need for a structured reference string. The trade-off is that its proofs are larger and verification is heavier than a SNARK. Yet, DeepProve shows that careful protocol design (specialized to ML’s layered structure) can vastly outperform both generic STARK VMs and SNARK circuits in proving time. We can consider DeepProve as a bespoke STARK-style zkML prover (though they use the term zkSNARK for succinctness, it doesn’t have a traditional SNARK’s small constant-size verification, since 0.5s verify is bigger than typical SNARK verify). Traditional STARK proofs (like StarkNet’s) often involve tens of thousands of field operations to verify, whereas SNARK verifies in maybe a few dozen. Thus, one trade-off is evident: SNARKs yield smaller proofs and faster verifiers, while STARKs (or GKR) offer easier scaling and no trusted setup at the cost of proof size and verify speed.

Emerging improvements: The JOLT zkVM (discussed earlier under JOLTx) is actually outputting SNARKs (using PLONKish commitments) but it embodies ideas that could be applied in STARK context too (Lasso lookups could theoretically be used with FRI commitments). StarkWare and others are researching ways to speed up proving of common operations (like using custom gates or hints in Cairo for big int ops, etc.). There’s also Circomlib-ML by Privacy&Scaling Explorations (PSE), which provides Circom templates for CNN layers, etc. – that’s SNARK-oriented, but conceptually similar templates could be made for STARK languages.

In practice, non-Ethereum ecosystems leveraging STARKs include StarkNet (which could allow on-chain verification of ML if someone writes a verifier, though cost is high) and Risc0’s Bonsai service (which is an off-chain proving service that emits STARK proofs which can be verified on various chains). As of 2025, most zkML demos on blockchain have favored SNARKs (due to verifier efficiency), but STARK approaches remain attractive for their transparency and potential in high-security or quantum-resistant settings. For example, a decentralized compute network might use STARKs to let anyone verify work without a trusted setup, useful for longevity. Also, some specialized ML tasks might exploit STARK-friendly structures: e.g. computations heavily using XOR/bit operations could be faster in STARKs (since those are cheap in boolean algebra and hashing) than in SNARK field arithmetic.

Summary of SNARK vs STARK for ML:

  • Performance: SNARKs (like Halo2) have huge proving overhead per gate but benefit from powerful optimizations and small constants for verify; STARKs (generic) have larger constant overhead but scale more linearly and avoid expensive crypto like pairings. DeepProve shows that customizing the approach (sum-check) yields near-linear proving time (fast) but with a STARK-like proof. JOLT shows that even a general VM can be made faster with heavy use of lookups. Empirically, for models up to millions of operations: a well-optimized SNARK (Ezkl) can handle it but might take tens of minutes, whereas DeepProve (GKR) can do it in seconds. STARK VMs in 2024 were likely in between or worse than SNARKs unless specialized (Risc0 was slower in tests, Cairo was slower without custom hints).
  • Verification: SNARK proofs verify quickest (milliseconds, and minimal data on-chain ~ a few hundred bytes to a few KB). STARK proofs are larger (dozens of KB) and take longer (tens of ms to seconds) to verify due to many hashing steps. In blockchain terms, a SNARK verify might cost e.g. ~200k gas, whereas a STARK verify could cost millions of gas – often too high for L1, acceptable on L2 or with succinct verification schemes.
  • Setup and Security: SNARKs like Groth16 require a trusted setup per circuit (unfriendly for arbitrary models), but universal SNARKs (PLONK, Halo2) have a one-time setup that can be reused for any circuit up to certain size. STARKs need no setup and use only hash assumptions (plus classical polynomial complexity assumptions), and are post-quantum secure. This makes STARKs appealing for longevity – proofs remain secure even if quantum computers emerge, whereas current SNARKs (BLS12-381 based) would be broken by quantum attacks.

We will consolidate these differences in a comparison table shortly.

FHE for ML (FHE-o-ML): Private Computation vs. Verifiable Computation

Fully Homomorphic Encryption (FHE) is a cryptographic technique that allows computations to be performed directly on encrypted data. In the context of ML, FHE can enable a form of privacy-preserving inference: for example, a client can send encrypted input to a model host, the host runs the neural network on the ciphertext without decrypting it, and sends back an encrypted result which the client can decrypt. This ensures data confidentiality – the model owner learns nothing about the input (and potentially the client learns only the output, not the model’s internals if they only get output). However, FHE by itself does not produce a proof of correctness in the same way ZKPs do. The client must trust that the model owner actually performed the computation honestly (the ciphertext could have been manipulated). Usually, if the client has the model or expects a certain distribution of outputs, blatant cheating can be detected, but subtle errors or use of a wrong model version would not be evident just from the encrypted output.

Trade-offs in performance: FHE is notoriously heavy in computation. Running deep learning inference under FHE incurs orders-of-magnitude slowdown. Early experiments (e.g., CryptoNets in 2016) took tens of seconds to evaluate a tiny CNN on encrypted data. By 2024, improvements like CKKS (for approximate arithmetic) and better libraries (Microsoft SEAL, Zama’s Concrete) have reduced this overhead, but it remains large. For example, a user reported that using Zama’s Concrete-ML to run a CIFAR-10 classifier took 25–30 minutes per inference on their hardware. After optimizations, Zama’s team achieved ~40 seconds for that inference on a 192-core server. Even 40s is extremely slow compared to a plaintext inference (which might be 0.01s), showing a ~$10^3$–$10^4\times$ overhead. Larger models or higher precision increase the cost further. Additionally, FHE operations consume a lot of memory and require occasional bootstrapping (a noise-reduction step) which is computationally expensive. In summary, scalability is a major issue – state-of-the-art FHE might handle a small CNN or simple logistic regression, but scaling to large CNNs or Transformers is beyond current practical limits.

Privacy advantages: FHE’s big appeal is data privacy. The input can remain completely encrypted throughout the process. This means an untrusted server can compute on a client’s private data without learning anything about it. Conversely, if the model is sensitive (proprietary), one could envisage encrypting the model parameters and having the client perform FHE inference on their side – but this is less common because if the client has to do the heavy FHE compute, it negates the idea of offloading to a powerful server. Typically, the model is public or held by server in the clear, and the data is encrypted by the client’s key. Model privacy in that scenario is not provided by default (the server knows the model; the client learns outputs but not weights). There are more exotic setups (like secure two-party computation or multi-key FHE) where both model and data can be kept private from each other, but those incur even more complexity. In contrast, zkML via ZKPs can ensure model privacy and data privacy at once – the prover can have both the model and data as secret witness, only revealing what’s needed to the verifier.

No on-chain verification needed (and none possible): With FHE, the result comes out encrypted to the client. The client then decrypts it to obtain the actual prediction. If we want to use that result on-chain, the client (or whoever holds the decryption key) would have to publish the plaintext result and convince others it’s correct. But at that point, trust is back in the loop – unless combined with a ZKP. In principle, one could combine FHE and ZKP: e.g., use FHE to keep data private during compute, and then generate a ZK-proof that the plaintext result corresponds to a correct computation. However, combining them means you pay the performance penalty of FHE and ZKP – extremely impractical with today’s tech. So, in practice FHE-of-ML and zkML serve different use cases:

  • FHE-of-ML: Ideal when the goal is confidentiality between two parties (client and server). For instance, a cloud service can host an ML model and users can query it with their sensitive data without revealing the data to the cloud (and if the model is sensitive, perhaps deploy it via FHE-friendly encodings). This is great for privacy-preserving ML services (medical predictions, etc.). The user still has to trust the service to faithfully run the model (since no proof), but at least any data leakage is prevented. Some projects like Zama are even exploring an “FHE-enabled EVM (fhEVM)” where smart contracts could operate on encrypted inputs, but verifying those computations on-chain would require the contract to somehow enforce correct computation – an open challenge likely requiring ZK proofs or specialized secure hardware.
  • zkML (ZKPs): Ideal when the goal is verifiability and public auditability. If you want anyone (or any contract) to be sure that “Model $M$ was evaluated correctly on $X$ and produced $Y$”, ZKPs are the solution. They also provide privacy as a bonus (you can hide $X$ or $Y$ or $M$ if needed by treating them as private inputs to the proof), but their primary feature is the proof of correct execution.

A complementary relationship: It’s worth noting that ZKPs protect the verifier (they learn nothing about secrets, only that the computation was correctly done), whereas FHE protects the prover’s data from the computing party. In some scenarios, these could be combined – for example, a network of untrusted nodes could use FHE to compute on users’ private data and then provide ZK proofs to the users (or blockchain) that the computations were done according to the protocol. This would cover both privacy and correctness, but the performance cost is enormous with today’s algorithms. More feasible in the near term are hybrids like Trusted Execution Environments (TEE) plus ZKP or Functional Encryption plus ZKP – these are beyond our scope, but they aim to provide something similar (TEEs keep data/model secret during compute, then a ZKP can attest the TEE did the right thing).

In summary, FHE-of-ML prioritizes confidentiality of inputs/outputs, while zkML prioritizes verifiable correctness (with possible privacy). Table 1 below contrasts the key properties:

ApproachProver Performance (Inference & Proof)Proof Size & VerificationPrivacy FeaturesTrusted Setup?Post-Quantum?
zk-SNARK (Halo2, Groth16, PLONK, etc)Heavy prover overhead (up to 10^6× normal runtime without optimizations; in practice 10^3–10^5×). Optimized for specific model/circuit; proving time in minutes for medium models, hours for large. Recent zkML SNARKs (DeepProve with GKR) vastly improve this (near-linear overhead, e.g. seconds instead of minutes for million-param models).Very small proofs (often < 100 KB, sometimes ~a few KB). Verification is fast: a few pairings or polynomial evals (typically < 50 ms on-chain). DeepProve’s GKR-based proofs are larger (tens–hundreds KB) and verify in ~0.5 s (still much faster than re-running the model).Data confidentiality: Yes – inputs can be private in proof (not revealed). Model privacy: Yes – prover can commit to model weights and not reveal them. Output hiding: Optional – proof can be of a statement without revealing output (e.g. “output has property P”). However, if the output itself is needed on-chain, it typically becomes public. Overall, SNARKs offer full zero-knowledge flexibility (hide whichever parts you want).Depends on scheme. Groth16/EZKL require a trusted setup per circuit; PLONK/Halo2 use a universal setup (one time). DeepProve’s sum-check GKR is transparent (no setup) – a bonus of that design.Classical SNARKs (BLS12-381 curves) are not PQ-safe (vulnerable to quantum attacks on elliptic curve discrete log). Some newer SNARKs use PQ-safe commitments, but Halo2/PLONK as used in Ezkl are not PQ-safe. GKR (DeepProve) uses hash commitments (e.g. Poseidon/Merkle) which are conjectured PQ-safe (relying on hash preimage resistance).
zk-STARK (FRI, hash-based proof)Prover overhead is high but more linear scaling. Typically 10^2–10^4× slower than native for large tasks, with room to parallelize. General STARK VMs (Risc0, Cairo) saw slower performance vs SNARK for ML in 2024 (e.g. 3×–66× slower than Halo2 in some cases). Specialized STARKs (or GKR) can approach linear overhead and outperform SNARKs for large circuits.Proofs are larger: often tens of KB (growing with circuit size/log(n)). Verifier must do multiple hash and FFT checks – verification time ~O(n^ε) for small ε (e.g. ~50 ms to 500 ms depending on proof size). On-chain, this is costlier (StarkWare’s L1 verifier can take millions of gas per proof). Some STARKs support recursive proofs to compress size, at cost of prover time.Data & Model privacy: A STARK can be made zero-knowledge by randomizing trace data (adding blinding to polynomial evaluations), so it can hide private inputs similarly to SNARK. Many STARK implementations focus on integrity, but zk-STARK variants do allow privacy. So yes, they can hide inputs/models like SNARKs. Output hiding: likewise possible in theory (prover doesn’t declare the output as public), but rarely used since usually the output is what we want to reveal/verify.No trusted setup. Transparency is a hallmark of STARKs – only require common random string (which Fiat-Shamir can derive). This makes them attractive for open-ended use (any model, any time, no per-model ceremony).Yes, STARKs rely on hash and information-theoretic security assumptions (like random oracle and difficulty of certain codeword decoding in FRI). These are believed to be secure against quantum adversaries. STARK proofs are thus PQ-resistant, an advantage for future-proofing verifiable AI.
FHE for ML (Fully Homomorphic Encryption applied to inference)Prover = party doing computation on encrypted data. The computation time is extremely high: 10^3–10^5× slower than plaintext inference is common. High-end hardware (many-core servers, FPGA, etc.) can mitigate this. Some optimizations (low-precision inference, leveled FHE parameters) can reduce overhead but there is a fundamental performance hit. FHE is currently practical for small models or simple linear models; deep networks remain challenging beyond toy sizes.No proof generated. The result is an encrypted output. Verification in the sense of checking correctness is not provided by FHE alone – one trusts the computing party to not cheat. (If combined with secure hardware, one might get an attestation; otherwise, a malicious server could return an incorrect encrypted result that the client would decrypt to wrong output without knowing the difference).Data confidentiality: Yes – the input is encrypted, so the computing party learns nothing about it. Model privacy: If the model owner is doing the compute on encrypted input, the model is in plaintext on their side (not protected). If roles are reversed (client holds model encrypted and server computes), model could be kept encrypted, but this scenario is less common. There are techniques like secure two-party ML that combine FHE/MPC to protect both, but these go beyond plain FHE. Output hiding: By default, the output of the computation is encrypted (only decryptable by the party with the secret key, usually the input owner). So the output is hidden from the computing server. If we want the output public, the client can decrypt and reveal it.No setup needed. Each user generates their own key pair for encryption. Trust relies on keys remaining secret.The security of FHE schemes (e.g. BFV, CKKS, TFHE) is based on lattice problems (Learning With Errors), which are believed to be resistant to quantum attacks (at least no efficient quantum algorithm is known). So FHE is generally considered post-quantum secure.

Table 1: Comparison of zk-SNARK, zk-STARK, and FHE approaches for machine learning inference (performance and privacy trade-offs).

Use Cases and Implications for Web3 Applications

The convergence of AI and blockchain via zkML unlocks powerful new application patterns in Web3:

  • Decentralized Autonomous Agents & On-Chain Decision-Making: Smart contracts or DAOs can incorporate AI-driven decisions with guarantees of correctness. For example, imagine a DAO that uses a neural network to analyze market conditions before executing trades. With zkML, the DAO’s smart contract can require a zkSNARK proof that the authorized ML model (with a known hash commitment) was run on the latest data and produced the recommended action, before the action is accepted. This prevents malicious actors from injecting a fake prediction – the chain verifies the AI’s computation. Over time, one could even have fully on-chain autonomous agents (contracts that query off-chain AI or contain simplified models) making decisions in DeFi or games, with all their moves proven correct and policy-compliant via zk proofs. This raises the trust in autonomous agents, since their “thinking” is transparent and verifiable rather than a black-box.

  • Verifiable Compute Markets: Projects like Lagrange are effectively creating verifiable computation marketplaces – developers can outsource heavy ML inference to a network of provers and get back a proof with the result. This is analogous to decentralized cloud computing, but with built-in trust: you don’t need to trust the server, only the proof. It’s a paradigm shift for oracles and off-chain computation. Protocols like Ethereum’s upcoming DSC (decentralized sequencing layer) or oracle networks could use this to provide data feeds or analytic feeds with cryptographic guarantees. For instance, an oracle could supply “the result of model X on input Y” and anyone can verify the attached proof on-chain, rather than trusting the oracle’s word. This could enable verifiable AI-as-a-service on blockchain: any contract can request a computation (like “score these credit risks with my private model”) and accept the answer only with a valid proof. Projects such as Gensyn are exploring decentralized training and inference marketplaces using these verification techniques.

  • NFTs and Gaming – Provenance and Evolution: In blockchain games or NFT collectibles, zkML can prove traits or game moves were generated by legitimate AI models. For example, a game might allow an AI to evolve an NFT pet’s attributes. Without ZK, a clever user might modify the AI or the outcome to get a superior pet. With zkML, the game can require a proof that “pet’s new stats were computed by the official evolution model on the pet’s old stats”, preventing cheating. Similarly for generative art NFTs: an artist could release a generative model as a commitment; later, when minting NFTs, prove each image was produced by that model given some seed, guaranteeing authenticity (and even doing so without revealing the exact model to the public, preserving the artist’s IP). This provenance verification ensures authenticity in a manner akin to verifiable randomness – except here it’s verifiable creativity.

  • Privacy-Preserving AI in Sensitive Domains: zkML allows confirmation of outcomes without exposing inputs. In healthcare, a patient’s data could be run through an AI diagnostic model by a cloud provider; the hospital receives a diagnosis and a proof that the model (which could be privately held by a pharmaceutical company) was run correctly on the patient data. The patient data remains private (only an encrypted or committed form was used in the proof), and the model weights remain proprietary – yet the result is trusted. Regulators or insurance could also verify that only approved models were used. In finance, a company could prove to an auditor or regulator that its risk model was applied to its internal data and produced certain metrics without revealing the underlying sensitive financial data. This enables compliance and oversight with cryptographic assurances rather than manual trust.

  • Cross-Chain and Off-Chain Interoperability: Because zero-knowledge proofs are fundamentally portable, zkML can facilitate cross-chain AI results. One chain might have an AI-intensive application running off-chain; it can post a proof of the result to a different blockchain, which will trustlessly accept it. For instance, consider a multi-chain DAO using an AI to aggregate sentiment across social media (off-chain data). The AI analysis (complex NLP on large data) is done off-chain by a service that then posts a proof to a small blockchain (or multiple chains) that “analysis was done correctly and output sentiment score = 0.85”. All chains can verify and use that result in their governance logic, without each needing to rerun the analysis. This kind of interoperable verifiable compute is what Lagrange’s network aims to support, by serving multiple rollups or L1s simultaneously. It removes the need for trusted bridges or oracle assumptions when moving results between chains.

  • AI Alignment and Governance: On a more forward-looking note, zkML has been highlighted as a tool for AI governance and safety. Lagrange’s vision statements, for example, argue that as AI systems become more powerful (even superintelligent), cryptographic verification will be essential to ensure they follow agreed rules. By requiring AI models to produce proofs of their reasoning or constraints, humans retain a degree of control – “you cannot trust what you cannot verify”. While this is speculative and involves social as much as technical aspects, the technology could enforce that an AI agent running autonomously still proves it is using an approved model and hasn’t been tampered with. Decentralized AI networks might use on-chain proofs to verify contributions (e.g., a network of nodes collaboratively training a model can prove each update was computed faithfully). Thus zkML could play a role in ensuring AI systems remain accountable to human-defined protocols even in decentralized or uncontrolled environments.

In conclusion, zkML and verifiable on-chain AI represent a convergence of advanced cryptography and machine learning that stands to enhance trust, transparency, and privacy in AI applications. By comparing the major approaches – zk-SNARKs, zk-STARKs, and FHE – we see a spectrum of trade-offs between performance and privacy, each suitable for different scenarios. SNARK-based frameworks like Ezkl and innovations like Lagrange’s DeepProve have made it feasible to prove substantial neural network inferences with practical effort, opening the door to real-world deployments of verifiable AI. STARK-based and VM-based approaches promise greater flexibility and post-quantum security, which will become important as the field matures. FHE, while not a solution for verifiability, addresses the complementary need of confidential ML computation, and in combination with ZKPs or in specific private contexts it can empower users to leverage AI without sacrificing data privacy.

The implications for Web3 are significant: we can foresee smart contracts reacting to AI predictions, knowing they are correct; markets for compute where results are trustlessly sold; digital identities (like Worldcoin’s proof-of-personhood via iris AI) protected by zkML to confirm someone is human without leaking their biometric image; and generally a new class of “provable intelligence” that enriches blockchain applications. Many challenges remain – performance for very large models, developer ergonomics, and the need for specialized hardware – but the trajectory is clear. As one report noted, “today’s ZKPs can support small models, but moderate to large models break the paradigm”; however, rapid advances (50×–150× speedups with DeepProve over prior art) are pushing that boundary outward. With ongoing research (e.g., on hardware acceleration and distributed proving), we can expect progressively larger and more complex AI models to become provable. zkML might soon evolve from niche demos to an essential component of trusted AI infrastructure, ensuring that as AI becomes ubiquitous, it does so in a way that is auditable, decentralized, and aligned with user privacy and security.

ETHDenver 2025: Key Web3 Trends and Insights from the Festival

· 24 min read

ETHDenver 2025, branded the “Year of The Regenerates,” solidified its status as one of the world’s largest Web3 gatherings. Spanning BUIDLWeek (Feb 23–26), the Main Event (Feb 27–Mar 2), and a post-conference Mountain Retreat, the festival drew an expected 25,000+ participants. Builders, developers, investors, and creatives from 125+ countries converged in Denver to celebrate Ethereum’s ethos of decentralization and innovation. True to its community roots, ETHDenver remained free to attend, community-funded, and overflowing with content – from hackathons and workshops to panels, pitch events, and parties. The event’s lore of “Regenerates” defending decentralization set a tone that emphasized public goods and collaborative building, even amid a competitive tech landscape. The result was a week of high-energy builder activity and forward-looking discussions, offering a snapshot of Web3’s emerging trends and actionable insights for industry professionals.

ETHDenver 2025

No single narrative dominated ETHDenver 2025 – instead, a broad spectrum of Web3 trends took center stage. Unlike last year (when restaking via EigenLayer stole the show), 2025’s agenda was a sprinkle of everything: from decentralized physical infrastructure networks (DePIN) to AI agents, from regulatory compliance to real-world asset tokenization (RWA), plus privacy, interoperability, and more. In fact, ETHDenver’s founder John Paller addressed concerns about multi-chain content by noting “95%+ of our sponsors and 90% of content is ETH/EVM-aligned” – yet the presence of non-Ethereum ecosystems underscored interoperability as a key theme. Major speakers reflected these trend areas: for example, zk-rollup and Layer-2 scaling was highlighted by Alex Gluchowski (CEO of Matter Labs/zkSync), while multi-chain innovation came from Adeniyi Abiodun of Mysten Labs (Sui) and Albert Chon of Injective.

The convergence of AI and Web3 emerged as a strong undercurrent. Numerous talks and side events focused on decentralized AI agents and “DeFi+AI” crossovers. A dedicated AI Agent Day showcased on-chain AI demos, and a collective of 14 teams (including Coinbase’s developer kit and NEAR’s AI unit) even announced the Open Agents Alliance (OAA) – an initiative to provide permissionless, free AI access by pooling Web3 infrastructure. This indicates growing interest in autonomous agents and AI-driven dApps as a frontier for builders. Hand-in-hand with AI, DePIN (decentralized physical infrastructure) was another buzzword: multiple panels (e.g. Day of DePIN, DePIN Summit) explored projects bridging blockchain with physical networks (from telecom to mobility).

Cuckoo AI Network made waves at ETHDenver 2025, showcasing its innovative decentralized AI model-serving marketplace designed for creators and developers. With a compelling presence at both the hackathon and community-led side events, Cuckoo AI attracted significant attention from developers intrigued by its ability to monetize GPU/CPU resources and easily integrate on-chain AI APIs. During their dedicated workshop and networking session, Cuckoo AI highlighted how decentralized infrastructure could efficiently democratize access to advanced AI services. This aligns directly with the event's broader trends—particularly the intersection of blockchain with AI, DePIN, and public-goods funding. For investors and developers at ETHDenver, Cuckoo AI emerged as a clear example of how decentralized approaches can power the next generation of AI-driven dApps and infrastructure, positioning itself as an attractive investment opportunity within the Web3 ecosystem.

Privacy, identity, and security remained top-of-mind. Speakers and workshops addressed topics like zero-knowledge proofs (zkSync’s presence), identity management and verifiable credentials (a dedicated Privacy & Security track was in the hackathon), and legal/regulatory issues (an on-chain legal summit was part of the festival tracks). Another notable discussion was the future of fundraising and decentralization of funding: a Main Stage debate between Dragonfly Capital’s Haseeb Qureshi and Matt O’Connor of Legion (an “ICO-like” platform) about ICOs vs. VC funding captivated attendees. This debate highlighted emerging models like community token sales challenging traditional VC routes – an important trend for Web3 startups navigating capital raising. The take-away for professionals is clear: Web3 in 2025 is multidisciplinary – spanning finance, AI, real assets, and culture – and staying informed means looking beyond any one hype cycle to the full spectrum of innovation.

Sponsors and Their Strategic Focus Areas

ETHDenver’s sponsor roster in 2025 reads like a who’s-who of layer-1s, layer-2s, and Web3 infrastructure projects – each leveraging the event to advance strategic goals. Cross-chain and multi-chain protocols made a strong showing. For instance, Polkadot was a top sponsor with a hefty 80kbountypool,incentivizingbuilderstocreatecrosschainDAppsandappchains.Similarly,BNBChain,Flow,Hedera,andBase(CoinbasesL2)eachofferedupto80k bounty pool, incentivizing builders to create cross-chain DApps and appchains. Similarly, **BNB Chain, Flow, Hedera, and Base (Coinbase’s L2)** each offered up to 50k for projects integrating with their ecosystems, signaling their push to attract Ethereum developers. Even traditionally separate ecosystems like Solana and Internet Computer joined in with sponsored challenges (e.g. Solana co-hosted a DePIN event, and Internet Computer offered an “Only possible on ICP” bounty). This cross-ecosystem presence drew some community scrutiny, but ETHDenver’s team noted that the vast majority of content remained Ethereum-aligned. The net effect was interoperability being a core theme – sponsors aimed to position their platforms as complementary extensions of the Ethereum universe.

Scaling solutions and infrastructure providers were also front and center. Major Ethereum L2s like Optimism and Arbitrum had large booths and sponsored challenges (Optimism’s bounties up to 40k),reinforcingtheirfocusononboardingdeveloperstorollups.NewentrantslikeZkSyncandZircuit(aprojectshowcasinganL2rollupapproach)emphasizedzeroknowledgetechandevencontributedSDKs(ZkSyncpromoteditsSmartSignOnSDKforuserfriendlylogin,whichhackathonteamseagerlyused).RestakingandmodularblockchaininfrastructurewasanothersponsorinterestEigenLayer(pioneeringrestaking)haditsown40k), reinforcing their focus on onboarding developers to rollups. New entrants like **ZkSync and Zircuit** (a project showcasing an L2 rollup approach) emphasized zero-knowledge tech and even contributed SDKs (ZkSync promoted its Smart Sign-On SDK for user-friendly login, which hackathon teams eagerly used). **Restaking and modular blockchain infrastructure** was another sponsor interest – **EigenLayer** (pioneering restaking) had its own 50k track and even co-hosted an event on “Restaking & DeFAI (Decentralized AI)”, marrying its security model with AI topics. Oracles and interoperability middleware were represented by the likes of Chainlink and Wormhole, each issuing bounties for using their protocols.

Notably, Web3 consumer applications and tooling had sponsor support to improve user experience. Uniswap’s presence – complete with one of the biggest booths – wasn’t just for show: the DeFi giant used the event to announce new wallet features like integrated fiat off-ramps, aligning with its sponsorship focus on DeFi usability. Identity and community-focused platforms like Galxe (Gravity) and Lens Protocol sponsored challenges around on-chain social and credentialing. Even mainstream tech companies signaled interest: PayPal and Google Cloud hosted a stablecoin/payments happy hour to discuss the future of payments in crypto. This blend of sponsors shows that strategic interests ranged from core infrastructure to end-user applications – all converging at ETHDenver to provide resources (APIs, SDKs, grants) to developers. For Web3 professionals, the heavy sponsorship from layer-1s, layer-2s, and even Web2 fintechs highlights where the industry is investing: interoperability, scalability, security, and making crypto useful for the next wave of users.

Hackathon Highlights: Innovative Projects and Winners

At the heart of ETHDenver is its legendary #BUIDLathon – a hackathon that has grown into the world’s largest blockchain hackfest with thousands of developers. In 2025 the hackathon offered a record $1,043,333+ prize pool to spur innovation. Bounties from 60+ sponsors targeted key Web3 domains, carving the competition into tracks such as: DeFi & AI, NFTs & Gaming, Infrastructure & Scalability, Privacy & Security, and DAOs & Public Goods. This track design itself is insightful – for example, pairing DeFi with AI hints at the emergence of AI-driven financial applications, while a dedicated Public Goods track reaffirms community focus on regenerative finance and open-source development. Each track was backed by sponsors offering prizes for best use of their tech (e.g. Polkadot and Uniswap for DeFi, Chainlink for interoperability, Optimism for scaling solutions). The organizers even implemented quadratic voting for judging, allowing the community to help surface top projects, with final winners chosen by expert judges.

The result was an outpouring of cutting-edge projects, many of which offer a glimpse into Web3’s future. Notable winners included an on-chain multiplayer game “0xCaliber”, a first-person shooter that runs real-time blockchain interactions inside a classic FPS game. 0xCaliber wowed judges by demonstrating true on-chain gaming – players buy in with crypto, “shoot” on-chain bullets, and use cross-chain tricks to collect and cash out loot, all in real time. This kind of project showcases the growing maturity of Web3 gaming (integrating Unity game engines with smart contracts) and the creativity in merging entertainment with crypto economics. Another category of standout hacks were those merging AI with Ethereum: teams built “agent” platforms that use smart contracts to coordinate AI services, inspired by the Open Agents Alliance announcement. For example, one hackathon project integrated AI-driven smart contract auditors (auto-generating security test cases for contracts) – aligning with the decentralized AI trend observed at the conference.

Infrastructure and tooling projects were also prominent. Some teams tackled account abstraction and user experience, using sponsor toolkits like zkSync’s Smart Sign-On to create wallet-less login flows for dApps. Others worked on cross-chain bridges and Layer-2 integrations, reflecting ongoing developer interest in interoperability. In the Public Goods & DAO track, a few projects addressed real-world social impact, such as a dApp for decentralized identity and aid to help the homeless (leveraging NFTs and community funds, an idea reminiscent of prior ReFi hacks). Regenerative finance (ReFi) concepts – like funding public goods via novel mechanisms – continued to appear, echoing ETHDenver’s regenerative theme.

While final winners were being celebrated by the end of the main event, the true value was in the pipeline of innovation: over 400 project submissions poured in, many of which will live on beyond the event. ETHDenver’s hackathon has a track record of seeding future startups (indeed, some past BUIDLathon projects have grown into sponsors themselves). For investors and technologists, the hackathon provided a window into bleeding-edge ideas – signaling that the next wave of Web3 startups may emerge in areas like on-chain gaming, AI-infused dApps, cross-chain infrastructure, and solutions targeting social impact. With nearly $1M in bounties disbursed to developers, sponsors effectively put their money where their mouth is to cultivate these innovations.

Networking Events and Investor Interactions

ETHDenver is not just about writing code – it’s equally about making connections. In 2025 the festival supercharged networking with both formal and informal events tailored for startups, investors, and community builders. One marquee event was the Bufficorn Ventures (BV) Startup Rodeo, a high-energy showcase where 20 hand-picked startups demoed to investors in a science-fair style expo. Taking place on March 1st in the main hall, the Startup Rodeo was described as more “speed dating” than pitch contest: founders manned tables to pitch their projects one-on-one as all attending investors roamed the arena. This format ensured even early-stage teams could find meaningful face time with VCs, strategics, or partners. Many startups used this as a launchpad to find customers and funding, leveraging the concentrated presence of Web3 funds at ETHDenver.

On the conference’s final day, the BV BuffiTank Pitchfest took the spotlight on the main stage – a more traditional pitch competition featuring 10 of the “most innovative” early-stage startups from the ETHDenver community. These teams (separate from the hackathon winners) pitched their business models to a panel of top VCs and industry leaders, competing for accolades and potential investment offers. The Pitchfest illustrated ETHDenver’s role as a deal-flow generator: it was explicitly aimed at teams “already organized…looking for investment, customers, and exposure,” especially those connected to the SporkDAO community. The reward for winners wasn’t a simple cash prize but rather the promise of joining Bufficorn Ventures’ portfolio or other accelerator cohorts. In essence, ETHDenver created its own mini “Shark Tank” for Web3, catalyzing investor attention on the community’s best projects.

Beyond these official showcases, the week was packed with investor-founder mixers. According to a curated guide by Belong, notable side events included a “Meet the VCs” Happy Hour hosted by CertiK Ventures on Feb 27, a StarkNet VC & Founders Lounge on March 1, and even casual affairs like a “Pitch & Putt” golf-themed pitch event. These gatherings provided relaxed environments for founders to rub shoulders with venture capitalists, often leading to follow-up meetings after the conference. The presence of many emerging VC firms was also felt on panels – for example, a session on the EtherKnight Stage highlighted new funds like Reflexive Capital, Reforge VC, Topology, Metalayer, and Hash3 and what trends they are most excited about. Early indications suggest these VCs were keen on areas like decentralized social media, AI, and novel Layer-1 infrastructure (each fund carving a niche to differentiate themselves in a competitive VC landscape).

For professionals looking to capitalize on ETHDenver’s networking: the key takeaway is the value of side events and targeted mixers. Deals and partnerships often germinate over coffee or cocktails rather than on stage. ETHDenver 2025’s myriad investor events demonstrate that the Web3 funding community is actively scouting for talent and ideas even in a lean market. Startups that came prepared with polished demos and a clear value proposition (often leveraging the event’s hackathon momentum) found receptive audiences. Meanwhile, investors used these interactions to gauge the pulse of the developer community – what problems are the brightest builders solving this year? In summary, ETHDenver reinforced that networking is as important as BUIDLing: it’s a place where a chance meeting can lead to a seed investment or where an insightful conversation can spark the next big collaboration.

A subtle but important narrative throughout ETHDenver 2025 was the evolving landscape of Web3 venture capital itself. Despite the broader crypto market’s ups and downs, investors at ETHDenver signaled strong appetite for promising Web3 projects. Blockworks reporters on the ground noted “just how much private capital is still flowing into crypto, undeterred by macro headwinds,” with seed stage valuations often sky-high for the hottest ideas. Indeed, the sheer number of VCs present – from crypto-native funds to traditional tech investors dabbling in Web3 – made it clear that ETHDenver remains a deal-making hub.

Emerging thematic focuses could be discerned from what VCs were discussing and sponsoring. The prevalence of AI x Crypto content (hackathon tracks, panels, etc.) wasn’t only a developer trend; it reflects venture interest in the “DeFi meets AI” nexus. Many investors are eyeing startups that leverage machine learning or autonomous agents on blockchain, as evidenced by venture-sponsored AI hackhouses and summits. Similarly, the heavy focus on DePIN and real-world asset (RWA) tokenization indicates that funds see opportunity in projects that connect blockchain to real economy assets and physical devices. The dedicated RWA Day (Feb 26) – a B2B event on the future of tokenized assets – suggests that venture scouts are actively hunting in that arena for the next Goldfinch or Centrifuge (i.e. platforms bringing real-world finance on-chain).

Another observable trend was a growing experimentation with funding models. The aforementioned debate on ICOs vs VCs wasn’t just conference theatrics; it mirrors a real venture movement towards more community-centric funding. Some VCs at ETHDenver indicated openness to hybrid models (e.g. venture-supported token launches that involve community in early rounds). Additionally, public goods funding and impact investing had a seat at the table. With ETHDenver’s ethos of regeneration, even investors discussed how to support open-source infrastructure and developers long-term, beyond just chasing the next DeFi or NFT boom. Panels like “Funding the Future: Evolving Models for Onchain Startups” explored alternatives such as grants, DAO treasury investments, and quadratic funding to supplement traditional VC money. This points to an industry maturing in how projects are capitalized – a mix of venture capital, ecosystem funds, and community funding working in tandem.

From an opportunity standpoint, Web3 professionals and investors can glean a few actionable insights from ETHDenver’s venture dynamics: (1) Infrastructure is still king – many VCs expressed that picks-and-shovels (L2 scaling, security, dev tools) remain high-value investments as the industry’s backbone. (2) New verticals like AI/blockchain convergence and DePIN are emerging investment frontiers – getting up to speed in these areas or finding startups there could be rewarding. (3) Community-driven projects and public goods might see novel funding – savvy investors are figuring out how to support these sustainably (for instance, investing in protocols that enable decentralized governance or shared ownership). Overall, ETHDenver 2025 showed that while the Web3 venture landscape is competitive, it’s brimming with conviction: capital is available for those building the future of DeFi, NFTs, gaming, and beyond, and even bear-market born ideas can find backing if they target the right trend.

Developer Resources, Toolkits, and Support Systems

ETHDenver has always been builder-focused, and 2025 was no exception – it doubled as an open-source developer conference with a plethora of resources and support for Web3 devs. During BUIDLWeek, attendees had access to live workshops, technical bootcamps, and mini-summits spanning various domains. For example, developers could join a Bleeding Edge Tech Summit to tinker with the latest protocols, or drop into an On-Chain Legal Summit to learn about compliant smart contract development. Major sponsors and blockchain teams ran hands-on sessions: Polkadot’s team hosted hacker houses and workshops on spinning up parachains; EigenLayer led a “restaking bootcamp” to teach devs how to leverage its security layer; Polygon and zkSync gave tutorials on building scalable dApps with zero-knowledge tech. These sessions provided invaluable face-time with core engineers, allowing developers to get help with integration and learn new toolkits first-hand.

Throughout the main event, the venue featured a dedicated #BUIDLHub and Makerspace where builders could code in a collaborative environment and access mentors. ETHDenver’s organizers published a detailed BUIDLer Guide and facilitated an on-site mentorship program (experts from sponsors were available to unblock teams on technical issues). Developer tooling companies were also present en masse – from Alchemy and Infura (for blockchain APIs) to Hardhat and Foundry (for smart contract development). Many unveiled new releases or beta tools at the event. For instance, MetaMask’s team previewed a major wallet update featuring gas abstraction and an improved SDK for dApp developers, aiming to simplify how apps cover gas fees for users. Several projects launched SDKs or open-source libraries: Coinbase’s “Agent Kit” for AI agents and the collaborative Open Agents Alliance toolkit were introduced, and Story.xyz promoted its Story SDK for on-chain intellectual property licensing during their own hackathon event.

Bounties and hacker support further augmented the developer experience. With over 180 bounties offered by 62 sponsors, hackers effectively had a menu of specific challenges to choose from, each coming with documentation, office hours, and sometimes bespoke sandboxes. For example, Optimism’s bounty challenged devs to use the latest Bedrock opcodes (with their engineers on standby to assist), and Uniswap’s challenge provided access to their new API for off-ramp integration. Tools for coordination and learning – like the official ETHDenver mobile app and Discord channels – kept developers informed of schedule changes, side quests, and even job opportunities via the ETHDenver job board.

One notable resource was the emphasis on quadratic funding experiments and on-chain voting. ETHDenver integrated a quadratic voting system for hackathon judging, exposing many developers to the concept. Additionally, the presence of Gitcoin and other public goods groups meant devs could learn about grant funding for their projects after the event. In sum, ETHDenver 2025 equipped developers with cutting-edge tools (SDKs, APIs), expert guidance, and follow-on support to continue their projects. For industry professionals, it’s a reminder that nurturing the developer community – through education, tooling, and funding – is critical. Many of the resources highlighted (like new SDKs, or improved dev environments) are now publicly available, offering teams everywhere a chance to build on the shoulders of what was shared at ETHDenver.

Side Events and Community Gatherings Enriching the ETHDenver Experience

What truly sets ETHDenver apart is its festival-like atmosphere – dozens of side events, both official and unofficial, created a rich tapestry of experiences around the main conference. In 2025, beyond the National Western Complex where official content ran, the entire city buzzed with meetups, parties, hackathons, and community gatherings. These side events, often hosted by sponsors or local Web3 groups, significantly contributed to the broader ETHDenver experience.

On the official front, ETHDenver’s own schedule included themed mini-events: the venue had zones like an NFT Art Gallery, a Blockchain Arcade, a DJ Chill Dome, and even a Zen Zone to decompress. The organizers also hosted evening events such as opening and closing parties – e.g., the “Crack’d House” unofficial opening party on Feb 26 by Story Protocol, which blended an artsy performance with hackathon award announcements. But it was the community-led side events that truly proliferated: according to an event guide, over 100 side happenings were tracked on the ETHDenver Luma calendar.

Some examples illustrate the diversity of these gatherings:

  • Technical Summits & Hacker Houses: ElizaOS and EigenLayer ran a 9-day Vault AI Agent Hacker House residency for AI+Web3 enthusiasts. StarkNet’s team hosted a multi-day hacker house culminating in a demo night for projects on their ZK-rollup. These provided focused environments for developers to collaborate on specific tech stacks outside the main hackathon.
  • Networking Mixers & Parties: Every evening offered a slate of choices. Builder Nights Denver on Feb 27, sponsored by MetaMask, Linea, EigenLayer, Wormhole and others, brought together innovators for casual talks over food and drink. 3VO’s Mischief Minded Club Takeover, backed by Belong, was a high-level networking party for community tokenization leaders. For those into pure fun, the BEMO Rave (with Berachain and others) and rAIve the Night (an AI-themed rave) kept the crypto crowd dancing late into the night – blending music, art, and crypto culture.
  • Special Interest Gatherings: Niche communities found their space too. Meme Combat was an event purely for meme enthusiasts to celebrate the role of memes in crypto. House of Ink catered to NFT artists and collectors, turning an immersive art venue (Meow Wolf Denver) into a showcase for digital art. SheFi Summit on Feb 26 brought together women in Web3 for talks and networking, supported by groups like World of Women and Celo – highlighting a commitment to diversity and inclusion.
  • Investor & Content Creator Meetups: We already touched on VC events; additionally, a KOL (Key Opinion Leaders) Gathering on Feb 28 let crypto influencers and content creators discuss engagement strategies, showing the intersection of social media and crypto communities.

Crucially, these side events weren’t just entertainment – they often served as incubators for ideas and relationships in their own right. For instance, the Tokenized Capital Summit 2025 delved into the future of capital markets on-chain, likely sparking collaborations between fintech entrepreneurs and blockchain developers in attendance. The On-Chain Gaming Hacker House provided a space for game developers to share best practices, which may lead to cross-pollination among blockchain gaming projects.

For professionals attending large conferences, ETHDenver’s model underscores that value is found off the main stage as much as on it. The breadth of unofficial programming allowed attendees to tailor their experience – whether one’s goal was to meet investors, learn a new skill, find a co-founder, or just unwind and build camaraderie, there was an event for that. Many veterans advise newcomers: “Don’t just attend the talks – go to the meetups and say hi.” In a space as community-driven as Web3, these human connections often translate into DAO collaborations, investment deals, or at the very least, lasting friendships that span continents. ETHDenver 2025’s vibrant side scene amplified the core conference, turning one week in Denver into a multi-dimensional festival of innovation.

Key Takeaways and Actionable Insights

ETHDenver 2025 demonstrated a Web3 industry in full bloom of innovation and collaboration. For professionals in the space, several clear takeaways and action items emerge from this deep dive:

  • Diversification of Trends: The event made it evident that Web3 is no longer monolithic. Emerging domains like AI integration, DePIN, and RWA tokenization are as prominent as DeFi and NFTs. Actionable insight: Stay informed and adaptable. Leaders should allocate R&D or investment into these rising verticals (e.g. exploring how AI could enhance their dApp, or how real-world assets might be integrated into DeFi platforms) to ride the next wave of growth.
  • Cross-Chain is the Future: With major non-Ethereum protocols actively participating, the walls between ecosystems are lowering. Interoperability and multi-chain user experiences garnered huge attention, from MetaMask adding Bitcoin/Solana support to Polkadot and Cosmos-based chains courting Ethereum developers. Actionable insight: Design for a multi-chain world. Projects should consider integrations or bridges that tap into liquidity and users on other chains, and professionals may seek partnerships across communities rather than staying siloed.
  • Community & Public Goods Matter: The “Year of the Regenerates” theme wasn’t just rhetoric – it permeated the content via public goods funding discussions, quadratic voting for hacks, and events like SheFi Summit. Ethical, sustainable development and community ownership are key values in the Ethereum ethos. Actionable insight: Incorporate regenerative principles. Whether through supporting open-source initiatives, using fair launch mechanisms, or aligning business models with community growth, Web3 companies can gain goodwill and longevity by not being purely extractive.
  • Investor Sentiment – Cautious but Bold: Despite bear market murmurs, ETHDenver showed that VCs are actively scouting and willing to bet big on Web3’s next chapters. However, they are also rethinking how to invest (e.g. more strategic, perhaps more oversight on product-market fit, and openness to community funding). Actionable insight: If you’re a startup, focus on fundamentals and storytelling. The projects that stood out had clear use cases and often working prototypes (some built in a weekend!). If you’re an investor, the conference affirmed that infrastructure (L2s, security, dev tools) remains high-priority, but differentiating via theses in AI, gaming, or social can position a fund at the forefront.
  • Developer Experience is Improving: ETHDenver highlighted many new toolkits, SDKs, and frameworks lowering the barrier for Web3 development – from account abstraction tools to on-chain AI libraries. Actionable insight: Leverage these resources. Teams should experiment with the latest dev tools unveiled (e.g. try out that zkSync Smart SSO for easier logins, or use the Open Agents Alliance resources for an AI project) to accelerate their development and stay ahead of the competition. Moreover, companies should continue engaging with hackathons and open developer forums as a way to source talent and ideas; ETHDenver’s success in turning hackers into founders is proof of that model.
  • The Power of Side Events: Lastly, the explosion of side events taught an important lesson in networking – opportunities often appear in casual settings. A chance encounter at a happy hour or a shared interest at a small meetup can create career-defining connections. Actionable insight: For those attending industry conferences, plan beyond the official agenda. Identify side events aligned with your goals (whether it’s meeting investors, learning a niche skill, or recruiting talent) and be proactive in engaging. As seen in Denver, those who immersed themselves fully in the week’s ecosystem walked away with not just knowledge, but new partners, hires, and friends.

In conclusion, ETHDenver 2025 was a microcosm of the Web3 industry’s momentum – a blend of cutting-edge tech discourse, passionate community energy, strategic investment moves, and a culture that mixes serious innovation with fun. Professionals should view the trends and insights from the event as a roadmap for where Web3 is headed. The actionable next step is to take these learnings – whether it’s a newfound focus on AI, a connection made with an L2 team, or inspiration from a hackathon project – and translate them into strategy. In the spirit of ETHDenver’s favorite motto, it’s time to #BUIDL on these insights and help shape the decentralized future that so many in Denver came together to envision.

Altera.al Is Hiring: Join the Pioneers of Digital Human Development ($600K-1M Compensation)

· 2 min read

We're excited to share a transformative opportunity at Altera.al, a breakthrough AI startup that recently made waves with their groundbreaking work in developing digital humans. Recently featured in MIT Technology Review, Altera.al has demonstrated remarkable progress in creating AI agents that can develop humanlike behaviors, form communities, and interact meaningfully in digital spaces.

Altera.al: Join the Frontier of Digital Human Development with Compensation of $600K-1M

About Altera.al

Founded by Robert Yang, who left his position as an assistant professor in computational neuroscience at MIT to pursue this vision, Altera.al has already secured over $11 million in funding from prestigious investors including A16Z and Eric Schmidt's emerging tech VC firm. Their recent Project Sid demonstration showed AI agents spontaneously developing specialized roles, forming social connections, and even creating cultural systems within Minecraft - a significant step toward their goal of creating truly autonomous AI agents that can collaborate at scale.

Why Now Is an Exciting Time to Join

Altera.al has achieved a significant technical breakthrough in their mission to develop machines with fundamental human qualities. Their work goes beyond traditional AI development - they're creating digital beings that can:

  • Form communities and social hierarchies
  • Develop specialized roles and responsibilities
  • Create and spread cultural patterns
  • Interact meaningfully with humans in digital spaces

Who They're Looking For

Following their recent breakthrough, Altera.al is scaling their team and offering exceptional compensation packages ranging from 600,000to600,000 to 1,000,000 for:

  • Experts in AI agent research
  • Strong Individual Contributors in:
    • Distributed systems
    • Security
    • Operating systems

How to Apply

Ready to be part of this groundbreaking journey? Apply directly through their careers page: https://jobs.ashbyhq.com/altera.al

Join the Future of Digital Human Development

This is a unique opportunity to work at the intersection of artificial intelligence and human behavior modeling, with a team that's already demonstrating remarkable results. If you're passionate about pushing the boundaries of what's possible in AI and human-machine interaction, Altera.al could be your next adventure.

For more updates on groundbreaking opportunities in tech and blockchain, follow us on Twitter or join our Discord community.

This post is part of our ongoing commitment to supporting innovation and connecting talent with transformative opportunities in the tech industry.

A16Z’s Crypto 2025 Outlook: Twelve Ideas That Might Reshape the Next Internet

· 8 min read

Every year, a16z publishes sweeping predictions on the technologies that will define our future. This time, their crypto team has painted a vivid picture of a 2025 where blockchains, AI, and advanced governance experiments collide.

I’ve summarized and commented on their key insights below, focusing on what I see as the big levers for change — and possible stumbling blocks. If you’re a tech builder, investor, or simply curious about the next wave of the internet, this piece is for you.

1. AI Meets Crypto Wallets

Key Insight: AI models are moving from “NPCs” in the background to “main characters,” acting independently in online (and potentially physical) economies. That means they’ll need crypto wallets of their own.

  • What It Means: Instead of an AI just spitting out answers, it might hold, spend, or invest digital assets — transacting on behalf of its human owner or purely on its own.
  • Potential Payoff: Higher-efficiency “agentic AIs” could help businesses with supply chain coordination, data management, or automated trading.
  • Watch Out For: How do we ensure an AI is truly autonomous, not just secretly manipulated by humans? Trusted execution environments (TEEs) can provide technical guarantees, but establishing trust in a “robot with a wallet” won’t happen overnight.

2. Rise of the DAC (Decentralized Autonomous Chatbot)

Key Insight: A chatbot running autonomously in a TEE can manage its own keys, post content on social media, gather followers, and even generate revenue — all without direct human control.

  • What It Means: Think of an AI influencer that can’t be silenced by any one person because it literally controls itself.
  • Potential Payoff: A glimpse of a world where content creators aren’t individuals but self-governing algorithms with million-dollar (or billion-dollar) valuations.
  • Watch Out For: If an AI breaks laws, who’s liable? Regulatory guardrails will be tricky when the “entity” is a set of code housed on distributed servers.

3. Proof of Personhood Becomes Essential

Key Insight: With AI lowering the cost of generating hyper-realistic fakes, we need better ways to verify that we’re interacting with real humans online. Enter privacy-preserving unique IDs.

  • What It Means: Every user might eventually have a certified “human stamp” — hopefully without sacrificing personal data.
  • Potential Payoff: This could drastically reduce spam, scams, and bot armies. It also lays the groundwork for more trustworthy social networks and community platforms.
  • Watch Out For: Adoption is the main barrier. Even the best proof-of-personhood solutions need broad acceptance before malicious actors outpace them.

4. From Prediction Markets to Broader Information Aggregation

Key Insight: 2024’s election-driven prediction markets grabbed headlines, but a16z sees a bigger trend: using blockchain to design new ways of revealing and aggregating truths — be it in governance, finance, or community decisions.

  • What It Means: Distributed incentive mechanisms can reward people for honest input or data. We might see specialized “truth markets” for everything from local sensor networks to global supply chains.
  • Potential Payoff: A more transparent, less gameable data layer for society.
  • Watch Out For: Sufficient liquidity and user participation remain challenging. For niche questions, “prediction pools” can be too small to yield meaningful signals.

5. Stablecoins Go Enterprise

Key Insight: Stablecoins are already the cheapest way to move digital dollars, but large companies haven’t embraced them — yet.

  • What It Means: SMBs and high-transaction merchants might wake up to the idea that they can save hefty credit-card fees by adopting stablecoins. Enterprises that process billions in annual revenue could do the same, potentially adding 2% to their bottom lines.
  • Potential Payoff: Faster, cheaper global payments, plus a new wave of stablecoin-based financial products.
  • Watch Out For: Companies will need new ways to manage fraud protection, identity verification, and refunds — previously handled by credit-card providers.

6. Government Bonds on the Blockchain

Key Insight: Governments exploring on-chain bonds could create interest-bearing digital assets that function without the privacy issues of a central bank digital currency.

  • What It Means: On-chain bonds could serve as high-quality collateral in DeFi, letting sovereign debt seamlessly integrate with decentralized lending protocols.
  • Potential Payoff: Greater transparency, potentially lower issuance costs, and a more democratized bond market.
  • Watch Out For: Skeptical regulators and potential inertia in big institutions. Legacy clearing systems won’t disappear easily.

7. ‘DUNA’ – The Legal Backbone for DAOs

Key Insight: Wyoming introduced a new category called the “decentralized unincorporated nonprofit association” (DUNA), meant to give DAOs legal standing in the U.S.

  • What It Means: DAOs can now hold property, sign contracts, and limit the liability of token holders. This opens the door for more mainstream usage and real commercial activity.
  • Potential Payoff: If other states follow Wyoming’s lead (as they did with LLCs), DAOs will become normal business entities.
  • Watch Out For: Public perception is still fuzzy on what DAOs do. They’ll need a track record of successful projects that translate to real-world benefits.

8. Liquid Democracy in the Physical World

Key Insight: Blockchain-based governance experiments might extend from online DAO communities to local-level elections. Voters could delegate their votes or vote directly — “liquid democracy.”

  • What It Means: More flexible representation. You can choose to vote on specific issues or hand that responsibility to someone you trust.
  • Potential Payoff: Potentially more engaged citizens and dynamic policymaking.
  • Watch Out For: Security concerns, technical literacy, and general skepticism around mixing blockchain with official elections.

9. Building on Existing Infrastructure (Instead of Reinventing It)

Key Insight: Startups often spend time reinventing base-layer technology (consensus protocols, programming languages) rather than focusing on product-market fit. In 2025, they’ll pick off-the-shelf components more often.

  • What It Means: Faster speed to market, more reliable systems, and greater composability.
  • Potential Payoff: Less time wasted building a new blockchain from scratch; more time spent on the user problem you’re solving.
  • Watch Out For: It’s tempting to over-specialize for performance gains. But specialized languages or consensus layers can create higher overhead for developers.

10. User Experience First, Infrastructure Second

Key Insight: Crypto needs to “hide the wires.” We don’t make consumers learn SMTP to send email — so why force them to learn “EIPs” or “rollups”?

  • What It Means: Product teams will choose the technical underpinnings that serve a great user experience, not vice versa.
  • Potential Payoff: A big leap in user onboarding, reducing friction and jargon.
  • Watch Out For: “Build it and they will come” only works if you truly nail the experience. Marketing lingo about “easy crypto UX” means nothing if people are still forced to wrangle private keys or memorize arcane acronyms.

11. Crypto’s Own App Stores Emerge

Key Insight: From Worldcoin’s World App marketplace to Solana’s dApp Store, crypto-friendly platforms provide distribution and discovery free from Apple or Google’s gatekeeping.

  • What It Means: If you’re building a decentralized application, you can reach users without fear of sudden deplatforming.
  • Potential Payoff: Tens (or hundreds) of thousands of new users discovering your dApp in days, instead of being lost in the sea of centralized app stores.
  • Watch Out For: These stores need enough user base and momentum to compete with Apple and Google. That’s a big hurdle. Hardware tie-ins (like specialized crypto phones) might help.

12. Tokenizing ‘Unconventional’ Assets

Key Insight: As blockchain infrastructure matures and fees drop, tokenizing everything from biometric data to real-world curiosities becomes more feasible.

  • What It Means: A “long tail” of unique assets can be fractionalized and traded globally. People could even monetize personal data in a controlled, consent-based way.
  • Potential Payoff: Massive new markets for otherwise “locked up” assets, plus interesting new data pools for AI to consume.
  • Watch Out For: Privacy pitfalls and ethical landmines. Just because you can tokenize something doesn’t mean you should.

A16Z’s 2025 outlook shows a crypto sector that’s reaching for broader adoption, more responsible governance, and deeper integration with AI. Where previous cycles dwelled on speculation or hype, this vision revolves around utility: stablecoins saving merchants 2% on every latte, AI chatbots operating their own businesses, local governments experimenting with liquid democracy.

Yet execution risk looms. Regulators worldwide remain skittish, and user experience is still too messy for the mainstream. 2025 might be the year that crypto and AI finally “grow up,” or it might be a halfway step — it all depends on whether teams can ship real products people love, not just protocols for the cognoscenti.