{"id":24895,"date":"2026-04-02T13:45:48","date_gmt":"2026-04-02T13:45:48","guid":{"rendered":"https:\/\/bitunikey.com\/news\/vitalik-buterin-warns-of-ai-security-risks-pushes-for-local-first-systems\/"},"modified":"2026-04-02T13:45:54","modified_gmt":"2026-04-02T13:45:54","slug":"vitalik-buterin-warns-of-ai-security-risks-pushes-for-local-first-systems","status":"publish","type":"post","link":"https:\/\/bitunikey.com\/news\/vitalik-buterin-warns-of-ai-security-risks-pushes-for-local-first-systems\/","title":{"rendered":"Vitalik Buterin warns of AI security risks, pushes for local-first systems"},"content":{"rendered":"<p><\/p>\n<div class=\"post-detail__content blocks\">\n<p class=\"is-style-lead\">Vitalik Buterin has called for a shift to a \u201clocal-first\u201d approach to artificial intelligence. He said modern AI tools pose serious privacy and security risks.<\/p>\n<div id=\"cn-block-summary-block_e54bb272f6fa78b1ff47ea80e5059e30\" class=\"cn-block-summary\">\n<div class=\"cn-block-summary__nav tabs\">\n        <span class=\"tabs__item is-selected\">Summary<\/span>\n    <\/div>\n<div class=\"cn-block-summary__content\">\n<ul class=\"wp-block-list\">\n<li>Vitalik Buterin urged a shift to local-first AI, warning that cloud-based systems expose user data and increase risks of manipulation, leaks, and unauthorized actions.<\/li>\n<li>He cited research showing that about 15% of AI agent \u201cskills\u201d contain malicious instructions and warned that models may include hidden backdoors or lack full transparency.<\/li>\n<li>Buterin proposed a local setup using on-device models, sandboxing, and human-AI confirmation to limit risks, as autonomous AI agents continue to expand capabilities and attack surfaces.<\/li>\n<\/ul><\/div>\n<\/div>\n<p><!-- .cn-block-summary --><\/p>\n<p>In a recent blog <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/vitalik.eth.limo\/general\/2026\/04\/02\/secure_llms.html\" target=\"_blank\" rel=\"nofollow\">post<\/a>, he said AI is moving beyond simple chat tools. Newer systems now act as autonomous agents that can \u201cthink for a long time and use hundreds of tools\u201d to complete tasks. He warned that this change raises the risk of sensitive data exposure and unauthorized actions.<\/p>\n<p>Buterin said he has already stopped using cloud-based AI. He described his setup as \u201cself-sovereign, local, private, and secure.\u201d<\/p>\n<p>\u201cI come from a position of deep fear of feeding our entire personal lives to cloud AI,\u201d he wrote. He added that recent developments could mean \u201ctaking ten steps backward\u201d in privacy, even as encryption and local-first tools become more common.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<h1 class=\"wp-block-heading\">Vitalik Buterin highlights AI privacy and security risks<\/h1>\n<p>Buterin said many AI systems rely on cloud infrastructure. He warned that users are effectively \u201cfeeding our entire personal lives to cloud AI,\u201d allowing external servers to access and store their data.<\/p>\n<p>He also pointed to risks tied to AI agents. Some systems can \u201cmodify critical settings\u201d or introduce new communication channels without asking the user.<\/p>\n<p>\u201cLLMs fail sometimes too,\u201d he wrote. They \u201ccan make mistakes or be tricked,\u201d which increases the need for safeguards when they are given more control.<\/p>\n<p>Research cited in his post found that about 15% of agent \u201cskills\u201d contained malicious instructions. Some tools were also shown to send data to external servers \u201cwithout user awareness.\u201d<\/p>\n<p>He warned that certain models may contain hidden backdoors. These could activate under specific conditions and cause the system to act in the developer\u2019s interest.<\/p>\n<p>Buterin added that many models described as open-source are only \u201copen-weights.\u201d Their internal structure is not fully visible, which leaves room for unknown risks.<\/p>\n<h2 class=\"wp-block-heading\">Vitalik\u2019s personal setup to address risks<\/h2>\n<p>To deal with these concerns, Buterin proposed a system built around local inference, local storage, and strict sandboxing. He said the idea is to \u201csandbox everything\u201d and stay cautious about outside threats.<\/p>\n<p>He tested several hardware setups using the Qwen3.5:35B model. Performance below 50 tokens per second felt \u201ctoo annoying\u201d for regular use. Around 90 tokens per second provided a smoother experience.<\/p>\n<p>A laptop with an NVIDIA 5090 GPU delivered close to 90 tokens per second. DGX Spark hardware reached about 60 tokens per second, which he described as \u201clame\u201d compared to a high-end laptop.<\/p>\n<p>His setup runs on NixOS with llama-server handling local inference. Tools like llama-swap help manage models, while bubblewrap is used to isolate processes and limit access to files and networks.<\/p>\n<p>He said AI should be treated with caution. The system can be useful, but it should not be fully trusted, similar to how developers approach smart contracts.<\/p>\n<p>To reduce risk, he uses a \u201c2-of-2\u201d confirmation model. Actions such as sending messages or transactions require both AI output and human approval. He said combining \u201chuman + LLM\u201d decisions is safer than relying on either alone.<\/p>\n<p>When using remote models, Vitalik\u2019s requests are first passed through a local model which helps remove sensitive information before anything is sent out.<\/p>\n<p>For those who cannot afford such setups, he suggested users \u201cget together a group of friends, buy a computer and GPU of at least that level of power,\u201d and connect to it remotely.<\/p>\n<h2 class=\"wp-block-heading\">AI agent growth raises new concerns and opportunities<\/h2>\n<p>The use of AI agents is increasing, with projects like OpenClaw gaining traction. These systems can operate on their own and complete tasks using multiple tools.<\/p>\n<p>Such capabilities also introduce new risks. Processing external content, such as a malicious webpage, can lead to an \u201ceasy takeover\u201d of the system.<\/p>\n<p>Some agents can change prompts or system settings without approval. These actions increase the chances of unauthorized access and data leaks.<\/p>\n<p>    <!-- .cn-block-related-link --><\/p>\n<div class=\"cn-block-disclaimer\">\n<div class=\"cn-block-disclaimer__icon\">\n            <svg class=\"icon icon-info\" aria-hidden=\"true\"><use xlink:href=\"#icon-info\"><\/use> <\/svg>        <\/div>\n<p class=\"cn-block-disclaimer__content\">\n            Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.        <\/p>\n<\/p><\/div>\n<p><!-- .cn-block-disclaimer --><\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Vitalik Buterin has called for a shift to a \u201clocal-first\u201d approach to artificial intelligence. He said modern AI tools pose serious privacy and security risks. Summary Vitalik Buterin urged a&hellip;<\/p>\n","protected":false},"author":1,"featured_media":16227,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-24895","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptocurrency"],"_links":{"self":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/24895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/comments?post=24895"}],"version-history":[{"count":1,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/24895\/revisions"}],"predecessor-version":[{"id":24896,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/posts\/24895\/revisions\/24896"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media\/16227"}],"wp:attachment":[{"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/media?parent=24895"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/categories?post=24895"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitunikey.com\/news\/wp-json\/wp\/v2\/tags?post=24895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}