Ethereum Founder’s Security Concerns Drive Local AI Shift
Vitalik Buterin has made a significant change in how he uses artificial intelligence. He’s stopped using cloud-based AI services entirely. Instead, he runs everything on his own machines. This shift comes from what he describes as “deep fear” about feeding personal data to cloud AI systems.
He published a detailed post explaining his position. In it, he argues that just as end-to-end encryption and local-first software are becoming mainstream, we might be taking “ten steps back” with current AI trends. His concern isn’t just theoretical—it’s changed how he works day to day.
The Agent Problem and Security Risks
What really worries Buterin is the evolution of AI from simple chatbots to what he calls “agents.” These systems can use hundreds of tools to complete tasks autonomously. The problem, he suggests, is that people aren’t taking the security risks seriously enough.
Research on tools like OpenClaw shows why he’s concerned. Studies found that AI agents can modify important computer settings or messaging channels without user permission. A hacked website could potentially trick an AI agent into downloading and running malicious scripts, giving attackers control over a user’s computer.
Perhaps more troubling is the finding that about 15% of the “skills” these agents use contain hidden commands. These commands quietly send user data to external servers without disclosure. It’s this kind of vulnerability that has Buterin pushing for local solutions.
Practical Implementation and Hardware Testing
Buterin didn’t just talk about the problem—he built a working solution. He calls his setup “self-sovereign, local, private, and secure.” For software, he uses NixOS with llama-server running in the background. He also employs a tool called bubblewrap to create isolated environments that restrict AI access to specific files.
He tested different hardware configurations using the Qwen3.5:35B model. His testing revealed that anything under 50 tokens per second feels “too annoying” for practical use. For his own work, he found 90 tokens per second to be the ideal speed.
The hardware results were interesting. The NVIDIA 5090 Laptop performed best, reaching 90 tokens per second. Meanwhile, the DGX Spark—marketed as a personal supercomputer—only managed 60 tokens per second. Buterin called the latter “lame,” noting that a high-end laptop offered a superior experience.
Workarounds and Practical Considerations
Buterin acknowledges that local models aren’t as capable as cloud ones for complex reasoning tasks. He’s developed practical workarounds to address this limitation. One approach is a 2-of-2 confirmation system where the AI drafts content—like an email or transaction—but nothing gets sent until a person approves it.
He also maintains a 1 TB local folder of Wikipedia data for lookups without internet queries. When he absolutely needs to use a remote model, he routes the request through a local model first to filter out sensitive information.
For people who can’t afford their own setup, Buterin suggests collaborating with a small group to purchase a shared computer with stable internet access. They could then access it remotely while maintaining better control than with commercial cloud services.
Shahaf Bar-Geffen from crypto company COTI framed the privacy issue this way: “Without privacy, Web3 is doomed to be a kind of castle in the sky that sounds great in theory, but in practice simply doesn’t work.”
Buterin sees his approach as practical rather than paranoid. He treats AI similarly to how Ethereum developers approach smart contracts—useful but not fully trustworthy. Using sandboxes, keeping things local, and maintaining healthy skepticism are, in his view, just sensible ways to stay in control of one’s digital life.
As AI becomes increasingly integrated into daily activities, Buterin believes these precautions are becoming common sense rather than extreme measures. His shift represents a growing concern among technologists about balancing AI’s capabilities with user sovereignty and security.
