The Root of Trust Isn't Theirs
Every TEE attestation traces back to hardware you don't control. OpenGradient's verification model anchors its root of trust to the TEE manufacturer's signing key, meaning for AWS Nitro Enclave based inference nodes, Amazon's cryptographic certificate sits at the base of every proof the network produces. When an inference node generates an attestation, that proof is only valid because Intel or Amazon vouches for the enclave's integrity.
If a vendor revokes a certificate, patches firmware, or a side channel vulnerability breaks enclave isolation, every attestation built on that root becomes suspect simultaneously. Intel SGX alone has had multiple documented enclave breaking exploits since 2018.
I don't think most $OPG holders understand what the verification premium actually rests on. OpenGradient doesn't publish which specific TEE hardware versions its nodes run or how fast the network could migrate away from a compromised enclave architecture.
Over 500,000 proofs generated, all carrying a quiet assumption that the hardware underneath was never tampered with and the manufacturer's keys were never compromised. But that assumption belongs entirely to Intel and Amazon, not to anything OpenGradient controls or publishes on chain. The chain verified the compute. The chip is still someone else's problem.
Which risk concerns you most for $OPG?
