I've got a quirk when it comes to whitepapers— the more the project team emphasizes 'trustlessness', the more I want to dig into who’s really holding the trust.
OpenGradient is definitely heating up lately. a16z led a nearly $10 million round, with Coinbase Ventures jumping in as well. The mainnet launched on Base on April 21st, and in just two months, it has handled over 2 million inferences and verified more than 500,000 proofs. The slogan sounds great— 'Verifiable AI' and 'Decentralized Intelligent Network'.
But after going through its tech docs, I stumbled upon a fact that took me aback.
They offer three verification methods: ZKML, TEE, and Vanilla. ZKML uses zero-knowledge proofs to create a cryptographic loop, theoretically the most robust. TEE runs in a trusted execution environment, relying on hardware backing. The documents are clear— for LLM inference, 'all inferences are verified using TEE'. In the realm of large models, the project team has already chosen TEE for you. But what about the ZKML path? It’s still tagged as 'alpha testnet'. @OpenGradient
So what exactly is TEE?
OpenGradient uses AWS Nitro Enclaves. The official docs state plainly: 'the enclave is registered in the on-chain TEE registry, checks if the proof matches the AWS Nitro root CA, and confirms that the PCR value matches the on-chain approved hash'.
Translating that into plain speak: when you say 'trustless', you’re essentially shifting trust from OpenAI to AWS. If AWS has a hiccup, you’re still in trouble. Some analysis articles have pointed this out— TEE-based 'verifiable AI' means trusting AWS Nitro certification, not cryptographic proof. Trust hasn’t vanished; it’s just switched hosts.
I’m not saying OpenGradient lacks value. The HACA architecture has a solid approach by separating execution and verification. But the phrase 'trustless' in the context of AWS Nitro Enclaves should at least come with a footnote— 'Trust OpenAI less, but please trust AWS'.
That distinction isn’t made clear in the whitepaper.
#OPG $OPG
OpenGradient is definitely heating up lately. a16z led a nearly $10 million round, with Coinbase Ventures jumping in as well. The mainnet launched on Base on April 21st, and in just two months, it has handled over 2 million inferences and verified more than 500,000 proofs. The slogan sounds great— 'Verifiable AI' and 'Decentralized Intelligent Network'.
But after going through its tech docs, I stumbled upon a fact that took me aback.
They offer three verification methods: ZKML, TEE, and Vanilla. ZKML uses zero-knowledge proofs to create a cryptographic loop, theoretically the most robust. TEE runs in a trusted execution environment, relying on hardware backing. The documents are clear— for LLM inference, 'all inferences are verified using TEE'. In the realm of large models, the project team has already chosen TEE for you. But what about the ZKML path? It’s still tagged as 'alpha testnet'. @OpenGradient
So what exactly is TEE?
OpenGradient uses AWS Nitro Enclaves. The official docs state plainly: 'the enclave is registered in the on-chain TEE registry, checks if the proof matches the AWS Nitro root CA, and confirms that the PCR value matches the on-chain approved hash'.
Translating that into plain speak: when you say 'trustless', you’re essentially shifting trust from OpenAI to AWS. If AWS has a hiccup, you’re still in trouble. Some analysis articles have pointed this out— TEE-based 'verifiable AI' means trusting AWS Nitro certification, not cryptographic proof. Trust hasn’t vanished; it’s just switched hosts.
I’m not saying OpenGradient lacks value. The HACA architecture has a solid approach by separating execution and verification. But the phrase 'trustless' in the context of AWS Nitro Enclaves should at least come with a footnote— 'Trust OpenAI less, but please trust AWS'.
That distinction isn’t made clear in the whitepaper.
#OPG $OPG