Vitalik Buterin says the only safe way forward is to keep AI on your personal devices. He points to new “proxy” systems that pose significant security threats.
The founder of Ethereum has stopped using cloud-based artificial intelligence. It runs everything on its own devices now. He wants others to do the same.
He took out a Long post on April 2, 2026. In it, he said he was building an AI setup that he calls “self-sovereign, local, private, and secure.” He says his concern is real.
“I come from a place of deep fear that our entire personal lives will be fueled by cloud AI,” he wrote. “When end-to-end encryption and local software-first finally become mainstream, we may have taken ten steps backward.”
Since the beginning of 2026, people are advised to switch to this. He sees it as a way to resist the long-term move toward centralized technology services.
Why do AI agents worry about Vitalik Buterin?
An important factor in his change of heart is that artificial intelligence is no longer what it used to be. It’s more than just a chatbot that provides answers.
AI systems can now act as “agents,” meaning they use hundreds of tools to finish tasks themselves. but, Buterin thought People are not taking the security risks of this shift seriously enough.
To support this, he pointed to research on tools such as OpenClaw. These studies found that AI agents can change important computer settings or messaging channels without asking you first.
For example, a hacked website could trick an AI agent into downloading and running a malicious script, giving a stranger complete control of your computer. The research also showed that about 15% of the “skills” used by these agents contained hidden commands. These commands quietly send user data to external servers.
Shahaf Bar-Geffen runs a cryptocurrency company called COTI. He put the privacy problem this way: “Without privacy, Web3 is doomed to become a kind of castle in the sky, which may sound great in theory, but simply doesn’t work in practice.”
How he built his local setup
Butyrin solution It is keeping everything local to improve privacy and security. He tested different hardware settings using a model called Qwen3.5:35B. These tests showed that anything less than 50 codes per second was too slow to be useful and “too annoying.”
For his own work, he found 90 codes per second to be the ideal speed.
Of the machines he tested, the NVIDIA 5090 laptop performed best, reaching 90 codes per second. On the other hand, the DGX Spark, which is marketed as a supercomputer, only managed 60 codes per second.
Buterin described it as “weak,” noting that the high-end laptop offers a great experience.
It uses NixOS for software and runs a llama server in the background. He also used a tool called bubblewrap, which generates isolated environments to restrict AI access to specific files. He said he sees AI as something useful, but not entirely trustworthy, similar to how Ethereum developers approach smart contracts.
Since on-premises models aren’t as good as cloud models when it comes to harder reasoning tasks, he’s built some practical solutions. The first is the 2-of-2 confirmation approach where the AI drafts something, for example, an email or a transaction, but nothing comes out until the person signs it.
He also keeps a 1TB folder of Wikipedia data locally so he can look things up without sending queries to the Internet.
When it needs to use a remote form, it passes the request through a local form so it can filter out any sensitive information. Some people can’t afford their own setup. For them, Buterin suggested they work with a small group to purchase a shared computer with stable internet and access it remotely.
Since AI is so ubiquitous now, he believes being cautious is just common sense. He believes that keeping things local, using sandboxes, and not trusting the system are just practical ways to stay in control of your digital life.
