“A system overview for near-term, low-trust AI compute verification” by Naci Cankaya episode artwork

EPISODE · Jun 23, 2026 · 1H 30M

“A system overview for near-term, low-trust AI compute verification” by Naci Cankaya

from LessWrong (30+ Karma)

Version 0.2, working draft This is a working draft of my current best idea for a privacy-preserving, retrofittable AI compute verification system, for confidence-building in an arms-control-like AI agreement between rival nation states. The purpose of this draft is to elicit community engagement by making use of Cunningham's law: I make assertions about what the (emerging) field of AI verification should aim for, and people with experience in international policy, cybersecurity and any relevant field of engineering can point out what this draft gets wrong. Thank you to everyone who has provided feedback to version 0.1, especially Aaron Scher, Mauricio Baker and Jonathan Ng. 1. Introduction and summary In order to plan and execute under tight timelines, one needs to make some strategic bets, instead of hedging too much and keeping all options open. The field of research on AI verification is bottlenecked partly by a lack of shared vision (as well as human capital, but having clear goals helps hiring and fundraising). With this post, I aim to: Make technical objectives for verification in high-stakes AI governance more specific and actionable (section 2).Contribute a first, high-level reference architecture for meeting these goals (section 3 and [...] ---Outline:(00:54) 1. Introduction and summary(06:31) 2. Problem statement and motivation(06:41) 2a. Low-trust AI governance(09:46) 2b. Threat model(11:09) Covert adversary and the inversion of the fortress problem(12:21) The attribution problem and plausible deniability(13:26) Assumptions about physical security and inspection(15:08) Discussion of attack surfaces(18:19) 2c. Practical requirements(23:05) 3. System overview and operation(23:10) 3.1. Brief introduction(27:14) 3.2. End-to-end execution trace(28:00) 3.2.1. Evidence capture(30:22) 3.2.2. Evidence evaluation(33:57) 4. Subsystem designs for eliminating the need for mutually trusted silicon(34:29) 4.1. Trust in silicon is hard(35:58) 4.2. Analog data movement control: passive splitters, data diodes, enclosures(37:52) 4.3. Building blocks for a mutually secure verification system(38:53) 4.3.1. Controlled ingress(40:02) 4.3.2. Output cross-checks(41:46) Prior work(43:01) 4.3.3. Sanitized egress(44:26) Prior work(45:19) 4.3.4. Instructor-executor(48:26) 5. Engineering approaches for evidence capture and evaluation(48:32) 5.1. Evidence generation, capture and commitment(50:29) 5.1.1. Network taps and active wardens(51:18) Prior work(54:03) Open research questions(55:55) 5.1.2. Memory challenging and memory wiping(58:19) Prior work(01:00:19) Open research questions(01:01:32) 5.2. Evidence evaluation and disclosure(01:01:37) 5.2.1. Secure auditing environments (tentative plan A)(01:04:20) Prior work(01:06:22) Open research questions(01:07:53) 5.2.2. Replay and the determinism challenge(01:10:10) Prior work(01:10:49) Open research questions(01:11:43) 5.2.3. Inspection software, inspector agents(01:12:38) Prior work(01:13:58) Open research questions(01:14:58) 5.2.4. Zero Knowledge Proofs (tentative plan B)(01:16:22) Prior work(01:18:55) Open research questions(01:20:14) 5.3. Support mechanisms(01:20:19) 5.3.1. Side-channel defense(01:20:51) Prior work(01:22:43) Open research questions(01:24:39) 5.3.2. Resource accounting(01:25:18) Prior work(01:25:30) Appeal to the reader(01:26:28) Appendices(01:26:32) A1. The statistics of random sampling The original text contained 23 footnotes which were omitted from this narration. --- First published: June 23rd, 2026 Source: https://www.lesswrong.com/posts/fgvmKqRGvBteKeDoc/a-system-overview-for-near-term-low-trust-ai-compute --- Narrated by TYPE III AUDIO. ---Images from the article:Apple Podcasts and Spotify do not show images in the episode description. Try Pocket Casts, or another podcast app.

NOW PLAYING

“A system overview for near-term, low-trust AI compute verification” by Naci Cankaya

0:00 1:30:40

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Accidental Accountant Regan Williams Hi, I'm Regan! I'm a CPA of 30+ years helping "accidental accountants" navigate tax & accounting issues with confidence! Here, we find solutions to common challenges bookkeepers, accountants and CPAs face. Don't see an answer to your question? Then ask! I'm here to help people like you. Two Recruiters: Zero Filter Two Recruiters At Two Recruiters: Zero Filter, we're on a mission to demystify the hiring process, share insider tips, and empower you to maneuver through the professional world with confidence. With more than 30 years of combined experience navigating the intricate web of job markets, talent acquisition, and career development, we're here to spill the tea on everything career related. But wait, there’s more! We will dive into many life topics that are interesting to us as well.  Get ready for a rollercoaster of insights, stories, and no-holds-barred advice!Join us for conversations that matter – where work, life, and authenticity collide in the most unexpected and rewarding ways. Capital Ideas Podcast Capital Group Want to learn how professional investors do it? The Capital Ideas podcast brings you the latest investment thinking from Capital Group, one of the world's largest investment management organizations. Each week we'll get inside the minds of portfolio managers, analysts and economists to break down market trends, macroeconomic forces, investing approaches and lessons learned from personal experience. Take 30 minutes and tap into the intellectual capital of Capital Group. Capital Client Group, Inc.All Capital Group trademarks mentioned are owned by The Capital Group Companies, Inc., an affiliated company or fund. All other company and product names mentioned are the property of their respective companies.For full disclosures go to capitalgroup.com/global-disclosures. My Take On It with Your Angelic Karma® Your Angelic Karma Here we take a look at how the United States measures alongside other First World Nations. + taking a deep dive into the science -The Report

Frequently Asked Questions

How long is this episode of LessWrong (30+ Karma)?

This episode is 1 hour and 30 minutes long.

When was this LessWrong (30+ Karma) episode published?

This episode was published on June 23, 2026.

What is this episode about?

Version 0.2, working draft This is a working draft of my current best idea for a privacy-preserving, retrofittable AI compute verification system, for confidence-building in an arms-control-like AI agreement between rival nation states. The purpose...

Can I download this LessWrong (30+ Karma) episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!