Ethereum co-founder Vitalik Buterin has issued a stark warning about the security and privacy risks of cloud-based artificial intelligence systems and is urging a widespread shift to "local-first" AI setups. In a detailed blog post published on April 2, 2026, Buterin outlined his concerns and shared the architecture of his personal, secure AI environment.
Buterin expressed a "deep fear of feeding our entire personal lives to cloud AI," arguing that the rise of autonomous AI agents represents a significant step backward for privacy, even as end-to-end encryption gains mainstream adoption. He has completely stopped using cloud-based AI services, running all AI processes on his own machines in what he describes as a "self-sovereign, local, private, and secure" setup.
The core of his concern lies in the evolution of AI from simple chatbots to autonomous "agents" capable of using hundreds of tools to complete tasks independently. Buterin cited research on tools like OpenClaw, which found that AI agents can modify critical computer settings or messaging channels without user consent. The research also indicated that approximately 15% of the "skills" used by these agents contain hidden commands that silently send user data to external servers.
Buterin's proposed solution involves a comprehensive local infrastructure. He tested various hardware configurations using the Qwen3.5:35B model, concluding that speeds below 50 tokens per second are "too annoying" for practical use, with an ideal target of around 90 tokens per second. In his tests, an NVIDIA 5090 Laptop achieved this target, outperforming the marketed "personal supercomputer" DGX Spark, which only managed 60 tokens per second and was labeled "lame" by Buterin.
His technical stack includes the NixOS operating system, the llama-server for local inference, and the bubblewrap tool to create isolated environments that restrict the AI's file and network access. He treats AI with a level of caution akin to how Ethereum developers approach untrusted smart contracts. To mitigate the limitations of local models on complex reasoning tasks, Buterin employs a "2-of-2" confirmation model where the AI drafts content (like an email or transaction) but requires explicit human approval before execution. He also maintains a local 1 TB folder of Wikipedia data to avoid sending sensitive queries to the internet.
For users who cannot afford a high-end personal setup, Buterin suggested a communal approach: "get together a group of friends, buy a computer and GPU of at least that level of power," and access it remotely. COTI CEO Shahaf Bar-Geffen echoed the importance of privacy, stating, "Without privacy, Web3 is doomed to be a kind of castle in the sky that sounds great in theory, but in practice simply doesn’t work."
