Projects
![]()
No projects found
Investors
New
DAO Treasuries
DATs
Lend / Borrow APRs
Chains
Categories
Spaces
Morpheus Town Hall: AI + Privacy Is Common Sense, Let's Talk About It
Recorded: March 19, 2026 Duration: 0:58:03Space Recording
Full Transcription
Thank you. Good morning, good morning, everybody.
Let folks come on in and we'll start in just a minute.
Hey, David, can you hear me okay?
Loud and clear. Am I coming through?
You are. Yep, perfect perfect there we are awesome gonna be a good day today Thank you. I'm just going to go ahead and share our link here in a couple spots before we get going. Thank you. Thank you. Hey, guys, can you just confirm that my audio is still working all right?
Loud and good.
Yep.
Okay, perfect.
I just made a switch with the co-host thing and wanted to make sure I didn't break it.
which with the co-host thing I wanted to make sure I didn't break it
all right we'll give it just another minute here Thank you. All right, guys, so that we don't have too much dead air on our recording, although I
know we have some community members that have been actually mastering the recordings and
putting them out in podcast format.
So shout out to them for doing that.
Let's kick off this week.
And as kind of an overview of what we're talking about,
anyone who's involved in our social channels or in the Discord
will have seen that there is a fairly big announcement that we,
and by we, I mean certainly not me,
but the community of builders who are actually building the code base that is Morpheus have shipped a pretty awesome update over the last day or so that's been being worked on for quite a while, specifically with regard to privacy and compute.
As always, joining us today are multiple members of the community, many of which are actually hands-on in the actual code.
Again, unlike myself, I just talk about it.
However, I really want to dive into what was just shipped, what it does, what the implications are, and kind of cover it from a technical perspective.
And then also maybe a more like user focused practical perspective.
So for someone like me, like how, how does it impact my experience using Morpheus or,
or inference?
So I'm not sure exactly who the best person to jump in first is.
I think Kyle, maybe do it, if you want to do an overview on, you know, what the heck
I'm talking about.
Yeah, yeah, sure. So I guess just to start off the conversation,
yeah, a bunch of people in our Discord have been very closely tracking our GitHub commits. So the
cat was a little bit out of the bag that we are, or we have launched the first phase of a deeper privacy solution within the Morpheus Inference Marketplace.
And I'm going to talk more about what privacy means, what TEE means, which you're going to hear over and over, and kind of what our roadmap is for this. So right now, everyone knows
that the Morpheus inference marketplace
is a permissionless two-sided marketplace
for offering and renting compute, if you will.
And the way that that works is a provider
will host a Morpheus node
to essentially access the marketplace and within that node will provide
access to an AI model, whether that's running on their local machine, an API pass-through to one
of their servers hosting machine, whatever it may be. On the other side is the consumer who is also hosting a consumer Morpheus node to send prompts, right,
that then get picked up by the provider. And that's kind of how the system works, the marketplace
being in the middle and using the nodes to access that marketplace. Right now, there is, you know, pre-privacy, pre-TEE, there is kind of a deeper layer of trust and privacy than what you get with fully centralized and proprietary services like ChatGPT and so on right with morpheus you're connecting with the
wallet address remember this is the node not the api we'll talk about the api at the end
on the node you're connecting with the wallet address you're sending prompts to open source
models um there is no gpt in in you know who has your kyc and everything else, right? This is your wallet is sending a request
and a provider is picking up.
Now, in that infrastructure,
we don't exactly know what the provider is running, right?
Are they running the Morpheus node
that they get cloned directly from our repo?
Did they make some modifications to it?
Do they have logging enabled?
Where are they sending their requests? All of those are unknowns, which is completely fine because we have a flexible system. And it's fine for certain security applications. A couple different rabbit holes as I go through this to help you guys understand, right?
We're talking about the sliding scale of privacy in some ways.
We said this isn't chat GPT and this isn't, you know, clawed directly.
It's in some cases, that's okay. Go, you know, send a basic prompt to chat GPT, you know, that you're okay attributing to yourself and that you're okay with them training your data on.
There are other things that we're sending that we're not okay with our name being attributed to and training on our data.
And that's when you have to look at these more private solutions.
So kind of stage one of that privacy is breaking
the KYC. And that's where Morpheus is, you know, as of yesterday, let's say, or the basic Morpheus,
you know, offering through Morpheus is non-KYC. Yeah, someone can see your prompts. Someone can
log your prompts potentially as a provider, but it's not directly attributed to you. It's attributed to a wallet
address. And can we pause on that really quick, Kyle, just just really quick, I just want to pause
on that point. So that was prior to this update, how things work, basically, correct. So meaning
that if I provide any type of prompt that might have some type of personal identifiable information,
any type of prompt that might have some type of personal identifiable information
potentially prior to what we're about to be talking about the person who's actually running
the inference so the the hard metal wherever that may be could potentially see the those prompts
and that inference being created but doesn't necessarily see like who I am meaning like my email or my account or something
like this it's strictly tied to a wallet address however if I were to say in that prompt I like
drop my name or I drop something that's like very personally identifiable that theoretically would
allow that person to tie my prompt to my address name.
In the same way that if I send you a transaction on Ethereum and I have it tied to an ENS name
that's publicly disclosed, you would know that that specific address was me, correct?
Exactly. That's exactly true. And I'm just going to nitpick one thing that you said in there that that we need to address
separately is one side is the node that i mentioned right the the morpheus node that
you're hosting and the second part of it is the bare metal right the the node is what's your your
entry into the marketplace the bare metal is where you're actually running the inference.
That's the GPU.
And it's going to be more clear in a second why I separate those.
So sliding scale of privacy, no privacy, go to chat GPT and send a message.
to chat GPT and send a message, some privacy obscuring the or removing the KYC and just
interacting with the wallet address, you know, risks of prompt logging and so on. That's kind of
what Morpheus is at the basic layer. The next layer, which is what we introduced yesterday, is what we're calling, and we have to
work on naming a little bit, but what we're referring to as, let's say, the Node TEE.
And our goal and what we're doing here is we're going to get through this sliding scale privacy to
maximum privacy where no matter what no one can see anything but this is the the first phase in
that and what we're doing with this phase is we are allowing providers to put their node within a trusted environment, right?
They're hosting their entry into the marketplace on a TEE machine.
And hosting it on the TEE machine, great, right?
Anyone can do that.
You could always have done that.
But the valuable part is the attestation and proving that this node is running this version of the software
with these configurations and I can't get into it. So before I said, yeah, you're a provider,
you can host it, right? You can have logging on, you can have custom code running, you can really modify the product. In the latest version of this,
we're providing a handshake between the consumer and the provider so that the consumer can say,
provider, what are you running? And prove it, right? And that provider now is going to take,
and prove it, right?
And that provider now is going to take,
and I'm gonna let Alan jump in
and explain this on a deeper level,
but the provider is essentially
giving their attestation report that says,
this is the VM that I'm running on,
this is my address,
this is the code that I'm running,
and here's the hash of it.
And that's programmatically verifiable back to our
github releases and it's programmatically verifiable by the consumer so when a consumer
is requesting a model that that is enabled for this or a path that's enabled for this
it's saying you're either verified and i'm going to continue or you're not verified and I'm going to
stop. Right. And that's kind of where we're at now from what we've released. The next stage of that
is not just proving that the provider entry into the system is within this private enclave, but that the actual GPU inference
is in the private enclave as well, right? And when I say enclave, and I'm going to spare you
all the deep technical details for our article, but it's essentially an impenetrable box. Now,
you can go up to the box and connect all wires to it and
scope the PCIe lanes and try and find the information, but you're just going to get
an encrypted output. And the key only lives within that box, within where the Morpheus node is running.
So it doesn't matter. It doesn't matter if someone steals the steals the server rack and
tries to inspect it they can't get it with without the key that they can't get now
on that final level of privacy you have your entry into the marketplace within this
encrypted box and you have the bare metal gpu within this encrypted box, and you have the bare metal GPU within this encrypted box,
nobody knows what you're prompting or who is prompting it because of the no KYC that we
mentioned. So the provider is just providing essentially a piece of hardware and electricity
and an internet connection, and they can't see anything else.
And that's where we're looking to get with in phase two. And we're really proud of
the release that we just did now with phase one showing, all right, we can do this. We can
have a consumer fetch information from this provider and prove that it's authentic and prove this attestation. And it's a relatively straightforward, maybe not simple, but straightforward path to saying, okay, now you need to prove that your GPU is there too, right? There can be nothing behind that proxy router that you're running downstream where the inference is that is catching your request.
So I know I said a lot, and I'm going to let Alan kind of jump in here and go a little bit more into the specifics of the tech.
And then we can have everyone kind of rapid fire your questions that Alan and I can answer.
And we'll get into some more fun stuff on kind of where Phase 2 is
and how to access this and all those things.
So with that being said, Alan, I guess my question for you is if you can just explain the structure of the handshake,
right? And kind of how do we know that the TE is authentic? How do we know that the code running is what that person says is running. And how does the consumer entry into the system actually confirm that? And why can you trust it?
Oh, well, because trust me, bro, it's all in there. It's good. Thanks, Kyle, for the overview. I think to answer that question, I want to step back a little bit. And I use that, you know, the trust me row line a little bit tongue in cheek, but it was really how we looked at the communication path.
And so we did is kind of sat down and looked at, you know, everything from the consumer node or the C node.
If I start shortcutting words, I apologize. But the consumer node that's running on your laptop with your wallet, where does that go? It might go into AWS or Azure or someone's data center where you could have port sniffing and other fun things.
And then it ends up in the software, the provider node software that's running on someone's server somewhere that you don't know of.
you don't know of, and then sends that prompt either on box or off box again through all
sorts of fun network things and load balancers and et cetera, et cetera, to someone else's
server.
And you kind of line that whole thing up and you go, where is there a trust me, bro, kind
trust me bro kind of handshake gentleman's agreement and where do we have provable
of handshake gentleman's agreement?
encryption security privacy decentralization etc etc and the good thing is i think we started we
didn't start from ground zero the the when the morpheus lumarin node was first developed between
you know directly the consumer node to the provider node
at the software layer,
that communication was developed to be private and encrypted.
The C node and the P node,
excuse me, consumer node and the privacy node,
the provider node,
they handshake and exchange their own keys
at the beginning of the conversation.
And that is actually the data
that's transferred between the two.
So then we're like, well, okay, great.
But the provider node, how do I know, you know, kind of to your point,
that that's running the right software?
How do I know that it's not doing things?
And in the provider node, there are switches.
We've provided the ability to do logging and chat context for other,
you know, chat retention for other activities that people might want to do. We try to give
maximum flexibility. But when you start talking about TEE and privacy, like, look, those things
have to be turned off and you have to know that they're turned off and stay off. And so our first tackle on this was to secure the build pipeline.
So when we update the Morpheus, the Lumira node software,
we present it in downloadable form.
You can clone the Git repo.
You can grab the Git repo. You can grab the container image.
We try to make it pretty easy to kind of get the software and use it.
But we've added an extra step, which is really about taking that containerized image, feeding it the right variables to make sure that no logging is turned off or detailed logging is turned off, that no
chat can be, can be saved. We turn off all of those features that can be leveraged for other
things, but we said, no, we're going to lock it down. So we had to harden the image and then we
had to sign it to make sure that, you know, if someone says, Hey, it looks like the same image,
it's got V6 on it. My, you know, must be the thing, that's not good enough. That's another trust me
exercise. Nope, we need to design it and say that if
the hash of that software is different than what is posted on
the attested GitHub build, then it's not the same software, so
you should not trust it. So that's the first part, is kind of
harden the pipeline and make sure that the images that we post can be verified that that came from our source and have all the right things turned off and allows you to then go put this on the hardware. worked on over the last couple of weeks, which is putting it in a hosting provider that has
TEE execution environment. And what they allow, and we partnered with Secret Labs in particular
for our first article here, it allows us to bring all the elements of the T build in,
bring all the elements of the T build in, create the image, lock it in so you've got that watermark or that cryptographic hash of the image,
so that when I take and I make that exact same Docker compose file, that YAML file on Secret Labs, and I run that exact thing,
exact thing, I will get the exact same watermark or the exact same hash. So now I know that's
I will get the exact same watermark or that exact same hash.
running on the TEE, you know, the trusted execution environment is the software that
we built with the right settings for your provider. Like, great. Okay. That's awesome.
Now who checks it? And this is the third piece. And the third piece is when that consumer node knocks on the door and says, hey, Mr. Provider, I want to send you my LLM prompt.
The consumer node says, oh, you're a T-model hosting provider.
You, you know, I can, I need to know if I can trust you.
It goes out to the endpoint and grabs the attestation quote, the quote on the machine that says, I am this cryptographic hash.
The consumer node then goes out to the GitHub repo, looks up the latest version or the version that it's been told it needs to go check.
So we are version aware.
version aware, so 6.1 or 6.0,
So 6.1 or 6.0 says, hey, this provider is running 6.1.0.
it says, hey, this provider is running 6.1.0.
It goes to GitHub, looks at the 6.1.0 release,
looks at that attestation hash,
and then compares it through Secret's verification engine
that they match.
And what that then tells the consumer node
is that it's running the exact software,
the software has not been modified,
and you can trust sending your prompt to that, knowing that
there's no extraneous logging going on, your personal privacy is protected,
and there's no
PII that's flowing back and forth. So those three pieces, the
hardening of the build pipeline,
getting a verifiable image, hardened image,
building up the VM to make sure that you know what it's running on.
And then the last piece is that double check,
is where that C node is able to go out, knock on the door,
and make sure that they know who's answering.
Now, to Kyle's earlier point, and I'll
pause here after this, that protection perimeter right now stops at the backside, for lack of a
better term, of the provider node. So when that provider node sends its prompt off to an LLM server
somewhere else, it's going through the network, It's going through, you don't necessarily know if anyone's logging on that other side.
And that's really where phase two comes from, because you want to make sure that when it
leaves the provider node, that it's still safe.
And that's why we're going to have, you know, pretty fast follow as fast as we can to if I'm hosting an LLM, let's say on secret and on secret labs
enclave, that from when you knock on the door of the provider node till that prompt reaches the
actual inference engine and returns, you know that it's trusted and safe. So I said a lot of words
there, Kyle and Bo, Did I illuminate or confuse?
No, no.
It was a great explanation. I think that understanding for other people to understand actually how this works and breaking out the trust me, bro, is super important.
The last thing that you said, I think, is probably the most critical for anyone listening now or on the recording of what's phase one and what's phase two.
And it might seem a little backwards for some people that it's kind of like, all right, first give me privacy and then prove it is maybe what you would think it would be.
But we really went the direction of how do we prove it and how do we extend it?
Just focusing on trust being the most critical piece, right?
If you look at OpenAI's private policy, I don't trust that for shit.
They might say that it's private and they might say that they're not collecting any information,
but we've seen that policy change a hundred times already.
We've seen a lot of policies change and a lot of leaks of data in different places.
one in and being able to see the cryptographic proof is that there is no trust in a policy there
is no trust in anything but um as alan said physics and code and and it's all open source
you can watch it happen in real time and um what makes morpheus special is that you can see it, right? You can see the open source
code and you can see the ad station happening. And there is no layer of like you might have with
other companies who run on TEE that you do still have to trust it a little bit.
You have to trust that they're running the TEE and the encryption's happening where they say it's happening.
And we just felt that that wasn't enough and we needed to be able to prove it end to end.
can so okay i have a couple questions here you guys can we talk about so everything you guys
So, okay, I have a couple of questions here.
just said was basically like from a architectural perspective right so from the perspective of
somebody who can can actually go in and do the verification that you guys are talking about right
and so it it is important of course because it eliminates the trust me bro component
which is obviously huge and is ultimately what differentiates morpheus from other projects in
the space basically is we're trying to do everything we can to have a you know completely
open source permissionless decentralized way to access ultimately intelligence, but AI tooling.
From a user perspective, can you talk through what that looks like? Like if I'm an end user
that's plugging the API gateway now, actually, let me take even a step back earlier than that.
Is this implemented at the protocol level or at the gateway level? Meaning do I have the same
benefit if I'm somebody who's
building directly into the inference marketplace? Or is this something that's specific to somebody
who's using the API gateway? Good. So let me break this down into probably three points. So
first, I'll hit the API gateway set. Right now, the implementation that we launched was at the
core marketplace level. The API gateway is essentially a service that runs in front of
the marketplace level. So as of right now, we have not implemented this into the API gateway.
That's kind of on the list, right?
Let's call that phase three, right?
Phase one is in the actual inference node and in the marketplace.
Phase two is similarly hardening and expanding that security within the marketplace. And then phase three is going to be figuring out
how we can incorporate this through the API.
But that's a little bit more intensive
and something that we're 100% going to do.
Now, to follow up with something that you said earlier is,
if Beau, if I'll reframe kind of what you said why are you talking about
technical stuff that I don't care about and why does this matter to me or how do I actually see
that this is working so for a less delicate way of framing it but but okay. For a typical user,
what your process is going to be
is you're going to find a model
that's being hosted in the marketplace
with a TEE tag on it, right?
Models in the marketplace have various tags.
Some might be model size.
Some might be model capabilities.
One of the tags will be if it's a TEE model.
And if you request that model as a user, the node is going to do the rest of the work,
right?
It's going to say, this user wants privacy.
I'm running my scripts to validate that the provider is, you know, providing this attestation and it matches
and everything that Alan spoke about. So there is no, users don't need to do anything other than
choose a privacy model and have a version, you know, a compatible version of the node, of course.
We are talking about this underlying infrastructure for the sole reason that it's more than a policy.
You need to be able to prove that the validation and the attestation that's happening is actually legit.
And it's not just blowing smoke.
It's not just blowing smoke.
But from a user perspective, no additional effort other than choosing the model with the level of privacy that you prefer.
I think if I can jump in on this, I like to consider it our journey similar to Signal, right?
So everybody considers Signal as kind of the gold standard communication platform for privacy, right?
And why is that?
You know, part of it is, you know, non-profit structure. Part of it is their policy they've posted. Part of it's their verifiable trust, their open source and proven track record.
And I'd like to see us, you know, kind of get to that where you go to use Signal because other people have beaten the hell out of it
and know that it's secure and safe, and they've passed the test of time.
They've passed that hypothesis.
So I think we're counting on the community to the group of folks that are on the phone now
who are really excited about this to go out and poke holes in
and look at the source and look at the verification.
But then I think, you know, Bo, to the normal user,
just like I'm a normal user of Signal,
is you get to the point where there's trust over time.
And you know the foundation is built.
You know that the foundation of privacy is built in.
And when you go and select that, you know, T-branded model,
if you say, look, I want go and select that, you know, T branded model, if you say,
look, I want to be in super, you know, a cone of silence mode that all the right things are
happening and it doesn't provide more friction. It actually, um, the only friction it provides
is if you knock on the door of a bad actor and it says, Nope, you don't pass at a station and
I'm not sending your prompt. That actually should be a really good feeling that you see that that bounces off.
One of the things we're going to do is we're going to put up a fake bad actor with a T model that is not T-attested
so that you can actually see from a user standpoint, whether using your own consumer node or the API gateway of a failure.
Because I think that gets us that,
that public support that the right,
the right nerds in the audience who have gone and looked through the code and
tested it and poked and prodded it and given feedback that there is no
friction.
The goal here, besides the less trust me bro,
more physics, is also it can't add friction.
The only friction I want is when you're talking to a bad actor or you're not in a good trusted pipeline.
That's when the friction...
And at that point, it should be a hard wall, not a, not friction.
It should be stopped dead because we promise we've promised trust.
And if we can't deliver it, it, it shouldn't,
the prompt shouldn't go through.
Yeah. That that's really like, it's an exciting failure.
It's like, it's, I I'm expecting privacy here and you know,
my firewall, if you will, has has successfully blocked the bad actor attempt. So it's a it for, you know, setting the pieces in the
right place so that hundreds or thousands of providers can, you know, be offering this
T-enabled, you know, inference at phase, you know, we see phase one really as temporary,
but at phase two, a full end-to-end confidential compute and um we're we're just really excited that i don't know of
any other platform in the industry that is built on open source in a marketplace format that can
achieve this so it's a it's a a very deep moat when you say something being completely open source
and completely permissionless. So
it's something that I'm personally very excited about. Yeah, I mean, this falls under the category.
I put a message in the Discord the other day, but like I've seen so many projects in either
the crypto space or now the DAI space since it's like eight years ago or 2017 approximately when I first discovered the space and I have never
seen a project that ships more actual usable practical utility stuff than you guys are with
Morpheus and has like like the signal to noise ratio is like off the chart so I want to give
you guys you know hats off for that first of all one thing that I I want to give you guys, you know, hats off for that, first of all.
One thing that I did want to pull on a little bit further as well is, Alan, you had touched on the idea of, you know, not having friction from a user perspective. So I understand that you are,
of course, referring to technical friction in using the actual product, is there economic friction through having private
compute this way? Like, does it impact if I'm, I guess, to reframe that, if I'm a user who's
staking more tokens, and then having my inference, you know, covered perpetually by,
by the fact that I'm staking those more tokens, am I getting more bang for buck,
not going private,
and it's more expensive being done in a trusted execution environment? Does it not make a
difference? Yeah, so I'll jump in. There you go. So again, right, back to the original sliding scale,
right, of privacy. You're going to pay no additional, right, your baseline is no privacy
and no additional cost because people are making money off your data. As you move up, there is
generally a higher cost. Now, I'm going to explain where that cost comes from.
For providers running phase one, node attestation and node validation, the cost difference I would expect is near zero.
It's minimal. The cost of running a basic program on a very small CPU on TEE is more expensive than on an AWS instance, but it's not tremendous.
Where the cost really comes in is when you have the GPUs within the TEE.
And the difference there is you can't run it through the massive data center racks that exist where there's like a hundred
thousand you know h200s or b200s right you're not accessing the same pool of resources you're
running something on a closed node of either one h100 or eight h100s that is specifically configured for this one instance and can't do anything else.
So there is a premium for that, both from a cost standpoint and from an inference time standpoint.
There's some overhead associated with how much you can inference and, and the adder that, that T adds to it.
So do I have a cost estimate right now for you?
No, no, I don't.
And each provider is going to be different in what they add.
I could probably go and pull like the,
the hourly cost for GPUs for TEE versus non-TE for you guys to get a basic proxy of that.
But that's something that is just going to have to be seen.
And the great thing about Morpheus is that Morpheus doesn't set any price, right?
It's an open permissionless marketplace. So as the demand for this comes in, the competition for
providers will become significant and generally reduced to that efficient point of the market.
Yeah, I think you finally got to where I was going to jump in was we don't set the prices.
I think what you talked about is certainly theoretically true, right?
Is as you walk up that security chain, it does get more expensive in general.
Now, who charges that?
It's not something that the protocol layer charges.
We don't charge anything, right?
But the protocol is the protocol.
The providers have the option based on their costs to set what they offer those models for.
And each provider has to say, look, I'm either going to run at a profit or break even or at a loss for their own reasons, right?
If I'm running at a loss, it's because I want to attract more people to my provider node and build a reputation as a good provider node.
build a reputation as a good provider node. But I think I would land on it's in general,
the more security you add into a system, it's probably going to have pay a premium. You're
going to have to pay a premium. What that premium is, is going to be set really by the providers
and as they do their own math in the back. But we certainly don't set that at the protocol level.
in the back. But we certainly don't set that at the protocol level.
Yeah. And it's not, that premium is not needed for everything, right? We've,
I don't remember which talk it was, but I was on a talk with, I think, Secret Labs and Fala and
Eliza and someone else. And we talked about, like, you don't need full confidential compute when you're asking about the weather.
And you don't need full confidential compute when you're asking to have a public article, you know, summarized.
So I think there's the option of privacy is what's valuable, not necessarily blasting privacy every single place that you can get.
So it's kind of you use that cost data strategically when you need it.
And that's what I think is really kind of the game changer.
Yeah, I agree.
It's another arrow in the quiver.
It's like, look, I can go talk to the car salesman and public and not
and be okay having a chat about it if i'm going to go talk to my doctor i really want that to be
private so i don't need i don't need a lockbox for everything that actually brings me um to a
follow-up question so i was basically hoping you guys were going to stay something to the effect of what you did um the the follow-up question that
i have is actually for david if he's able to speak is it possible to build into everclaw
like into the skill package a skill where my agent can basically i can outline for it when I would and wouldn't want to use a like
specifically a private model and it just naturally knows when to execute that and when not to
that's a really great question I mean it's almost a logical extension of everclaw's router so the
router already looks at the prompt and says oh well this well, this is a really simple cron job. I'm just going to throw this at a small model and save tokens.
Whereas if it's a big coding job that's really complex, it's going to go to GLM-5 or one
of the more powerful models, right?
And so it would be interesting to think about like a privacy sliding scale for the same
thing.
I'm going to go talk to my agent and add that to the backlog today.
Yeah, that'd be awesome because this was actually something that dates a little ways back for me. I
did a podcast interview with Lisa Loud over with Secret a handful of months ago, and we were kind
of talking through what TEE looks like through a compute interface. And I was imagining like a toggle, basically,
like I'm turning on private mode and not private mode.
But yeah, via the agent,
like it just could be the toggle theoretically.
Yeah, you can, right.
It is a toggle, right?
Because you're going to have public versions
and you're going to have private versions of the same model.
So wherever that toggle exists, it just has to change the model name, if you will, that you're calling
through the router. But it's pretty much the same way that you expected it.
Wow. This is, to me, it feels like another really big step forward in, you know, we always talk about how fast things are moving.
But I feel like if we look at it in terms of like progress cliffs, basically, or like, you know,
a staircase, some steps are like much larger than others. And this step towards having actual
privacy, not just trust me, bro, privacy is, is massive. And it's one of those things that I don't think people are going to fully appreciate.
Well, actually, the the average end user might never fully appreciate it
because by the time they discover it and are using it, it just exists.
But I'm really glad that, you know, we're here.
Anyone involved in the call today and our communities are here to
see like what that actually looks like from the earliest
stages um yeah it's ultimately just so cool and i cannot uh express my gratitude enough to
everybody who's working on being able to actually build it can can i ask you guys like is there
anything that was maybe surprising about you know figuring out how to do it that you weren't
anticipating or maybe something that changed your mind
and what the best way of doing the execution is
or something like this?
That's a good question.
I don't think there was any real-
I'll say for me-
I don't think there was any- Alan,'ll say for me... I don't think there was any...
Let me say for me, and then you'll be the depth of what I have to say.
I was surprised how straightforward it becomes for the reason that it's math, right?
It's you're following the math, right?
I thought that there would be a lot more handshaking and negotiation and testing and figuring out how everything comes together.
But at the end of the chain, at the end of the day, the way that Alan and team implemented it is you're
just following the hash, you're following the hashes, you're following the math, and
you're just confirming attestation and numbers.
And it becomes simple when you can follow something all the way from the deployed code
all the way back to when it gets verified.
So it was probably something that I shouldn't have been surprised about,
but I was, you know, I guess at the end of the day.
Yeah, I think it's funny.
There's also, I think, maturity in the industry a little bit.
I mean, we talked about this months ago,
and the how to solve was still unclear but i think the progression
in general of uh of you know zero knowledge proofs which is just cryptography and checking hashes
once that you know that matured to a certain point um that then as we looked at it you're right
it's it's follow the math in fact i you being fully transparent, you can sort of see it on the GitHub releases.
We found a, we found a little bit of a flaw, which is, you know,
we were checking that attestation when we created the session,
but not every prompt afterwards, like, well, wait a minute,
that's not going to be good. How do we fix that? Well,
it turns out the fix is really easy. In fact,
we've got it running on tests right now. We'll be pushing main later is, um, you don't have to do
the full attestation again. You just grab that, that cryptographic hash that you started with,
that you tested. And then every time you go to send a prompt, um, you check it, you check it,
that, that crypto hash. And so having it in that math base, and again,
that's why I like the physics, physics, not promises,
is it makes a lot of those checks,
especially at the technical level so much easier. You know, I'm checking,
I'm checking two shot two 56 results rather than trying to recompute
everything all the time. that's efficiency that's speed
that's all sorts of stuff so i think the the zk maturity in the industry helped bring this at the
right uh at the right time right place right time uh david always talks a lot about well it just
happens at the right time i think this was another one of, a lot of things had to coalesce, but yeah, physics, not promises is really good. I love it. No, this is, this is, this is great. Yeah,
but I just want to say, I think this is a huge improvement. This unlocks so many new use cases
and privacy, I think is going to be just this explosion of going from personal AI
being purely local to now people will be a lot more comfortable that their information's
really being honored so yeah thanks to the team for awesome stuff
yeah couldn't agree more I'm trying to think I don't know that from a user perspective, I have other questions at this exact moment. I mean, I definitely am looking forward to giving it a try. Although, to your point before, giving it a try from a user perspective should just be a different tag on the model that I choose, which is a good thing. That's what we want it to be ultimately. Right. So. Yep. Yep.
I should only know that there's a problem if there's a problem.
The fun test that,
that Alan mentioned earlier is that we're going to give a fake model out there.
We're going to put a model that claims to be private. That's not,
and you're going to be able to go and hit that model and it's going to tell you
no I don't approve of your actions of thinking that you're private when you're not so it'll be
the the positive what is the not the false negative but whatever it is validating the
bad path is that you know what I need someone to do is take like a sizable amount of Ethereum
or Bitcoin or something like this
and start releasing a seed phrase
into their session
and seeing if the money moves.
If the money doesn't move,
you know it was private.
Sure.
Why don't you just send me your key, Bo,
and I'll do that for you.
Yeah, thank you.
Somebody with more liquidity than me, I need you to run that experiment, please. Thank you.
No, that's great. Well, that's good stuff, guys.
Should we see here, is there anybody else from the community or in the group session here that has any questions or wants to jump up
and get involved. All right, we have silence, so it might not be the case. That is okay.
Yeah, I mean, again, ultimately, the continues to ship the community continues to I actually love Kyle, you mentioned before that the the cat was a little bit released from the bag because our community was actively monitoring, monitoring the GitHub, which is very cool that actually makes me really happy to see that there's you know there's people following closely enough that they're actually like specifically watching for commits to see
um you know what what's going on under the hood in real time i think that's very cool
yeah i agree that i was surprised to see that yesterday as well like how do they know like
oh that's right the shipping channel so now i have to make sure that our our release notes a
little more clean so since people are listening i to make sure that our release notes are a little more clean.
So since people are listening, I'll make sure that they're a little bit more articulate sometimes.
No worries at all.
It is good stuff.
Again, it's a feature, not a bug of building in the open and having everything be open source.
And this was a point that I'd made actually in the Discord as well over
the last couple of days was just a reminder as to, you know, why Morpheus is what it is
and why it's being built in the way that it's being built, being, you know, open source
and permissionless and decentralized. And it's ultimately because similar to something
like Bitcoin or something like Ethereum, if everyone who's working on it at this exact moment today, you know, suddenly disappeared and could no longer work on it, the project itself can and will survive because the project is public open source code.
open source code. So at any point, somebody or a team of somebody's or whoever would have the
ability to start working on the code base. And that just would be what it is in the same way
that if one person is mining Bitcoin, the network survives and similar to Ethereum with Ethereum
nodes. So just as a reminder for everybody that, you know, that's that's ultimately why, you know, this exists the way that it does.
It's also why it's such a powerful network and tool.
And it's also why in some cases things probably don't move quite as fast as they would.
I mean, definitely as fast as they would in like a centralized format.
Although I would argue that you guys are still moving very fast and there's updates,
you know, all the time. People are not waiting months and months and months between updates. I
think the amount that has been shipped from certainly two years ago, but even one year ago
is, you know, astonishing. So cheers to the future. I mean, I'm certainly looking forward to that and we'll keep engaging from the community perspective.
Does anyone have anything else?
David, do you have any final thoughts
kind of as we wrap up this week?
No, this is just an amazing milestone.
And it's great to see it spreading all over the ecosystem.
So congrats to everybody for this big unlock.
But this is something we've all been looking forward to for years,
but it's so cool to see it in reality.
Absolutely.
Well, thank you everyone for joining us then.
If you are listening to the recording of this,
that was remastered by the community.
First of all, thank you to the community Miramorpheus
Miramorpheus for doing that remastering.
for doing that remastering.
And then also thank you to you for listening.
for listening.
And with that,
David, you have our final sign-off
as always.
Keep being awesome.
Thanks, guys. Thank you.
Host
Morpheus
from
MorpheusAI
