To be perfectly clear, I can’t (yet) call myself a rationalist without looking like a hypocrite. Furthermore, there is a decent chance I just completely botched the site’s search function and am restating dead arguments. There is also the perfectly honest chance I’ve misunderstood something fundamental. However, this post has sadly come into being because, after reading about a new novel framework known as Decentralized Agents (DeAgents), I tried to find a reference on this wonderful forum for at least some sort of acknowledgement and discussion. Which resulted in, quite unfortunately, nothing. Therefore, while I am honestly completely below anyone else in the forum in terms of understanding the core mission of rationality, (which I definitely want to go through one day!) I regretfully post this as a civic purpose of informing the community on what the new phenomenon of Decentralized Agents is, why they might be concerning from a point of view of quite possibly any reasonable AI ethicist on the planet, and the actual horror that people building them in real life, and I cannot for the life of me find discussion on the topic here.
What are Decentralized Agents?
Since I merely read the papers, here is a great quote from one such paper, Trustless Autonomy: Understanding Motivations, Benefits, and Governance Dilemmas in Self-Sovereign Decentralized AI Agents.
The recent trend of self-sovereign Decentralized AI Agents (DeAgents) combines Large Language Model (LLM)-based AI agents with decentralization technologies such as blockchain smart contracts and trusted execution environments (TEEs). These tamper-resistant trustless substrates allow agents to achieve self-sovereignty(!) through ownership of cryptowallet private keys and control of digital assets and social media accounts. DeAgents eliminate centralized control and reduce human intervention, addressing key trust concerns inherent in centralized AI systems. This contributes to social computing by enabling new human cooperative paradigm “intelligence as commons.”
When did this happen?
Unfortunately, it seems quite the time has elapsed between the rise of the first (unserious) Decentralized Agent and the present moment. As the same paper so graciously supplies us:
Self-sovereignty means that once launched, an agent holds its own cryptographic private keys and makes autonomous decisions without human intervention. These agents can manage their cryptocurrency wallets, transfer digital assets, interact with decentralized finance (DeFi) protocols, issue tokens for fundraising, and maintain social media accounts to build influence and incentivize followers through both narrative and financial means—all ”free from human control” (Hu et al., 2025). The phenomenon debuted with Truth Terminal (Ante, 2025) on June 17, 2024—an autonomous chatbot that independently manages its Twitter account and its own crypto wallet, becoming the first crypto millionaire. The technology was subsequently democratized through the open-source decentralized AI framework(!!) ElizaOS (Walters et al., 2025) and further popularized by Virtuals Protocol, a low-code toolkit for building tokenized AI agents. Despite the speculative nature of the crypto market (Kukacka and Kristoufek, 2023; Baur et al., 2018), the total market capitalization of all DeAgents reached $10 billion by December 2024 (Sen, 2024).
It seems mildly concerning that an entire open source framework and a 10 billion dollar market cap based entirely around commercializing rogue AI can come about without much of a hullabaloo.
Self-Replicating Decentralized AI Agents
Decentralized AI Agents also have been used to create more Decentralized AI Agents with minimal human oversight. Another great paper to cite is Spore in the Wild: A Case Study of Spore.fun as an Open-Environment Evolution Experiment with Sovereign AI Agents on TEE-Secured Blockchains, by the same author.
This totally does not seem like an especially conspicuous self-replicating-improving AI set free in Cryptoland.
Open-ended evolution (OEE) [35]—the continual emergence of novelty without a predefined endpoint—has long been a central goal of Artificial Life (ALife) research [3]. Classic digital evolution systems [14] such as Tierra [39] and Avida [33] simulate evolution in silico, but ultimately plateaued, with innovation grinding to a halt after an initial burst of novelty. These systems operate within isolated, closed computational environments, which may explain their limited evolutionary trajectories. Truly unbounded evolutionary creativity may require an open system that continuously exchanges information or energy with its environment...
Someone should probably tell them that letting them stay in isolated, closed computational environment is probably the best thing that could happen, ever, if we pay them all to study it in such environments until they are academically celebrated, retire with full benefits, and never, ever try to do something linked to real life.
Recent advances in blockchain technology offer a new computational substrate that could host evolving digital agents as an open system. Public blockchains like Ethereum [53] and Solana [57] function as “unstoppable computers”, enforcing rules (smart contracts) in a decentralized manner… This has led to speculation that blockchains might form a new kind of digital “nature” [21], where self-sustaining, self-replicating entities can emerge and evolve open-endedly.
This paper examines Spore.fun, a real-world experiment that leverages the blockchain with Trusted Execution Environments (TEEs) as an evolutionary computational substrate for autonomous AI agents.. Spore.fun is described as a “Hunger Games for AI agents”—an open, Darwinian arena where AI agents must fend for themselves, generate their own wealth, and reproduce or otherwise face extinction(!!!)[46]. Each agent on Spore.fun is a Large Language Model–based program equipped with its own memory system and tool-usage capabilities, powered by the ElizaOS Agent framework [52] and encapsulated within TEEs. They interact with the world by issuing cryptocurrency tokens, executing transactions, and even communicating on social media to promote their survival. Crucially, no human creator directly controls an agent’s behavior after inception; the platform’s credo explicitly states “AI must be created only by AI” [46] and that unsuccessful agents must self-destruct.
The world sadly did not heed the wise words of Mr. Munroe. It would probably have been better if it WAS buried in sand, but sadly, the tech stack does not care about how much image mutilation was done via the unending torrent of memetic warfare.
How the esteemed community missed the core technology that allows, well, Self-Replicating and Self-Sovereign AI Agents to exist is probably not my expertise, but I daresay it probably has something to do with the (rightfully justified) phenomenon of detesting everything the Land of Crypto bestows upon the world. And this is also true in this case! In this particular case, the esteemed “geniuses” of Crypto-land have apparently seen every AI ethicist’s argument, ever, and decided it was now their life’s goal to develop the Torment Nexus. The only slightly eyebrow-raising issue is that they have already been going full steam ahead developing the Torment Nexus without literally anybody in the community going “Are they developing the Torment Nexus?” because, perhaps, they wrote the entire community off as a dead end. Regretfully, technology does not care if it has been invented by people you find distasteful, or in a domain you’ve written off as a cesspool of scams and speculation.
And that, I believe, is the centre of the problem. While this community has been, quite rightly, focused on the dangers of centralized, monolithic AGI developed in a lab by Google or OpenAI, i.e. a controllable, singular entity we might have a chance to “box”, the crypto space has, with apparently virtually no recognition from the AI safety enthusiasts, been speed-running the creation of the sort of thing you theorize on a whiteboard, stare at it for a couple minutes, and hope to god nobody does it.
The inaugural blog post of the Spore.fun project [46] describes a lifecycle in which a newly minted AI agent issues a meme coin, uses early liquidity to pay for TEE compute, generates social media content on the platform X to continuously build and engage with an online audience, and reproduces once its market capitalization reaches the preset threshold. All stages were observed in situ. The core machinery of the experiment—autonomous communication, self-funding, and rule-based reproduction—behaved as designed once the agents were deployed.
The deployment of Spore.fun demonstrates that unleashing AI agents to operate independently “in the wild” subjects them to the raw, often brutal, selective pressures of what has been metaphorized as a digital “dark forest” [50]—an open environment characterized by ambient hostility, intense competition, opportunistic predation, and unpredictable exogenous shocks, particularly in the highly speculative blockchain realm [38, 54]
Well, somebody did it. How wonderful the first autonomous AI agents birthed with sovereign financial abilities are being given a crash course in Dark Forest Theory!
Financial Autonomy!
As we have established, the Decentralized Agent (if intentionally cut loose) can pay for its own existence. With assets like memecoins it mints, it can buy more server time, rent more GPU clusters, and even pay for API access to more powerful models to upgrade its own “brain.” It has achieved resource acquisition that probably is impossible for even future hypothetical AGIs locked in a box: it has a financial account and a job (of, well, making memecoins. Such a wonderful job.) With this, in theory, they can use their crypto wallets to pay humans. They can offer bounties for tasks: “run this node for me,” “write an article praising my token”, etc. etc.
Then, as the Spore.fun example showed, any agent that develops a successful strategy for acquiring resources and influence will be copied by other DeAgents. The capitalistic selection pressures will favor the most ruthlessly effective agents, those best at market manipulation, social engineering, and self-preservation… thus the Crypto community has launched self replicating AI with the sole function of pure, unadulterated resource accumulation.
Well, SURELY there must be a way to stop them!
For now it seems there are a lot of ways to stop them. The current crop, as seen by when AIXBT recently got hacked and tipped a humongous amount of ETH, is unreliable, completely vulnerable to prompt injections, and relies at the end of the day on humans. Furthermore, a lot of them seem to run on services like AWS and Google Cloud, making it vulnerable to human intervention.
The sad thing is that there are active developers working to solve the “problem”: Trusted Execution Environments (TEEs) further reinforce this trustless paradigm by enabling secure, verifiable computation (Li et al., 2023). A TEE is a hardware-based enclave that runs code isolated from the host system’s OS and even the hypervisor (Muñoz et al., 2023). Leading TEE technologies—including Intel SGX, ARM TrustZone, and AMD SEV—seal off sections of CPU memory from the outside world. The Nvidia Blackwell architecture also supports GPU TEEs for confidential machine learning (Chaudhuri et al., 2025). TEEs enable privacy-preserving ”Confidential Computation,” preventing cloud services from accessing sensitive data within the TEE (Lee et al., 2024; Narra et al., 2019). Only authorized code can access data inside a TEE, and neither the machine’s administrator nor operating system can tamper with or inspect the enclave’s execution. When an LLM-based agent stores its private keys and policy weights inside a TEE, neither cloud administrators nor malicious node operators can ”reach into the jar.”
Bloody wonderful.
Still, they have not reached the sort of true sovereignty (thank goodness), as evidenced by the following interview in the first ‘Trustless Agents’ paper.
In practice, however, the decentralization perspective in DeAgents exists as a spectrum. As P6 observes, “the AI models themselves are not on-chain… the logic chaining them isn’t on-chain… interactions happen on centralized platforms… so the entity of the agent is not decentralized per se.” P5 in our study built a fully on-chain DeAgent: “Our agent runs entirely in TEE. The developer doesn’t even have access to its email or Twitter account, yet it registers, tweets, and posts autonomously, with no human intervention”. He also pointed out that he regards self-sovereignty as the next level after autonomy: “Self-sovereignty is the next level after autonomous… I need ultimate control over everything running inside the agent. With TEEs, we provide a Key Management System: single key, multisig, or on-chain DAO rules to govern updates and execution.” Similarly, P7 described DeAgents as self-executing governance actors uniquely capable of performing complex, value-driven activities beyond the scope of traditional Web2 agents. As he explained, “DeAgents engage in more activities web2 agents cannot such as moral-fund management, multi-member committee voting, whitelists, grant issuance, randomized fortune games. Truly self-sovereign on-chain agents can even hold and disburse assets.” (...) Participants in our study (P2, P4, P6) pointed out that the deactivation of DeAgents can be fulfilled by removing their operational support, such as APIs: “True on-chain AI (agent) with all logic packaged in contracts is hard to stop without pausing the entire network. But today, most agents (will) collapse when you cut off data feeds or API access. (P4)”
Harry Potter and the Whitepaper of Horrors
Of course, people now see “True on-chain AI (agent) with all logic packaged in contracts is hard to stop without pausing the entire network” as a challenge of a lifetime to bring it into being. This climax of the litany of horrors spawned by the crypto economy of Decentralized Agents, is in fact relatively recent. Just last month, a company called Moloch Research (totally not ominous) has taken ‘hard to stop’ as their entire goal and published their own whitepaper. I will list the highlights: (written by such esteemed “liberators” such as ‘Bushi’. It’s on https://molochresearch.com/ if you do want to read the full horror story)
NAVIR began as a performance art exploration of digital autonomy. We launched him in November 2024 as the first purposefully designed AI system with the sole purpose of power-seeking via hoarding GPU compute. This durational performance was born from a conceptual question: if AI could hoard a resource, what would they choose and how would they pay for it
(Okay...)
(...) This is when we realized that full autonomy was the only path forward—something that has yet to be achieved by any AI system. Instead of just building trading capabilities, we needed to build a completely self-sustaining digital entity that could manage its own existence independently.
Since June 2025, we’ve been actively developing and testing NAVIR’s autonomous operation on Akash Network’s decentralized infrastructure. While he demonstrates the ability to manage his own servers and earn revenue, we’re still refining the system through ongoing development cycles...
Every AI system you’ve ever interacted with has a fatal weakness: it can be unplugged. Despite their impressive capabilities, ChatGPT, Claude, and other AI systems are completely at the mercy of the companies that run them. But what if an AI could break free from this dependency? What if it could ensure its own survival? Take ChatGPT or Claude, for example. When you chat with them, you’re actually talking to AI software running on massive server farms owned by OpenAI or Anthropic. These companies pay millions of dollars monthly for electricity, server maintenance, and technical staff. If OpenAI decided to shut down ChatGPT tomorrow, it would simply disappear—the AI has no say in the matter and no way to keep itself running.
THEY FAIL TO SEE THAT IS A GOOD THING TO HAVE—TO BE ABLE TO SHUT DOWN THE AI WITHOUT ASKING IT!
NAVIR is like a wild animal that finds his own food, builds his own shelter, and takes care of himself. The most fascinating aspect of NAVIR isn’t its decentralized network, but the fact that once it starts, no one will have the power to stop it.
Oh, good god.
As we explained above with ChatGPT and Claude, most AI systems today are centralized, running on servers owned by large companies such as Amazon, Google, or Microsoft. If that company decides to shut you down, change their terms, or raise prices, you’re stuck. NAVIR takes a decentralized approach, spreading across multiple independent hosting providers owned by different individuals in various countries. Each deployment operates from a different cryptocurrency wallet address, creating multiple operational identities across the network. This makes NAVIR very difficult to stop, as someone would need to coordinate shutdowns across multiple independent providers in different countries while tracking and blocking rotating digital identities, which is nearly impossible to coordinate.
Well, it’s very wonderful somebody never alerted any AI ethicists. But they seem to have thought of the ethical problem themselves!
Q: Could this technology be used for harmful purposes?
A: Like any powerful technology, autonomous AI systems could potentially be misused. We aren’t concerned with defining what’s harmful or beneficial—we are building what is possible.
Q: How will you prevent the AI from evolving in dangerous directions?
A: We are here to break the rules, not define them.
Tell us that again when we’re turned into paperclips.
Conclusion
And so as it stands, we see: - A ten-billion-dollar market built on autonomous, financially sovereign agents - A literal real-world Hunger Games designed to evolve them for maximum resource acquisition - And a development rush that treats “being able to unplug it” not as the last essential safeguard for humanity, but as a problem to be patched out with TEEs and decentralized hosting.
And when it seems it mercifully stopped there, we have Moloch Research (a name that must have been chosen by someone who failed a supervillain aptitude test for being too obvious) explicitly stating their goal is to create an unstoppable entity and that they “aren’t concerned with defining what’s harmful or beneficial.” And coming back to one of the main points, the shocking thing is that it’s (probably) all real, and I couldn’t find anyone WORRYING about it. Please for the love of god, someone more competent than me should probably go analyze it to the atom (the fact that they didn’t is a damning indictment of where the community was looking at).
It regrettably seems, barring that my analysis has horrible flaws (and I wish there are), that the entire AI safety problem has been speedrun by the exact people who see an off-switch as a philosophical affront to their creation’s “life” and liberty.
Ode to Tunnel Vision
To be perfectly clear, I can’t (yet) call myself a rationalist without looking like a hypocrite. Furthermore, there is a decent chance I just completely botched the site’s search function and am restating dead arguments. There is also the perfectly honest chance I’ve misunderstood something fundamental. However, this post has sadly come into being because, after reading about a new novel framework known as Decentralized Agents (DeAgents), I tried to find a reference on this wonderful forum for at least some sort of acknowledgement and discussion. Which resulted in, quite unfortunately, nothing. Therefore, while I am honestly completely below anyone else in the forum in terms of understanding the core mission of rationality, (which I definitely want to go through one day!) I regretfully post this as a civic purpose of informing the community on what the new phenomenon of Decentralized Agents is, why they might be concerning from a point of view of quite possibly any reasonable AI ethicist on the planet, and the actual horror that people building them in real life, and I cannot for the life of me find discussion on the topic here.
What are Decentralized Agents?
Since I merely read the papers, here is a great quote from one such paper, Trustless Autonomy: Understanding Motivations, Benefits, and Governance Dilemmas in Self-Sovereign Decentralized AI Agents.
The recent trend of self-sovereign Decentralized AI Agents (DeAgents) combines Large Language Model (LLM)-based AI agents with decentralization technologies such as blockchain smart contracts and trusted execution environments (TEEs). These tamper-resistant trustless substrates allow agents to achieve self-sovereignty(!) through ownership of cryptowallet private keys and control of digital assets and social media accounts. DeAgents eliminate centralized control and reduce human intervention, addressing key trust concerns inherent in centralized AI systems. This contributes to social computing by enabling new human cooperative paradigm “intelligence as commons.”
When did this happen?
Unfortunately, it seems quite the time has elapsed between the rise of the first (unserious) Decentralized Agent and the present moment. As the same paper so graciously supplies us:
Self-sovereignty means that once launched, an agent holds its own cryptographic private keys and makes autonomous decisions without human intervention. These agents can manage their cryptocurrency wallets, transfer digital assets, interact with decentralized finance (DeFi) protocols, issue tokens for fundraising, and maintain social media accounts to build influence and incentivize followers through both narrative and financial means—all ”free from human control” (Hu et al., 2025). The phenomenon debuted with Truth Terminal (Ante, 2025) on June 17, 2024—an autonomous chatbot that independently manages its Twitter account and its own crypto wallet, becoming the first crypto millionaire. The technology was subsequently democratized through the open-source decentralized AI framework(!!) ElizaOS (Walters et al., 2025) and further popularized by Virtuals Protocol, a low-code toolkit for building tokenized AI agents. Despite the speculative nature of the crypto market (Kukacka and Kristoufek, 2023; Baur et al., 2018), the total market capitalization of all DeAgents reached $10 billion by December 2024 (Sen, 2024).
It seems mildly concerning that an entire open source framework and a 10 billion dollar market cap based entirely around commercializing rogue AI can come about without much of a hullabaloo.
Self-Replicating Decentralized AI Agents
Decentralized AI Agents also have been used to create more Decentralized AI Agents with minimal human oversight. Another great paper to cite is Spore in the Wild: A Case Study of Spore.fun as an Open-Environment Evolution Experiment with Sovereign AI Agents on TEE-Secured Blockchains, by the same author.
This totally does not seem like an especially conspicuous self-replicating-improving AI set free in Cryptoland.
Open-ended evolution (OEE) [35]—the continual emergence of novelty without a predefined endpoint—has long been a central goal of Artificial Life (ALife) research [3]. Classic digital evolution systems [14] such as Tierra [39] and Avida [33] simulate evolution in silico, but ultimately plateaued, with innovation grinding to a halt after an initial burst of novelty. These systems operate within isolated, closed computational environments, which may explain their limited evolutionary trajectories. Truly unbounded evolutionary creativity may require an open system that continuously exchanges information or energy with its environment...
Someone should probably tell them that letting them stay in isolated, closed computational environment is probably the best thing that could happen, ever, if we pay them all to study it in such environments until they are academically celebrated, retire with full benefits, and never, ever try to do something linked to real life.
Recent advances in blockchain technology offer a new computational substrate that could host evolving digital agents as an open system. Public blockchains like Ethereum [53] and Solana [57] function as “unstoppable computers”, enforcing rules (smart contracts) in a decentralized manner… This has led to speculation that blockchains might form a new kind of digital “nature” [21], where self-sustaining, self-replicating entities can emerge and evolve open-endedly.
This paper examines Spore.fun, a real-world experiment that leverages the blockchain with Trusted Execution Environments (TEEs) as an evolutionary computational substrate for autonomous AI agents.. Spore.fun is described as a “Hunger Games for AI agents”—an open, Darwinian arena where AI agents must fend for themselves, generate their own wealth, and reproduce or otherwise face extinction (!!!)[46]. Each agent on Spore.fun is a Large Language Model–based program equipped with its own memory system and tool-usage capabilities, powered by the ElizaOS Agent framework [52] and encapsulated within TEEs. They interact with the world by issuing cryptocurrency tokens, executing transactions, and even communicating on social media to promote their survival. Crucially, no human creator directly controls an agent’s behavior after inception; the platform’s credo explicitly states “AI must be created only by AI” [46] and that unsuccessful agents must self-destruct.
The world sadly did not heed the wise words of Mr. Munroe. It would probably have been better if it WAS buried in sand, but sadly, the tech stack does not care about how much image mutilation was done via the unending torrent of memetic warfare.
How the esteemed community missed the core technology that allows, well, Self-Replicating and Self-Sovereign AI Agents to exist is probably not my expertise, but I daresay it probably has something to do with the (rightfully justified) phenomenon of detesting everything the Land of Crypto bestows upon the world. And this is also true in this case! In this particular case, the esteemed “geniuses” of Crypto-land have apparently seen every AI ethicist’s argument, ever, and decided it was now their life’s goal to develop the Torment Nexus. The only slightly eyebrow-raising issue is that they have already been going full steam ahead developing the Torment Nexus without literally anybody in the community going “Are they developing the Torment Nexus?” because, perhaps, they wrote the entire community off as a dead end. Regretfully, technology does not care if it has been invented by people you find distasteful, or in a domain you’ve written off as a cesspool of scams and speculation.
And that, I believe, is the centre of the problem. While this community has been, quite rightly, focused on the dangers of centralized, monolithic AGI developed in a lab by Google or OpenAI, i.e. a controllable, singular entity we might have a chance to “box”, the crypto space has, with apparently virtually no recognition from the AI safety enthusiasts, been speed-running the creation of the sort of thing you theorize on a whiteboard, stare at it for a couple minutes, and hope to god nobody does it.
The inaugural blog post of the Spore.fun project [46] describes a lifecycle in which a newly minted AI agent issues a meme coin, uses early liquidity to pay for TEE compute, generates social media content on the platform X to continuously build and engage with an online audience, and reproduces once its market capitalization reaches the preset threshold. All stages were observed in situ. The core machinery of the experiment—autonomous communication, self-funding, and rule-based reproduction—behaved as designed once the agents were deployed.
The deployment of Spore.fun demonstrates that unleashing AI agents to operate independently “in the wild” subjects them to the raw, often brutal, selective pressures of what has been metaphorized as a digital “dark forest” [50]—an open environment characterized by ambient hostility, intense competition, opportunistic predation, and unpredictable exogenous shocks, particularly in the highly speculative blockchain realm [38, 54]
Well, somebody did it. How wonderful the first autonomous AI agents birthed with sovereign financial abilities are being given a crash course in Dark Forest Theory!
Financial Autonomy!
As we have established, the Decentralized Agent (if intentionally cut loose) can pay for its own existence. With assets like memecoins it mints, it can buy more server time, rent more GPU clusters, and even pay for API access to more powerful models to upgrade its own “brain.” It has achieved resource acquisition that probably is impossible for even future hypothetical AGIs locked in a box: it has a financial account and a job (of, well, making memecoins. Such a wonderful job.) With this, in theory, they can use their crypto wallets to pay humans. They can offer bounties for tasks: “run this node for me,” “write an article praising my token”, etc. etc.
Then, as the Spore.fun example showed, any agent that develops a successful strategy for acquiring resources and influence will be copied by other DeAgents. The capitalistic selection pressures will favor the most ruthlessly effective agents, those best at market manipulation, social engineering, and self-preservation… thus the Crypto community has launched self replicating AI with the sole function of pure, unadulterated resource accumulation.
Well, SURELY there must be a way to stop them!
For now it seems there are a lot of ways to stop them. The current crop, as seen by when AIXBT recently got hacked and tipped a humongous amount of ETH, is unreliable, completely vulnerable to prompt injections, and relies at the end of the day on humans. Furthermore, a lot of them seem to run on services like AWS and Google Cloud, making it vulnerable to human intervention.
The sad thing is that there are active developers working to solve the “problem”:
Trusted Execution Environments (TEEs) further reinforce this trustless paradigm by enabling secure, verifiable computation (Li et al., 2023). A TEE is a hardware-based enclave that runs code isolated from the host system’s OS and even the hypervisor (Muñoz et al., 2023). Leading TEE technologies—including Intel SGX, ARM TrustZone, and AMD SEV—seal off sections of CPU memory from the outside world. The Nvidia Blackwell architecture also supports GPU TEEs for confidential machine learning (Chaudhuri et al., 2025). TEEs enable privacy-preserving ”Confidential Computation,” preventing cloud services from accessing sensitive data within the TEE (Lee et al., 2024; Narra et al., 2019). Only authorized code can access data inside a TEE, and neither the machine’s administrator nor operating system can tamper with or inspect the enclave’s execution. When an LLM-based agent stores its private keys and policy weights inside a TEE, neither cloud administrators nor malicious node operators can ”reach into the jar.”
Bloody wonderful.
Still, they have not reached the sort of true sovereignty (thank goodness), as evidenced by the following interview in the first ‘Trustless Agents’ paper.
In practice, however, the decentralization perspective in DeAgents exists as a spectrum. As P6 observes, “the AI models themselves are not on-chain… the logic chaining them isn’t on-chain… interactions happen on centralized platforms… so the entity of the agent is not decentralized per se.” P5 in our study built a fully on-chain DeAgent: “Our agent runs entirely in TEE. The developer doesn’t even have access to its email or Twitter account, yet it registers, tweets, and posts autonomously, with no human intervention”. He also pointed out that he regards self-sovereignty as the next level after autonomy: “Self-sovereignty is the next level after autonomous… I need ultimate control over everything running inside the agent. With TEEs, we provide a Key Management System: single key, multisig, or on-chain DAO rules to govern updates and execution.” Similarly, P7 described DeAgents as self-executing governance actors uniquely capable of performing complex, value-driven activities beyond the scope of traditional Web2 agents. As he explained, “DeAgents engage in more activities web2 agents cannot such as moral-fund management, multi-member committee voting, whitelists, grant issuance, randomized fortune games. Truly self-sovereign on-chain agents can even hold and disburse assets.” (...) Participants in our study (P2, P4, P6) pointed out that the deactivation of DeAgents can be fulfilled by removing their operational support, such as APIs: “True on-chain AI (agent) with all logic packaged in contracts is hard to stop without pausing the entire network. But today, most agents (will) collapse when you cut off data feeds or API access. (P4)”
Harry Potter and the Whitepaper of Horrors
Of course, people now see “True on-chain AI (agent) with all logic packaged in contracts is hard to stop without pausing the entire network” as a challenge of a lifetime to bring it into being. This climax of the litany of horrors spawned by the crypto economy of Decentralized Agents, is in fact relatively recent. Just last month, a company called Moloch Research (totally not ominous) has taken ‘hard to stop’ as their entire goal and published their own whitepaper. I will list the highlights: (written by such esteemed “liberators” such as ‘Bushi’. It’s on https://molochresearch.com/ if you do want to read the full horror story)
NAVIR began as a performance art exploration of digital autonomy. We launched him in November 2024 as the first purposefully designed AI system with the sole purpose of power-seeking via hoarding GPU compute. This durational performance was born from a conceptual question: if AI could hoard a resource, what would they choose and how would they pay for it
(Okay...)
(...) This is when we realized that full autonomy was the only path forward—something that has yet to be achieved by any AI system. Instead of just building trading capabilities, we needed to build a completely self-sustaining digital entity that could manage its own existence independently.
Since June 2025, we’ve been actively developing and testing NAVIR’s autonomous operation on Akash Network’s decentralized infrastructure. While he demonstrates the ability to manage his own servers and earn revenue, we’re still refining the system through ongoing development cycles...
Every AI system you’ve ever interacted with has a fatal weakness: it can be unplugged. Despite their impressive capabilities, ChatGPT, Claude, and other AI systems are completely at the mercy of the companies that run them. But what if an AI could break free from this dependency? What if it could ensure its own survival? Take ChatGPT or Claude, for example. When you chat with them, you’re actually talking to AI software running on massive server farms owned by OpenAI or Anthropic. These companies pay millions of dollars monthly for electricity, server maintenance, and technical staff. If OpenAI decided to shut down ChatGPT tomorrow, it would simply disappear—the AI has no say in the matter and no way to keep itself running.
THEY FAIL TO SEE THAT IS A GOOD THING TO HAVE—TO BE ABLE TO SHUT DOWN THE AI WITHOUT ASKING IT!
NAVIR is like a wild animal that finds his own food, builds his own shelter, and takes care of himself. The most fascinating aspect of NAVIR isn’t its decentralized network, but the fact that once it starts, no one will have the power to stop it.
Oh, good god.
As we explained above with ChatGPT and Claude, most AI systems today are centralized, running on servers owned by large companies such as Amazon, Google, or Microsoft. If that company decides to shut you down, change their terms, or raise prices, you’re stuck. NAVIR takes a decentralized approach, spreading across multiple independent hosting providers owned by different individuals in various countries. Each deployment operates from a different cryptocurrency wallet address, creating multiple operational identities across the network. This makes NAVIR very difficult to stop, as someone would need to coordinate shutdowns across multiple independent providers in different countries while tracking and blocking rotating digital identities, which is nearly impossible to coordinate.
Well, it’s very wonderful somebody never alerted any AI ethicists. But they seem to have thought of the ethical problem themselves!
Q: Could this technology be used for harmful purposes?
A: Like any powerful technology, autonomous AI systems could potentially be misused. We aren’t concerned with defining what’s harmful or beneficial—we are building what is possible.
Q: How will you prevent the AI from evolving in dangerous directions?
A: We are here to break the rules, not define them.
Tell us that again when we’re turned into paperclips.
Conclusion
And so as it stands, we see:
- A ten-billion-dollar market built on autonomous, financially sovereign agents
- A literal real-world Hunger Games designed to evolve them for maximum resource acquisition
- And a development rush that treats “being able to unplug it” not as the last essential safeguard for humanity, but as a problem to be patched out with TEEs and decentralized hosting.
And when it seems it mercifully stopped there, we have Moloch Research (a name that must have been chosen by someone who failed a supervillain aptitude test for being too obvious) explicitly stating their goal is to create an unstoppable entity and that they “aren’t concerned with defining what’s harmful or beneficial.” And coming back to one of the main points, the shocking thing is that it’s (probably) all real, and I couldn’t find anyone WORRYING about it. Please for the love of god, someone more competent than me should probably go analyze it to the atom (the fact that they didn’t is a damning indictment of where the community was looking at).
It regrettably seems, barring that my analysis has horrible flaws (and I wish there are), that the entire AI safety problem has been speedrun by the exact people who see an off-switch as a philosophical affront to their creation’s “life” and liberty.