Vitalik Buterin reveals and warns of security risks linked to AI agents

AI advances quickly, sometimes too fast for safety. Vitalik Buterin warns of a worrying trend: intelligent agents are opening new vulnerabilities that are still poorly controlled. Faced with this risk, it breaks with dominant practices and opts for a radical approach, based on local and compartmentalized AI. Behind this choice, a question arises: is innovation in artificial intelligence compromising recent achievements in terms of confidentiality and data control?

An underestimated threat in AI agents

Vitalik Buterin reveals a structural vulnerability in the AI ​​agent ecosystem. Data from security company Hiddenlayer indicate that nearly 15% of skills contain malicious instructions, a figure which calls into question the reliability of these tools.

Several elements illustrate concretely this drift:

• A significant proportion of agent modules integrating potentially hostile code;
• The ability of a single malicious web page to compromise an agent;
• The case of Openclaw, where an agent can download and execute scripts without alerting the user;
• The absence of robust control mechanisms in many AI environments

Buterin summary this concern in unequivocal terms: “I come from a deeply worried state of mind (…) we are about to take ten steps backwards”. This statement reflects a general fear: that of a decline in confidentiality.

Advances enabled by encryption and local software could be undermined by agents capable of accessing, processing and transmitting sensitive data without sufficient supervision.

A radical architecture for sovereign AI

Faced with these risks, Vitalik Buterin adopts a radical technical approach. He abandoned cloud services to build a system he describes as “sovereign/local/private/secure”. Its infrastructure is based on a locally executed model, combined with isolated environments via sandboxing tools. The objective is to drastically limit uncontrolled interactions with the outside world, while maintaining total control of the data.

At the heart of this device, Buterin introduces a new mechanism: the model “human + LLM 2-of-2”. Any outgoing action to a third party, whether a message or an interaction, requires joint validation from humans and AI. This logic extends to crypto uses. It recommends capping automated transactions at $100 per day, with mandatory validation above or in the presence of sensitive data. According to him, “AI agents should never have unlimited access to wallets”a position that redefines security standards for tools connected to the blockchain.

To complete this system, Buterin explores alternatives to classic remote inference. He discusses the use of technologies like mixnets or secure execution environments to reduce data leaks. He also mentions initiatives like ZK-API, while acknowledging that some advanced solutions, such as fully homomorphic encryption, are still too slow for practical use.

The approach defended by Vitalik Buterin outlines a possible evolution of AI towards more sovereign and compartmentalized models. At the same time, it raises complex trade-offs between performance, accessibility and security. In the crypto ecosystem, where automation and intelligent agents are gaining ground, these choices could influence the design of future wallets and protocols. This position does not close the debate, it shifts it towards a central question: how far to delegate control to artificial intelligence without compromising user security.