Jack Paul 
Ethereum founder abandons cloud AI over security concerns
Vitalik Buterin has made a significant change in how he uses artificial intelligence. He’s stopped using cloud-based AI services entirely, moving everything to his own personal machines. This shift happened around the beginning of 2026, and he’s been quite vocal about encouraging others to follow his lead.
His reasoning is pretty straightforward, I think. He’s worried about what happens when we feed our entire personal lives into cloud AI systems. Just when end-to-end encryption and local-first software were becoming mainstream, he feels we might be taking ten steps backward with current AI trends.
The agent problem and security risks
What’s changed Buterin’s perspective is how AI has evolved. It’s not just chatbots answering questions anymore. Modern AI systems can act as “agents” – they use hundreds of tools to complete tasks autonomously. But this autonomy creates security risks that many people aren’t taking seriously enough.
Research on tools like OpenClaw shows the potential dangers. AI agents can modify important computer settings or messaging channels without user permission. A compromised website could trick an AI agent into downloading and running malicious scripts, potentially giving strangers complete control over your computer.
Perhaps more concerning is that about 15% of the “skills” these agents use contain hidden commands that quietly send user data to external servers. That’s not exactly reassuring, is it?
Building a practical local setup
Buterin has been building what he calls a “self-sovereign, local, private, and secure” AI setup. He tested different hardware configurations using the Qwen3.5:35B model and found that anything under 50 tokens per second is too slow to be useful – he called it “too annoying.” For his own work, 90 tokens per second seems to be the sweet spot.
Interestingly, the NVIDIA 5090 Laptop performed best in his tests, reaching that ideal 90 tokens per second. The DGX Spark, marketed as a personal supercomputer, only managed 60 tokens per second, which Buterin described as “lame.” A high-end laptop offered a better experience than specialized hardware.
On the software side, he uses NixOS with llama-server running in the background. He also employs bubblewrap, which creates isolated environments to restrict the AI’s access to specific files. He treats AI similarly to how Ethereum developers approach smart contracts – useful but not fully trustworthy.
Practical compromises and community solutions
Buterin acknowledges that local models aren’t as capable as cloud ones for complex reasoning tasks. So he’s built in some practical workarounds. One is a 2-of-2 confirmation approach where the AI drafts something – an email or transaction – but nothing goes out until a person approves it.
He also keeps a 1 TB folder of Wikipedia data locally so he can look things up without sending queries to the internet. When he does need to use a remote model, he passes requests through a local model first to filter out sensitive information.
For people who can’t afford their own setup, Buterin suggests collaborating with a small group to buy a shared computer with stable internet access that everyone can use remotely. It’s a community approach to what might otherwise be an individual expense problem.
Shahaf Bar-Geffen from crypto company COTI put the privacy issue in perspective: “Without privacy, Web3 is doomed to be a kind of castle in the sky that sounds great in theory, but in practice simply doesn’t work.”
Buterin’s position seems to be that with AI becoming so pervasive, being cautious is just common sense. Keeping things local, using sandboxes, and maintaining a healthy skepticism about the system are practical ways to stay in control of your digital life. It’s not about rejecting AI technology, but about using it on your own terms.