Forward the Original Title ‘AI and Verifiability’

As AI systems increasingly integrate with blockchain ecosystems, ensuring the verifiability of AI outputs becomes a cornerstone for fostering trust, transparency, and accountability. This is especially critical for decentralized finance (DeFi) and proof-of-personhood applications, where accuracy and reliability can directly influence financial outcomes, governance decisions, and user identity.

The Case for Verifiable AI in Decentralized Systems

AI Observability

Ensures that decision-making processes are transparent and understandable. Stakeholders gain insight into how conclusions are derived—vital when decisions influence on-chain transactions or large-scale governance.

Source Traceability

Tracks the data, parameters, and model architectures used to generate AI predictions. By establishing provenance, users know where training data came from and which models were employed, enhancing trust and reducing the likelihood of misinformation.

Output Verification

Confirms that the final AI outputs are both accurate and unaltered. In a decentralized context, this often involves proof mechanisms (e.g., zero-knowledge proofs, sampling consensus) to ensure that computations or inferences have not been tampered with off-chain.

Challenges in On-Chain AI Verifiability

While blockchains excel at providing immutable ledgers and distributed trust, on-chain AI computations can be prohibitively expensive. For example, matrix multiplication for 1000×1000 integers may consume billions of gas—beyond Ethereum’s current block gas limit (Zheng et al., 2021). Consequently, most AI projects rely on off-chain computation with on-chain verification.

Yet, off-chain approaches introduce new challenges:

Potential Fraud: Without robust verification, malicious actors can submit incorrect or manipulated data.

Centralized Weak Points: Relying on off-chain oracles or private servers can undermine the decentralized ethos, leading to censorship or single points of failure.

Hence, emerging solutions aim to maintain high performance while incorporating cryptographic or sampling-based verification, balancing efficiency and decentralization.

EigenLayer

EigenLayer is a restaking protocol that allows Ethereum validators to “restake” their ETH to secure additional decentralized services, known as Actively Validated Services (AVS). Rather than needing a new validator set for each specialized task (e.g., AI validation, cross-chain operations), EigenLayer reuses Ethereum’s robust and decentralized validator network.

EigenLayer enhances security by allowing new Actively Validated Services (AVS) to tap into Ethereum’s existing validator set. This validator set is already large, well-capitalized, and geographically distributed, offering robust cryptoeconomic guarantees without the need to bootstrap a new network from scratch.

By enabling restaking, EigenLayer significantly reduces operational overhead. Projects no longer need to create and maintain their own validator ecosystems, which lowers both infrastructure costs and the barriers to launching new decentralized services on-chain.

Additionally, the system offers high flexibility. AVS can customize their own consensus and validation logic while still inheriting Ethereum’s base-layer security, making EigenLayer an ideal foundation for modular, secure, and scalable decentralized applications.

Hyperbolic’s Proof of Sampling (PoSP)

Hyperbolic Labs introduces Proof of Sampling (PoSP), an efficient, scalable alternative to traditional zkML or optimistic fraud proofs for AI validation. This novel sampling-based verification protocol ensures that our users can trust the results of their models being trained and run on our decentralized GPU network. This protocol, known as Proof of Sampling (PoSP), is the new gold standard for verification in AI.

Developed by the Hyperbolic team in collaboration with researchers from UC Berkeley and Columbia University, PoSP uses game theory to secure decentralized systems. It validates a strategic sample of results and implements an arbitration process for dishonest nodes to incentivize 100% honest behavior across the network.

Proof of Spontaneous Proofs (PoSP) offers several key advantages: it enables efficient verification by adding less than 1% computational overhead, allowing nodes to maintain near-native operating speeds. Its robust security ensures participants remain honest, as random checks make fraud too risky to be worthwhile. Through game-theoretic incentives, PoSP creates a pure strategy Nash Equilibrium where honest behavior is always the rational choice. Finally, PoSP is highly scalable for AI services, capable of supporting large-scale decentralized AI workloads while ensuring high-performance compute and inference processes remain verifiable and trustworthy.

Randomized Audits: A rotating set of validators (through EigenLayer) regularly sample and check AI computations. This continuous verification prevents systematic cheating.

Nash Equilibrium Incentives: Malicious behavior is economically irrational for validators—dishonest or inconsistent outputs lead to slashable penalties.

High Throughput: PoSP’s lower performance overhead makes it well-suited for use cases requiring quick, frequent AI inferences.

Unlike other decentralized AI solutions, when you run inference on Hyperbolic’s decentralized network, you can be confident that you are receiving a valid result.

By integrating PoSP into EigenLayer, decentralized AI services can achieve a secure, trust-minimized framework that can handle a growing number of inference requests without sacrificing decentralization or cost-efficiency.

Randomized Validation: Validators are selected randomly to verify outputs, ensuring unbiased results.

Scalable AVS Support: PoSP reduces computational demands, allowing EigenLayer to secure large-scale services efficiently.

Fraud Deterrence: Strict penalties make dishonesty unprofitable, while honest behavior remains the optimal strategy.

“The EigenLayer protocol combined with our Proof of Sampling protocol fundamentally transforms how we secure decentralized services. We now offer scalable, reliable, and fraud-resistant infrastructure at a fraction of the cost.” - Jasper Zhang, CEO of Hyperbolic

Read the full paper on PoSP here

Mira

Mira Network aims to address a fundamental challenge in AI, which is the tendency of large language models (LLMs) to generate incorrect information. Designed to reduce hallucinations and maximize output accuracy without human oversight, Mira leverages a decentralized network of independent nodes to trustlessly verify AI outputs in parallel.

There are three steps in Mira’s architecture

Binarization

The process of breaking outputs into simpler ‘claims’.

Distributed Verification

The above claims are verified by a network of verifier nodes that run specialized models to verify the claims. The verification is done in a multiple-choice question format. The claims for verification are randomly sharded across verifiers, which makes it difficult for collusion.

Proof-of-Verification

A hybrid consensus mechanism that combines Proof-of-Work (PoW) and Proof-of-Stake (PoS) is utilized. Each verifier needs to stake to participate in verification. This approach ensures that verifiers are actually performing inference, instead of just attesting. A verifier’s stake will be slashed if their output is found to constantly deviate from the consensus.

Once consensus has been reached by the network on an output, a cryptographic certificate is generated and written to the blockchain, creating an immutable record of verified facts.

Source: Mira Network Whitepaper

Privacy is a key aspect of Mira’s design. Given that the claims are sharded randomly, it is not possible for a single node operator to reconstruct the original output. In addition, the verification responses from independent verifiers are kept private before consensus, preventing information leakage.

Mira is looking to verify increasingly complex content, which includes code, structured data, and multimedia content. In the future, Mira will also reconstruct invalid content when invalid content is detected, achieving both accuracy and speed in AI output. Eventually, Mira Network will be able to accumulate economically secured facts, creating a database for fact-checking.

As network usage grows - higher fee generation - better verification awards- attract more node operators - improved accuracy, cost and latency in the verification of answers

Atoma

Atoma is a decentralized, private, and verifiable AI execution network, live on Sui mainnet. The core architecture consists of three elements: (a) compute layer and; (b) verification layer and; (c) privacy layer.

Compute Layer

A global network of execution nodes that processes inference requests. A large number of nodes are available by working with various data centers, and edge devices like individuals’ digital devices.

With Atoma, the model weights are available locally on the nodes, increasing the speed of inference when a request has been received. In addition, the requests received are routed to the most suitable node, matching the task with the corresponding performance and cost.

Atoma focuses on optimizing the efficiency of running inferences through a couple of features, including FlashAttention and Paged Attention, both contributing to reduced computational overhead.

Verification Layer

Computation integrity is verified through sampling consensus. This is a process where nodes are selected at random to run inference, and generate a cryptographic hash of the output. If all hashes generated by the selected set of nodes matches, the inference output is verified. Should there be a discrepancy amongst the hashes generated, the network will source for the dishonest node, which will be penalized through slashing of its stake.

The chances of a malicious attacker being able to control half or more of the entire network’s GPU power to game the system is very low, and becomes even more difficult as the node network scales. The number of nodes selected for sampling is flexible, for higher stake tasks, a larger set of nodes can be chosen.

Privacy Layer

Atoma places emphasis on keeping user data secure and private, by running computations in a Trusted Execution Environment (TEE). The data input by users are encrypted, and is only decrypted in the TEE. This prevents any other parties on the blockchain from viewing the user’s data. Once the inference has been run, the output is encrypted before it is returned to the users.

Despite the above being a secure solution, it is worth noting that it comes with a tradeoff in terms of the higher computation overhead, which might result in higher fees for users.

Aizel Network

Similar to Atoma Network above, Aizel Network opts for a TEE-based approach. The difference here is that Aizel has integrated Multi-Party Computation (MPC) into their workflow, where the inference tasks are routed to different TEEs. This is aimed at decentralizing the network, ensuring that inference is still possible even when one TEE is hacked or down.

Fortytwo

Fortytwo champions a “swarm inference” model built around Small, Specialized Models (SLMs). Instead of relying on one massive monolithic AI, the network orchestrates multiple contributor-run models, each fine-tuned for specific tasks or domains. These models work in parallel—verifying, refining, and cross-checking each other’s outputs—to deliver more accurate and trustworthy inferences.

This decentralized structure tackles problems that single, large models often face, such as bottlenecks in training, costly hardware requirements, and single points of failure. By distributing intelligence across numerous smaller models and contributors, Fortytwo ensures both scalability and fault tolerance.

1. Small Specialized Models (SLMs)

Intent-First Initialization

Before any task begins, contributors specify the goal, budget, and constraints. This approach aligns every SLM with the overall mission—whether that’s summarizing text, analyzing code, or any other specialized inference.

Contributor-Defined Specializations

Individual node operators bring their own fine-tuned models to the network. They retain full control over weights, biases, and proprietary data—ensuring privacy for each model owner. These specialized models can focus on areas like sentiment analysis, legal text parsing, or even domain-specific code generation.

Privacy of Weights & Biases

A critical aspect of Fortytwo is that contributors do not have to share raw model internals. Only inference results are shared with the network. This design preserves the intellectual property of each model owner and helps mitigate risks associated with exposing sensitive data.

2. Swarm Inference & Peer Evaluation

Multi-SLM Collaboration

Tasks are split among 7–8 (or more) specialized SLMs, each providing a unique domain perspective. By dividing larger tasks into smaller sub-problems, the network harnesses the strengths of each model more effectively.

Flat Mixture-of-Experts (MoE)

Rather than stacking sub-experts in multiple layers, Fortytwo uses a “flat” MoE approach, where each model processes data independently. This design can be particularly efficient because it avoids complexity from hierarchical gating, letting experts focus solely on their respective subtask.

Collective Error Detection

Peer evaluation plays a pivotal role in maintaining inference accuracy. When models disagree, the network flags the discrepancies for deeper analysis. This cross-verification process is crucial in catching errors early and ensuring high-quality output.

3. Low Latency & Distributed Compute

Consumer-Grade Hardware

Fortytwo is optimized for devices like Apple Silicon and RTX GPUs, lowering cost barriers and broadening the base of potential node operators. This approach democratizes AI by enabling more individuals—and not just large data centers—to participate.

Deployment Clusters

Many node operators choose cloud platforms (e.g., AWS) or self-hosted clusters to minimize latency. Well-coordinated clusters become particularly valuable in time-sensitive scenarios where even small delays can significantly impact user experience.

4. Node Operator Community

Growing Participation

Thousands of participants have expressed interest in running inference nodes, creating a diverse and distributed network. This expansion brings more computational resources online, further increasing throughput and resilience.

Wikipedia-Like Model Contributions

Similar to how Wikipedia editors collaborate on articles, each node operator can enhance or fine-tune specialized models and share improved inference techniques. This collective maintenance and refinement fosters continuous innovation and elevates the overall intelligence of the network.

Lagrange

Lagrange is at the cutting edge of using Zero-Knowledge (ZK) technology to bring verifiability to AI. Their motto—“The future of AI is ZK, and the future of humanity is Lagrange”—underscores the belief that, as AI evolves toward superintelligence, we must ensure transparency and trust in how these models function.

DeepProve: High-Performance zkML

• Proof of Correct Model: DeepProve cryptographically confirms that the correct AI model was used for a given inference, leaving no room for tampering or misrepresentation.
• Proof of Correct Output: It also guarantees that the output aligns with what the model would genuinely produce, preventing malicious actors from injecting fake results.
• Performance Advancements: Boasts 158× faster proof generation and 671× faster verification than many existing zkML solutions, making large-scale deployment feasible.

By removing “black-box” AI interactions, Lagrange ensures that users don’t have to blindly trust AI. In decentralized environments where trust minimization is paramount, cryptographic certainty about model integrity and output correctness becomes essential.

Moreover, Inference Labs operates as the application-focused arm of Lagrange, bridging research and practical deployments. While Lagrange concentrates on core cryptographic and circuit design, Inference Labs ensures these breakthroughs are production-ready.

Real-World Integrations

Embeds zkML into existing machine learning pipelines, focusing on sectors like DeFi, gaming, healthcare, and supply-chain provenance.

Partners with industry leaders to stress-test new Lagrange features under real-world constraints (e.g., large parameter counts, strict latency requirements).

EZKL

EZKL is an open-source system for creating verifiable AI and analytics using zero-knowledge proofs (ZKPs). It allows developers to prove that AI models were executed correctly without revealing sensitive data or proprietary model details. Inspired by systems like Apple’s Face ID, EZKL extends uncompromisable model security to any model on any device—without relying on specialized hardware like TEEs.

Zero-Knowledge Proof Infrastructure

EZKL automates the entire ZKP lifecycle—from model compilation to proof generation and verification. Users provide AI models in ONNX format, which EZKL compiles into ZK-friendly circuits using an optimized version of the Halo2 proving system. The system then generates cryptographic proofs of correct model execution that can be verified on any device.

This cryptographic process enables decentralized trust in high-stakes AI applications, such as financial decision-making, biometric authentication, and real-time inference validation.

Collaborative SNARKs (Cosnarks)

EZKL recently introduced Collaborative SNARKs (cosnarks), allowing two parties—such as a model owner and a data owner—to jointly generate a ZK proof without either party revealing their confidential assets. Unlike delegated MPC proving systems, cosnarks eliminate additional trust assumptions by limiting computation to just the involved parties.

This advancement enables use cases like private credit scoring, confidential trading strategies, and zero-knowledge identity verification. The implementation leverages Renegade’s 2PC-optimized MPC library and is integrated directly into Lilith, EZKL’s cloud orchestration layer.

Model Support and Flexibility

EZKL supports a wide range of AI/ML architectures, including CNNs, RNNs, GPT-style transformers, decision trees, and stable diffusion models. Any model compatible with the ONNX standard can be converted into a ZK circuit.

By abstracting model logic into mathematical circuits, EZKL enables privacy-preserving inference across industries such as finance, healthcare, and identity. Tree-based logic, attention mechanisms, and large-scale matrix ops are all supported within the Halo2-backed framework.

Developer Experience

EZKL prioritizes accessibility and abstraction of complexity. Developers don’t need prior cryptographic knowledge, circuit design experience, or advanced DevOps skills. The system offers bindings in CLI, Python, JavaScript, and Rust—making it easy to embed ZK workflows into existing ML pipelines.

Automatic constraint generation, simplified proof commands, and seamless integration with orchestration tools allow developers to focus solely on application logic.

ORA Protocol

ORA is a chain-agnostic oracle protocol that bridges AI and blockchain, enabling developers to build fully trustless, decentralized applications powered by verifiable machine learning. Through its infrastructure, ORA brings AI inference, content generation, and complex compute directly onchain, removing reliance on offchain APIs or centralized compute. Its core innovation lies in combining AI execution with cryptographic proofs, creating programmable AI pipelines with embedded verifiability.

The protocol allows any developer to build applications where AI outputs—whether it’s a language model response, a generated image, or a fact-checked statement—can be embedded into smart contracts with auditability and correctness guarantees.

Onchain AI Oracle (OAO)

The Onchain AI Oracle (OAO) is ORA’s flagship product. It enables smart contracts to request, receive, and act upon the results of AI inferences run offchain—but verified and settled onchain. Developers can call an AI inference job via ORA’s opML network. The result is returned through a callback function in the user’s contract, making onchain applications AI-native and fully autonomous.

OAO supports multiple large models—like LLaMA3, Stable Diffusion, OpenLM Chat/Score—running via verifiable infrastructure. Developers can integrate OAO on any EVM-compatible chain, and prebuilt smart contracts like Prompt and SimplePrompt allow for rapid prototyping with gas optimization in mind.

opML and Verifiability Workflow

ORA’s optimistic machine learning (opML) system powers its verifiability layer. When an inference job is initiated, the result is posted onchain with a challenge period. During this time, opML validators can verify the result, and if incorrect, submit a fraud proof. The correct result replaces the challenged one. This ensures that AI outputs embedded into smart contracts are verifiable, censorship-resistant, and economically secure.

This optimistic approach balances performance and decentralization. Unlike zkML, which may require heavy upfront computation, opML makes it economically irrational for dishonest behavior to succeed—especially as the validator network scales.

Developer Integration

Developers interact with OAO through a well-documented, modular interface. To integrate AI into a smart contract, a developer inherits AIOracleCallbackReceiver and implements the aiOracleCallback() function to receive results. They can then call the oracle to initiate inference using model IDs, input data, and a callback address.

Four models are currently deployed on Arbitrum, and integration can be as simple as using ORA’s Prompt templates. The infrastructure also supports more advanced use cases through its Lilith-powered compute orchestration, enabling faster inference and high-throughput workloads.

Initial Model Offering (IMO)

ORA created the Initial Model Offering (IMO) framework to decentralize AI model ownership, revenue, and governance. IMOs tokenize AI models through a dual-token structure:

• ERC-7007: Anchors verifiable AI-generated outputs (e.g., images, predictions) directly onchain.
• ERC-7641: Distributes revenue from model usage to tokenholders, creating incentive-aligned, community-governed AI systems.

By enabling token-based governance and monetization, IMOs fund open-source development while ensuring AI infrastructure remains censorship-resistant, globally accessible, and collectively owned.

Conclusion

As the AI vertical continues to grow, the need for verifiable AI outputs becomes increasingly critical. Evident from the above, there are diverse approaches to ensuring trustlessness in decentralized AI solutions, including trusted execution environments (TEEs), Proof-of-Sampling (PoSP), Zero-Knowledge Machine Learning (ZKML), and Optimistic Machine Learning (OPML).

The approaches differ in various aspects, namely the cost, time taken, and level of security guarantees. It is likely that all of the above solutions mentioned will be used in some way or another, depending on the specific use cases.

Disclaimer:

1. This article is reprinted from [Hyperbolic - e/acc]. Forward the Original Title ‘AI and Verifiability’. All copyrights belong to the original author [Hyperbolic - e/acc]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. The Gate Learn team does translations of the article into other languages. Copying, distributing, or plagiarizing the translated articles is prohibited unless mentioned.