Private AI You Can Use Today

Sponsor: Unichain — Faster swaps. Lower fees. Deeper liquidity. Explore Unichain on web and wallet.

📸 Market Snapshot: After a surprisingly bullish speech by Fed Chair Jerome Powell at Jackson Hole, the market saw a massive bounce across the board with Ethereum in particular jumping 10% off its lows in less than an hour.

As a result, Base tokens — being the standard arena for benefiting from Ethereum upside — ripped up off their lows, with many AI tokens on the chain having their weekly performance flip green. The momentum was swift and decisive, validating Base's position as the go-to destination for ETH-linked plays.

Those which are green on both the day and the week include:

• FLock.AI ($FLOCK) — a decentralized AI model training and validation network, up 30% on the day and 70% on the week, benefitting from a Coinbase listing and being chosen as an AI Strategic Partner by the United Nations Development Program.
• Tokenbot ($CLANKER) — Farcaster's favorite launchbot, up 13% on the day and 23% on the week.
• Mamo ($MAMO) — a popular yield DeFAI agent available in the Base app, up 9% on the day and 20% on the week.
• Venice ($VVV) — an uncensored AI stack, up 4% on the day and ~18% on the week after launching $DIEM, a tradable compute token mintable by $VVV holders.

All in all, this serves as a reminder that when ETH moves, you want to be looking at Base. While Solana may offer some standout gems, the momentum around ETH right now makes it so monitoring Base closely can pay tenfold.

Whether we like it or not, AI will increasingly handle greater amounts of sensitive data, be it medical, financial, or personal. As this grows, so does the imperative for this data to be handled safely and securely. While today's encryption works great when data sits still or moves between servers, the moment something needs to be done with that data — i.e. inference (when the AI processes it to generate answers) — it must be decrypted. Our most sensitive information becomes exposed at the exact moment it matters most.

Enter NilGPT, a privacy-first AI chatbot recently released by confidential computing platform, Nillion Network, to address these challenges. Unlike traditional AI services that require blind faith in corporate promises, NilGPT builds privacy into its core architecture, all while remaining approachable and easily accessible in your browser. Below I've outlined their announcement, which shows the specific improvements they built across the current private AI landscape, as well as how these considerations influenced Nil's overall design.

Current Landscape of Private AI

As Nillion outlines, private AI isn't exactly "new." Large Language Models (LLMs) can already be run locally on your own device for full control with no data sent elsewhere. But, as we learned throughout the internet's development, local hosting comes with significant limitations. For AI, it means people must own powerful hardware (which most don’t), have the technical expertise to set models up (which most lack), and—even if they succeed—struggle to access chats across multiple devices.

More concerning are centralized "privacy-washing" solutions. Some AI services claim to be private but are still controlled by one company that can see user data. They rely on promises not to misuse data, not actual security, which, as history shows us, can quickly break down when push comes to shove. Similarly, pseudo-decentralized services claim to be "decentralized" (spread across multiple systems), but the company still controls everything and can see user data. This isn't true privacy, as the data isn't protected during use.

Why We Need Private AI on Bankless

AI Roundup: DeFAI accelerates, AI + confidential computing, and the Windsurf War!

BanklessDavid C

Perhaps most deceptive is the "no personal data storage" fallacy. Some services say they don't store personal details like emails, but sensitive data (like medical or financial info) is still sent and processed openly, risking exposure. Your medical symptoms or financial concerns flow through their servers unencrypted during processing, visible to anyone with system access.

NilGPT's Core Design Principles

With these common shortfalls in mind, NilGPT's development turned on four core design principles:

• Breach-Resistant Architecture: User data is protected with advanced encryption, using local encryption to lock chat history on the user's device with a passphrase, like a digital safe. The encrypted data is then split into pieces using secret-sharing and stored across multiple independent nilDB nodes using Multi-Party Computation (MPC) — a technique that allows multiple parties to compute something together without revealing their individual data. This ensures the data is useless without the user's passphrase and cannot be accessed from any single location, preventing exposure even if a node is hacked.
• Confidential Computation: No one, not even those behind NilGPT, can see what users ask, what the AI responds, or their chat history. This comes ensured by Trusted Execution Environments (TEEs) — secure zones within computer hardware that process data in isolation, preventing even the server owners from accessing it — and cryptographic primitives, advanced security techniques that protect data during processing.
• Verifiable Guarantees: While not available yet, NilGPT plans to let users check for themselves that their data is safe in the future, using open-source code (publicly available software anyone can inspect), TEE attestations (hardware proofs that verify the secure environment is running as claimed), and provable cryptography (mathematical methods that guarantee security without relying on secrets). Once implemented, these measures will allow anyone to audit the promises NilGPT makes.
• Zero UX Compromises: NilGPT provides all this in a standard "chatbot" format, making navigation a familiar experience. It comes with account creation options either through email or by connecting your wallet, used to save chat history across devices while still keeping the data private. It also boasts three different "agent modes" to tailor your conversation: wellness assistant, personal assistant, companion.

NilGPT's Technical Architecture

All this comes powered by weaving together three components of Nillion's network:

• nilCC (Nillion Confidential Compute): the core secure computing platform that powers the backend of NilGPT, providing the essential hardware and software infrastructure for running encrypted, private AI processes. It operates on bare-metal servers (dedicated computers not shared with others, like renting an entire house instead of an apartment in a shared building) using secure TEEs. This setup ensures no outside company, like a cloud provider, can access user data or logs.
• nilAI (Nillion Artificial Intelligence): Processes user questions and generates answers. It runs inside nilCC using a RESTful API (a standard way for apps to talk to each other over the internet). It keeps queries and responses hidden inside the secure TEE enclave, so no one can see them. Currently the Llama-3.1-8B-Instruct model is used in NilGPT.
• nilDB: the decentralized storage system that saves encrypted chat history across multiple independent computers (nodes) using MPC, so no single node has all the data.

In practice, NilGPT works like this:

A user asks NilGPT a question, which is sent from their browser to nilAI. The AI generates a response, which is sent back to the user's browser. The response and chat history are encrypted locally on the user's device using a passphrase. The encrypted data is split into pieces and stored across nilDB nodes. To view past chats, perhaps on another device, the pieces are retrieved and unlocked with the user's passphrase. Without the correct passphrase, the data appears as gibberish.

This multi-layered approach creates robust privacy mechanisms. Local encryption ensures data stays locked even if someone hacks the storage nodes. Splitting data across nodes means no single node can see the full picture. Secure enclaves protect data while the AI processes it, keeping everything private throughout the entire interaction.

The current options for AI privacy solutions reveal a troubling pattern: local models that remain out of reach for most users, centralized services that depend on company pledges rather than technical safeguards, and pseudo-decentralized platforms that still expose data during processing. Against this backdrop, NilGPT arrives as an exciting alternative.

By drawing from the extensive privacy toolkit Nillion offers, NilGPT ensures that sensitive data remains protected throughout its lifecycle. No more relying on policy promises or vague terms of service. Instead, the system will provide technical guarantees that even those running NilGPT cannot access user queries, responses, or chat histories. But, for right now, these guarantees remain future features. Until live, users must still extend some degree of trust, though notably less than with today's AI services.

The path forward is clear: as NilGPT undergoes independent audits and implements its verification features, it distinguishes itself as a real, bona fide vehicle for private AI. In a world where our most sensitive thoughts and concerns flow through these technologies every day, the question isn't whether we need private alternatives, but how quickly we can build them.

Plus, other news this week...

🤖 AI Crypto

• Almanak — DeFAI protocol presale started Thursday via Legion, raised $4.3M so far with four days remaining
• Daydreams — introduced the Daydreams Router, a one-API access to GPT-4.5, Claude, Groq, Gemini, etc., paid in USDC via x402 on Base
• 🔥 ERC-8004 — new ETH standard introduced for enhanced A2A protocol, enabling trustless interactions among agents using onchain identity, reputation, and validation registries
• Galaxy Digital — secured $1.4B to expand Helios, a Texas AI datacenter, targeting 800 MW to rank among the world's largest AI campuses
• Venice — launched $DIEM on Base, a tradeable AI compute asset with $1/day API access baked in, mintable only by $VVV holders

📣 General News

• Alibaba — launched Qwen-Image-Edit, an AI model for editing images using English or Chinese text, handling tasks like object rotation and pixel-level changes
• DeepSeek — launched its V3.1 model with a larger context window
• Meta — Froze AI hiring and reportedly planning another restructure of its AI divisions, marking the fourth in just six months
• OpenAI — Sam Altman said GPT-6 will be focused on memory, with the model arriving quicker than the time between GPT-4 and 5
• 🔥 U.S. Government — rolled out USAi, a platform for federal agencies to utilize AI tools like chatbots, coding models, and more in a secure environment

📚 Reads

• Aligned — Key Highlights from Google's 2025 ZK & AI Summit
• 🔥 Binji — Explanation of ERC-8004
• Jacob Zhao — Almanak Research Report: The Inclusive Path of On-Chain Quantitative Finance

Unichain offers the most liquid Uniswap v4 deployment on any L2 – giving you better prices, less slippage, and smoother swaps on top trading pairs. All on a fast, low-cost, and fully transparent network. Start swapping on Unichain today.

In the latest Limitless episode, Josh and Ejaaz dive into Google’s blockbuster Pixel 10 launch—showcasing “Practical Personalized AI” that turns your phone into a proactive assistant.

They break down the Tensor G5 chip powering on-device intelligence, mind-blowing camera features like real-time coaching and AI photo editing, plus live voice translation that speaks your own voice in other languages.

The duo also debate Google’s growing edge over Apple, what it means for the smartphone wars, and whether we’ve hit the end of the iPhone era.

Tune in for their sharp takes on why the Pixel 10 series could be a watershed moment in mobile tech! 👇