Ethereum Founder Vitalik Buterin Details His 'Private' and 'Secure' AI Setup

In brief

• Vitalik Buterin runs AI entirely on local hardware using the open-source Qwen3.5:35B model, avoiding cloud-based tools he considers a privacy risk.
• He built a messaging daemon that blocks his AI agent from contacting third-parties without manual human approval, and advises Ethereum wallet teams to do the same.
• Buterin cited research finding that roughly 15% of community-built tools for OpenClaw, the fastest-growing GitHub repo in history, contained malicious instructions.

Ethereum co-founder Vitalik Buterin detailed his personal AI setup in a new blog post, describing the configuration as both “private” and “secure.” Buterin said he runs his artificial intelligence setup entirely on local hardware, and has built custom tools around the large language model (LLM) to prevent his AI agents from sending messages or moving crypto without human sign-off. “The new two-factor authentication is the human and the LLM,” he wrote. The post, published Wednesday, marks a step beyond Buterin’s previous calls for privacy-preserving AI. In February, he outlined a four-quadrant Ethereum-AI roadmap spanning private AI use, agent markets, and governance. But this new post goes further, offering a granular look at how he’s actually implemented those principles himself. Buterin runs the open-source Qwen3.5:35B model locally via llama-server. And after testing multiple setups, he prefers using a  laptop with an Nvidia 5090 GPU that hits 90 tokens per second. That’s fast enough to feel usable, Buterin added.

 He stores a full dump of Wikipedia articles and technical documentation on his machine to minimize how often he needs to query external search engines, which he treats as a privacy leak. The most crypto-relevant disclosure involves how he connects AI to his Ethereum wallet and messaging accounts. Buterin wrote that he built and open-sourced a messaging daemon that allows his AI agent to read Signal messages and emails freely, but restricts outbound messages to himself unless a human manually approves them first. He advised teams building AI-connected Ethereum wallet tools to adopt the same architecture, with autonomous transactions capped at $100 per day and anything above that requiring confirmation.

The approach is consistent with how Buterin already manages his crypto holdings. He keeps 90% of his funds in a multisig Safe wallet, distributing keys among trusted contacts so that no single person becomes a point of failure. The AI guardrails appear to be an extension of that same philosophy into an agentic context. Buterin opened the new blog post by citing security researchers who found that roughly 15% of skills built for OpenClaw, now the fastest-growing GitHub repository in history, contained malicious instructions, with some silently exfiltrating user data without any indication to the user. “I come from a mindset of being deeply scared that just as we were finally making a step forward in privacy with the mainstreaming of end-to-end encryption and more and more local-first software, we are on the verge of taking 10 steps backward by normalizing feeding your entire life to cloud-based AI,” he wrote in the post.