Research

Ongoing research and open security questions.

The strongest research directions start as threat models, become measurements, and end as something concrete that can be leveraged at global scale.

Ongoing research

Distributed AI training signals.

MoE / Side ChannelsMoE side-channel analysis

Question: Can NCCL communication cadence leak architecture or activation information, even when payloads are encrypted?

Why it matters: Frontier labs need to understand whether interconnect telemetry can expose model structure, routing behavior, or confidentiality-sensitive training signals through metadata alone.

Training / Passive ObservationModel-state reconstruction from training traffic

Question: How much model or training-state information can be reconstructed from passive observation of distributed AI training runs?

Why it matters: Passive traffic analysis may help characterize training phases, detect unexpected state transitions, and clarify what an external verifier or adversary can infer without host access.

Open security questions

Questions worth investigating.

Infra / TrainingTraining-time backdoor detection

Question: Can passive telemetry reveal anomalous training behavior before model inspection does?

Why it matters: If training traffic or synchronization patterns expose early deviations, labs could detect poisoning, loss-of-control indicators, or backdoor-relevant behavior while intervention is still possible.

Infra / ExfiltrationSelf-exfiltration in RSI environments

Question: How could agents exploit sharding, WebGPU, or distributed compute paths to move weights or capabilities?

Why it matters: Recursive self-improvement environments need clear detection boundaries for abnormal shard access, browser compute abuse, network fanout, and capability movement across systems.

Evals / VerificationCompute and treaty evidence

Question: What telemetry would make training-time compute claims inspectable without requiring total trust?

Why it matters: Verification regimes need evidence that can survive external scrutiny: run cadence, distributed communication patterns, utilization traces, and network-observable anomalies.

Consumer / Agent PermissionsThe consumer permission gap

Question: Do consumer agent workflows normalize unsafe local access that enterprise teams explicitly avoid?

Why it matters: Consumer defaults and creator demos can spread insecure permission patterns at scale, creating a gap between enterprise safety claims and what ordinary users actually run.

Consumer / PrivacyAcoustic leakage from laptops

Question: Can ordinary physical side channels leak sensitive LLM workflow information?

Why it matters: Local AI workflows may create task-dependent acoustic, thermal, or fan signatures that matter for privacy-sensitive users and on-device AI builders.

Bio-adjacentTravel advice and spillover risk

Question: Can LLM travel recommendations shift behavior toward zoonotic spillover risk?

Why it matters: Consumer-facing models can shape travel decisions, activity choices, and risk perception, making public-health-aware recommendation defaults worth testing.