The Internet Computer: Caffeine.ai CEO Dominic Williams on Unstoppable, Self-Writing Software
Dominic Williams of DFINITY and Caffeine AI explains the Internet Computer vision of a sovereign cloud where AI writes software, covering core innovations, real-world apps like OpenChat, and tradeoffs between security, control, and decentralized governance.
Watch Episode Here
Listen to Episode Here
Show Notes
Dominic Williams, President & Chief Scientist of the DFINITY Foundation and CEO of Caffeine AI, explains the Internet Computer and his vision of a “sovereign cloud where AI builds the web.” He breaks down core innovations like the Network Nervous System, Motoko, and orthogonal persistence, and how AI coding could remove adoption barriers. The conversation explores unstoppable applications, real-world case studies like OpenChat, and the tension between control, security, and decentralization in AI governance.
LINKS:
- Anthropic article on smart contracts
- Caffeine AI official website
- Internet Computer network dashboard
- Liquid Reign book website
Sponsors:
Blitzy:
Blitzy is the autonomous code generation platform that ingests millions of lines of code to accelerate enterprise software development by up to 5x with premium, spec-driven output. Schedule a strategy session with their AI solutions consultants at https://blitzy.com
MongoDB:
Tired of database limitations and architectures that break when you scale? MongoDB is the database built for developers, by developers—ACID compliant, enterprise-ready, and fluent in AI—so you can start building faster at https://mongodb.com/build
Serval:
Serval uses AI-powered automations to cut IT help desk tickets by more than 50%, freeing your team from repetitive tasks like password resets and onboarding. Book your free pilot and guarantee 50% help desk automation by week four at https://serval.com/cognitive
Tasklet:
Tasklet is an AI agent that automates your work 24/7; just describe what you want in plain English and it gets the job done. Try it for free and use code COGREV for 50% off your first month at https://tasklet.ai
CHAPTERS:
(00:00) About the Episode
(03:37) Origins of Internet Computer
(10:09) Decentralization philosophy and AI
(15:12) Tamper-proof architecture explained (Part 1)
(19:43) Sponsors: Blitzy | MongoDB
(22:08) Tamper-proof architecture explained (Part 2)
(25:25) Network design and scaling (Part 1)
(33:30) Sponsors: Serval | Tasklet
(35:50) Network design and scaling (Part 2)
(36:56) Replication costs and cloud
(50:35) Network Nervous System governance
(59:33) Caffeine, Motoko and persistence
(01:20:19) Self-writing cloud disruption
(01:32:30) Resilience and security guarantees
(01:41:23) Use cases and limitations
(01:49:56) AI misalignment and ensembles
(02:00:47) Kill switches and governance
(02:09:12) Future of self-writing software
(02:11:40) Outro
PRODUCED BY:
SOCIAL LINKS:
Website: https://www.cognitiverevolution.ai
Twitter (Podcast): https://x.com/cogrev_podcast
Twitter (Nathan): https://x.com/labenz
LinkedIn: https://linkedin.com/in/nathanlabenz/
Youtube: https://youtube.com/@CognitiveRevolutionPodcast
Spotify: https://open.spotify.com/show/6yHyok3M3BjqzR0VB5MSyk
Transcript
This transcript is automatically generated; we strive for accuracy, but errors in wording or speaker identification may occur. Please verify key details when needed.
Introduction
Hello, and welcome back to the Cognitive Revolution!
Today my guest is Dominic Williams, President & Chief Scientist of the DFINITY Foundation and CEO of Caffeine AI.
Dominic is the chief architect behind the Internet Computer, an extremely ambitious and R&D-intensive project that he's been building for nearly a decade. The vision is to create what he calls "the sovereign cloud where AI builds the web" — a globally distributed computing platform where applications are mathematically guaranteed to be tamper-proof, unstoppable, and free from cybersecurity vulnerabilities.
The technical scope of this project is genuinely staggering. From a governance system called the Network Nervous System — an autonomous protocol that orchestrates the entire network — to a custom programming language called Motoko designed specifically for AI to write, to a data storage model known as "orthogonal persistence" where data lives within the program instead of a separate database, the Internet Computer represents a ground-up reimagining of cloud computing, and we spend a lot of time unpacking how it all works.
One major challenge, of course, is that requiring developers to grok so many new paradigms makes mass adoption extremely difficult. But Dominic is betting that the rise of AI coding fundamentally changes this equation. With Caffeine, which listeners will immediately recognize as a vibe-coding platform, built on top of the Internet Computer, users can simply describe the application they want in natural language, and AI, as Dominic puts it, "grants their wish", handling all of the underlying complexity.
As with seemingly all projects that attempt to get the best from crypto and AI simultaneously, it's still early, but initial results are intriguing. Dominic boasts that more people are now building on the Internet Computer than on the entire rest of the Web3 ecosystem combined, and points to services like OpenChat, a messaging platform with tens of thousands of users that has stored crypto assets for years, without a single security incident.
This brings us to what I found most thought-provoking about this conversation. The Internet Computer is explicitly designed to make applications "unstoppable." While there are governance mechanisms that can, in extraordinary circumstances, disable problematic services — and Dominic shares a striking story about taking down an Al-Qaeda portal in the network's early days — the system's core promise is that apps will keep running regardless of who wants them stopped.
In the context of AI safety, this is a natural Rorschach test.
If your primary worry is loss of control, then the prospect of autonomous systems running on infrastructure designed to be unstoppable is potentially terrifying.
On the other hand, if your primary worry is the concentration of power — and given the immense capital requirements for frontier AI development and rising trend toward government partnerships, that worry is definitely on the rise — then this architecture offers a potentially vital alternative.
Either way, while Dominic doesn't claim to have all the answers, his thoughts on how we might effectively govern an ecosystem of increasingly autonomous AI systems, including his idea that consensus among an ensemble of AI models might be the best way to verify the integrity of AI agents and safety of their actions – which of course is very similar to how much of the crypto ecosystem works today – should be of interest to all.
And so, I hope you enjoy this deep dive into the architecture of the Internet Computer and the future of self-writing software, with DFINITY's Dominic Williams.
Main Episode
[00:00] Nathan Labenz: Dominic Williams, president of the DFINITY Foundation and CEO of Caffeine AI. Welcome to the cognitive revolution.
[00:07] Dominic Williams: Thank you for having me, Nathan.
[00:09] Nathan Labenz: So we've got a lot to talk about. You started this nonprofit about 10 years ago now, if I understand correctly, to explore the limits of decentralized computing with a vision of the internet computer. Obviously, AI is now intersecting with everything, and it's become a big part of your work as well. And we'll get through all of it. But I thought it would be great to just kind of take me back to the beginning and give us a little bit of kind of your motivation, philosophy, and vision for the internet computer. I think people have heard that concept a little bit associated with like Ethereum. We did an episode not too long ago with Near, the Near Protocol, and there's some overlap there as well. But what is your vision for the Internet computer?
[00:57] Dominic Williams: Well, my perspective is quite technical. At this point, I've been writing software for 45 years to give you an idea of why. And back in sort of 2014, I was pioneering the application of kind of sort of classical distributed computing techniques in the blockchain setting. And I was involved with the early Ethereum project. And then there's this concept that came up called World Computer. And I saw the world computer a bit differently to everyone else. When I looked at Ethereum and early smart contract technology, I said, look, these smart contracts are really a new kind of software, a network software, that has these wonderful properties. So they're tamper-proof, which means they're guaranteed to run the logic as written against their correct data. They're unstoppable in the sense they're guaranteed to run. If you need to, you can make them autonomous. And they run within a kind of serverless environment where it's not just logic, but also data that's present, which contrasts with something like Amazon Web Services Lambda, where you can run serverless logic, but you call out to a database to acquire data to process. So I felt like this had potential as a new kind of cloud. At the time, people didn't believe that the necessary science could be developed to make this vision possible, like that you could create a cloud environment from a secure network. It seemed improbable to people. And nonetheless, I wasn't deterred. I really thought this is something that could benefit the world enormously. And that, you know, using this approach, we could extend the internet such that, as well as connecting people, it could also provide a cloud and a serverless cloud environment people could build on. And, you know, it wouldn't be best for every job, but for a broad range of apps, it would be fantastic because when you build them there, they could run securely without traditional cybersecurity protections, for example. And today we've got services with many thousands of users that have run for years without any cybersecurity protections and without any security instance. The purpose really was to solve sort of seminal problems in the field of tech related to things like security, resilience, but also productivity. I wanted to provide the world with a new kind of serverless environment where there was much greater abstraction that would reduce the cost of developing and maintaining software. And you can probably see how some of these properties flow directly in the direction of AI that's building and updating applications for us in the self-writing cloud paradigm.
[03:44] Dominic Williams: And at some point, we've been working for years at scale. We have been the largest RD operation in crypto, if you want to call it the crypto industry, albeit we're a bit different to most projects in the crypto industry. We're not focused on tokens and things like that. We're focused on delivering tech utility. We've been the largest operation in the industry since RD operation in the industry since the end of 2017. So a huge amount of work, hundreds of millions of dollars have been spent at this stage developing this thing called Internet Computer Protocol that creates the Internet Computer. And at some point, we realized that the future is really a self-writing cloud where AI forms the role of a kind of wish machine where you just say, look, I need this app. this app, and it'll say to you, okay, here it is on a URL. And then you'll say, oh, I need to update my app. And AI will just say, okay, refresh your URL. And in that self-writing future, it's essential that the apps that the wish machine is giving people are immune to traditional forms of cyber attack because the whole point is that anyone will be able to create and update sophisticated online functionality. And then they're not going to have their own security team to protect the app. They're not going to have their own systems administration team to make sure it keeps running. And there's a whole load of these kind of really important things that the sort of back end of a self-writing cloud platform has to do. So the front end is the AI that grants the wishes. The back end is what the AI is building on. Really need to be able to host apps that are tamper-proof, which means they're guaranteed to run their written logic against their crack data. They're unstoppable, which means that they're guaranteed to run and the data's going to be there. And there are other guarantees too, some of which are more subtle. If the AI makes a mistake, hallucinates with a production app, are the guardrails that can give you a strong guarantee that no data will be lost during the update by AI. And there are other important ones too, such as the apps are sovereign, because otherwise the paradigm reduces to you talk to the wish machine and it creates your app inside a SaaS service where you're stuck forever. And we think that's the role
[06:32] Nathan Labenz: model. Yeah, there's a lot there to unpack. And these properties that you list, tamper-proof, unstoppable, autonomous,
[06:44] Dominic Williams: sovereign,
[06:46] Nathan Labenz: they're right at the intersection of, I think, a lot of people's fears and hopes for what AI can ultimately mature into. I guess just one more beat on your philosophy. So much of the crypto space obviously was like trying to create systems that are not under the traditional jurisdiction of national governments, right? The idea is we don't necessarily trust these governments to make good decisions or to be operating in the people's best interest broadly. And so to create a technology that they can't shut down with a dictate is obviously a major kind of counter move in the balance of power between governments and the people, the population broadly. So I assume that was like part of your motivation, or certainly what you tell me. But then I'm also really interested in how that has evolved in your mind because I talk to people all the time who are like, I'm really worried about AI becoming unstoppable, becoming autonomous, and I don't know what it's going to do. And I worry that we're not going to be able to control it and that it might do bad things to us. And then I also talk to other people. And I think what's tough about this is they both make really compelling arguments. Other people are like, we're going to have unbelievable concentration of power if we don't have some way to run AI in a decentralized power to the people sort of way. We might end up in a world where a handful of companies or just a couple or even just one government kind of control the most important levers of power and there's really no checks on them. So what's your kind of background philosophy and evolution to the present day on that dimension?
[08:32] Dominic Williams: I certainly gravitate towards the idea that open systems can be much better for humanity. And my inspiration for the internet computer was in large part the internet itself. The internet is a decentralized network. Nobody owns it. Anybody can create their own subnet and even sell access in the role of an ISP. And this has created enormous freedoms for people, enormous worldwide economic growth. I mean, the world's so much better for the internet. The internet is a decentralized network. It has its own economic model where people pay for peering relationships. For example, you create a subnet at home with your Wi-Fi router and then you pay your ISP to peer your subnet with theirs. And they probably pay some backbone providers to peer with them, like Level 3 and Global Crossing and Coachin and so on. So it all works in a wonderful way. And nobody would want to go back to a situation where we just had AOL and CompuServe or Microsoft got its way and had the information superhighway. That would be totally dystopian. So I think for sure that there should be a computer infrastructure people can build on that is sovereign in a sense, that is open and so on. That doesn't mean that there isn't a role for big tech and specialized clouds and so on. I think it can coexist. And in fact, the internet computer project generally Generally, is it is entering a new phase phase, and people will be surprised to think in 2026 to see it integrating integrated. with big tech and sometimes, or oftentimes, in fact, running over big tech clouds. That's in the works. These are different paradigms, and they both have their advantages and disadvantages. And the internet computer does bring a lot of unique advantages that cannot be easily imitated. If you want to create a tamper-proof stack, the only known way of doing that is to create a virtual execution environment. So the internet computer cloud environment runs inside a horizontally scalable execution environment, which actually resides inside a secure network protocol. And it derives its properties from the mathematical properties of the protocol. So as far as I mean, we're at this stage, there's no other way of creating a tamper-proof, unstoppable stack. And that's, I mean, you boil down blockchain. That's what it's all about, creating compute stacks that are tamper-proof, unstoppable. If you want them to be, they can be autonomous and so on. The difference with the internet computer is it was designed from first principle. So there's nothing in the world today that remotely resembles the internet computer. And so it really can play the role of cloud. There are some limitations. For example, you can actually run AI on the network, but only really neural networks. If you want to do facial recognition, you can do that. You can run that on the network. You couldn't run a frontier model on the internet computer. Talking about caffeine, although caffeine is building apps on the internet computer, the ensemble of AI that's doing the building isn't on the internet computer
[11:35] Nathan Labenz: itself. Gotcha. Okay, good to know. I had a question on that. And I'll come back to it and dig in a little bit more. When you talk about like tamper-proof, does this ultimately kind of rest on a sort of formal verification process? I just did an episode not too long ago, and I'm quite new to this area too, on the use of formal methods at, for example, Amazon, where they've done a lot with AWS to ensure and literally prove
[12:06] Dominic Williams: that you're not going to be able to
[12:07] Nathan Labenz: get outside your container and into your digital neighbor's container within their infrastructure. So is it essentially a similar kind of technique, or what is the basis on which that tamper-proof property and claim ultimately rests?
[12:26] Dominic Williams: It's using a different approach. So what Amazon's doing there is running these containers in an insecure environment, but verifying the software inside the container doesn't do anything naughty. So they're pre-validating the software to make sure it doesn't do anything naughty, and then only running it if so. The internet computer, you can upload anything you like to the internet computer, and you won't be able to break out of the environment and affect the network and other software that's hosted there. And that's because the easiest way of understanding it is, number one, what's a virtual execution environment? When you go to a you use your web browser to look at a website, that website has a whole bunch of JavaScript, but there's no way the JavaScript can break out of the web page you're looking at and get onto your machine. It lives in a sandbox. And all of the serverless code on the internet computer also lives in this giant virtual execution environment, which is a kind of sandbox. And then the internet computer is like replicating computer data across nodes using a mathematical protocol that protects it against what we call Byzantine faults in individual nodes. Even if some of these nodes fall under the control of Dr. Evil, if you like, and Dr. Evil can arbitrarily modify the data, change, subvert the protocol in any way they see fit and so on. They still can't prevent the cloud functioning completely correctly. If you had software running on the internet computer, say, for example, it was an e-commerce website or something like that, and some of the underlying hardware that creates the internet computer became compromised and fell under the control of Dr. Evil, Dr. Evil still couldn't subvert the functioning of your e-commerce website. And for example, in a sort of next generation e-commerce website where you've been accepting, say, crypto payments as well as credit card payments, and you've got a whole stash of crypto inside the administration console of your e-commerce website, Dr. Evil can't steal it. You can't interrupt the correct functioning of your website. You can't change its logic and behavior. You can't corrupt the data. You can't steal digital assets that are inside of it. And this is made possible by a sort of branch of computing called Byzantine fault
[14:46] Nathan Labenz: tolerant
[14:47] Dominic Williams: distributed computing. And Byzantine just means arbitrary fault. So once you have a protocol with this With this property, it can withstand arbitrary faults. And an arbitrary fault just means basically. basically Dr. Evil can take control of some of these, the underlying hardware, and just do anything they like, and it still doesn't break the actual platform. And that's why it's possible to run the platform over semi-trusted parties. And the properties of being the tamper-proof property derive from that math. For the average user, whether that's consumer or enterprise, all they know is that they've created this app that's on the internet computer and they don't need a security team to protect it. You don't need a firewall, you don't need anti-malware, etc. And you don't need a systems administration team either. Like it's guaranteed to run. Now, the logic of the app could be bad. There's nothing that the internet computer can do about that. But the internet computer can guarantee that your app's written logic will run and only your app's written logic will run. And it will run against your app's correct data. And the modifications of that data will be correct.
[16:00] Nathan Labenz: So let me understand this, or help me understand this a little bit better. If I take Bitcoin, for example, as a point of comparison, there's like a Byzantine tolerance there too, right? Where I have to, if I want to take over the Bitcoin network, I need to get to like greater than 50% control to basically re-establish a new consensus. And if I can't do that, then I can't take it over because the majority will continue to agree on consensus and everybody will ignore me. Of course, that's famously based on proof of work. I believe that the process you're running is some variation on proof of stake, although I'm very far from a proof of stake expert. So correct me on
[16:39] Dominic Williams: that. It's really dangerous to start with traditional blockchains and try and get to the internet computer because there are so many differences. What is true is I got into crypto through Bitcoin in 2013. I spent a lot of time trying to unpack Satoshi's reasoning and how the Bitcoin network functions. And I developed an alternative theoretical framework for understanding it. And the work progressed from there. The internet computer was under development for years before it even was released and developments continued in production. And at this point, like the actual protocol, ICP internet computer protocol is many orders of magnitude more complicated and relies on mathematics. One way of understanding the relation between the internet computer and Bitcoin is that we would really say that Bitcoin is a kind of a special case of an early cloud created by a network and that where the logic that's the Bitcoin ledger is hard-coded. It's autonomous. And you can create the same kind of autonomous logic on the internet computer if you want. Bitcoin is a kind of decentralized compute platform which has tamper-proof, unstoppable, but nonetheless, it's just software that's kind of hard-coded into the Bitcoin cloud, if you like. And then when people make transactions and create unspent transaction outputs and things like that, you can configure Bitcoin scripts. So you can run custom logic on Bitcoin too. The internet computer is a very long way from early networks like Ethereum. And similarly, it's a big misunderstanding that traditional blockchains can be on-chain clouds. They can't. They're really just, they're really just specialized token databases. And the best way to understand them is thinking about them like that. And a transaction is like a signed bit of SQL that you're sending to the token database. And some are specialized to process much higher transaction throughputs, like Solana. And it does that very successfully. But when someone says something's built on Solana, it's slightly misleading language. It's not built on Solana. It's built on probably Amazon Web Services and then just has a token on Solana. They're just token databases. Internet computer is a whole different thing. It's a network that's designed to produce a new kind of cloud environment, which hosts a new kind of serverless software. And that is what it turns out is very much ideal for AI to build on.
[19:17] Nathan Labenz: So how would you describe it? Maybe the other way to come at it would be to, I was going to come at it from one way, which is Bitcoin, which is like the most compute intensive and most limited in terms of the programs that it can run. Then you've got Ethereum is less resource intensive, less energy intensive, and able to do more elaborate programs, but still famously, I don't know, they say that all of Ethereum is a couple servers or something, right? Like it's still very small in terms of how much.
[19:48] Dominic Williams: Ethereum doesn't scale and it's like really a pocket calculator. Even Solana, smart contracts are just a special case of network networks, software that was hosted by and by and runs on the network. But the term smart contract is appropriate because they're so computationally limited. All they can do is move a few numbers around, essentially. Like you can use them to create a DEX, a decentralized exchange, and that might be able to process a handful of transactions a second at the best. But they certainly can't run like an enterprise system or an AI model. Like it's just chalk and cheese. There's a million miles between a traditional blockchain and the internet computer. And because of the architectures and the design direction they've taken, they'll never ever be able to be the internet computer or do something similar,
[20:38] Nathan Labenz: rather. So I guess one question is like, maybe let's sketch out kind of a Pareto frontier. Bitcoin is at one extreme of we're relying in the most fundamental way on math, right? You had to do this difficult computation and it was hard to do, easy to verify, and that's where the security ultimately rests, but you're so limited in what you can do. And then on the other end, you've got commercial clouds where you can scale anything out and do whatever you want almost without limit, but you have the sort of you're beholden to the cloud provider to continue to serve your business, right? And you've got your customer constraints and things that people don't always want to subject themselves to. It seems like you're aiming to be as close as possible to a commercial cloud in terms of the scalability, like how much compute, how much data storage, all these sorts of things. And yet, obviously, you've got to do that in a way where the ratio of overhead to complexity of the app on Bitcoin is extreme, right? The ratio of overhead to complexity of the app on AWS is relatively minimal. How should we think about the ratio of the sort of infrastructure overhead to the complexity and scalability of what you can do on the internet computer? Sketch out that curve and then maybe tell me like how you got past Ethereum and to the point where you're at.
[22:07] Dominic Williams: Web3 is a difficult starting point to understand the internet computer because a lot of Web3 is really about narratives. The token is the product. And sometimes the technology isn't all that sophisticated. Thinking about Byzantine fault-tolerant protocols and so on, in the end, they derive their security by replicating compute and data across independent parties. But frankly, a lot of it is like when you hear about like Ethereum secure because we replicate our data and compute a million times. Is that really necessary? Like how much extra security and resilience do you get by doing that? The reality is not much beyond a point. So the internet computer uses something called deterministic decentralization, where all of the people called node providers that run this special node hardware register themselves, they do a kind of KYC in public, and the network combines nodes that are from different node providers, obviously. Because if you're creating what we call a subnet, which is like a mini blockchain that integrates with the other mini blockchains to create one environment, if the other nodes in the subnet were all run by the same company, the company would, the math wouldn't work. The company could do what they liked. So first of all, it makes sure that the node providers are different, makes sure that the nodes run in different data centers, different physical data centers. It makes sure by default that those data centers are in different geographies, and it makes sure those data centers are in different jurisdictions. That's a process called deterministic decentralization. It's very different to what traditional blockchains do. We just have lots and lots of anonymous validators, most of which run on cloud, and no knows who run them. Oftentimes, you'll look at a blockchain like Ethereum and they'll say, well, you've got 500,000 validators that all replicate the same computer data, which of course is hideously inefficient. And this makes it very secure until you realize that large numbers of these validators, I mean, obviously the voting power is related to the state, but in that model, but large numbers of these validators behind the scenes are run by the same whales. You just can't see that because they're anonymous. Bitcoin's great. It's possible, like I forget, you've got these mining pools, which pool mining power. It's possible for two or three of these mining pools, once only two of them, to collaborate to break the whole network. By comparison, the internet computer takes a much more nuanced approach where it's creating these subnets by combining nodes. And it looks at the node provider. It looks at the data center that the machinery is installed in.
[24:42] Dominic Williams: It looks at the geography where the data center exists and the jurisdiction. And by doing that, it's able to create security and resilience with much less replication. And furthermore, it recognizes that all security exists on a cost curve. If you've got a subnet, subnet within the overall network, like the internet computer, subnets are transparent within the overall network, but that's how it scales by creating subnets. If you've got a subnet that's, for example, custodying hundreds of millions of dollars worth of Bitcoin, you probably want to have more nodes than if you have a subnet that is just hosting basic business apps. Currently, all the sovereign hardware in the internet computer network runs the protocol within a TEE, a trusted execution environment. Actually, it uses SEV SMP, which is an AMD technology. So even if the node provider were to open their node machines, they just find encrypted bytes. That'll be a bit different when there's a new thing called cloud engines coming and people will be able to run them over big tech clouds. But the market will decide what people want. At the moment, though, it's just sovereign hardware and everything is running inside of TEE. So point being, you get down to it, like it's just a different kind of way of looking at the world. In the end, networks like Bitcoin, Ethereum, and Solana are all about the token. It's all about tokenization. The product is the token. And all they're aiming to do is create DeFi, meme coin platforms, NFT platforms, that kind of thing, where lots of trading of these digital assets takes place. Circling back to caffeine, people are building on the internet computer because that's a way to get great results. Like I'd say 98% plus of caffeine users are completely unaware that caffeine is creating their apps on a network. They're probably happy that their app is secure and it's resilient and so on, but they're unaware that they're building on the internet computer. They're using caffeine because it delivers utility to them. There's not a speculative dimension. There's no token involved. They're just doing it because the wish machine grants their wishes and creates and updates their wonderful apps. And those apps are secure and updates don't lose data and things like that. So when we think about the target market for the internet computer now, as we sort of very much just look at the mass market, whereas Bitcoin, Ethereum, and Solana are targeting participants in the Web3 market who are interested in token speculation,
[27:16] Nathan Labenz: basically. So it's interesting that you say that most people don't even know, because I was going to ask, it still intuitively feels like there would be more replication overhead with a structure like this versus a commercial cloud. When I think about like, why do I trust Amazon? If they're going to do a good job and they hopefully have good systems in place to not have things blow up and also not have people sabotage their own systems. But one problem they don't have is that no region of AWS is going to decide, you know what, I'm out. Whereas it seems like with the structure that you have with the internet computer, your node providers are all free to go at any time, right? Or at least roughly speaking. So how can they, if I'm running an app on the system, how do I know, like, you have to replicate my data across like multiple node providers at a minimum, right? And then I would start to ask paranoid questions like, okay, sure. So one of those node providers goes away. I'm fine. What if two go away? Like, how many times am I replicated? What if three go away? How many go away before I start to have problems? And does that create overhead relative to AWS?
[28:24] Dominic Williams: Again, it just doesn't work like a normal blockchain. If you're a node provider, it's not proof of stake. So to participate, you first of all register with the network with the network's governance system called the network nervous system, which is fully autonomous. So that actually administers and orchestrates the entire network. So it's like ICANN for the internet, but it's fully autonomous and very sophisticated thing. So you go, you register, you get a node provider ID, and then you will have to get these node machines. Typically, you just get them built to order because there are various people that will build them to what's known as current spec is Gen 2. And then you'll install those node machines in a data center or data centers. And then you'll have to register those node machines and they go into the pool of the network and so on. So the network, once you're allowed to add nodes, because obviously the network wants to manage the available capacity, there's no point having a million nodes if it's not being used. Once you've got nodes, the network will pay you in constant fear terms. You will get money that covers your hosting cost, the capital depreciation and so on with room for, you know, with a multiplier that gives you a profit. So there'd be no reason for you just to switch it off because it would be profitable. And you're not subject to the volatility of a token price or anything like that. You're just getting paid in constant terms. And so there's no reason why you would switch your nodes off. It would be pointless. And if you were going to Going do that, to do that, you could you decommission could decommission them. But anyway, the network is fault tolerant. So, So as soon as... as if somebody did just arbitrarily turn their nodes off, the network is organized in such a way that this would have no negative effect on it whatsoever. And the network nervous system, which orchestrates the network, would just there's a node, there's a pool of spare nodes, would just assign one of the spare nodes to the subnet that has a space. Simple as that. And that new node would catch up with the subnet and become an active node. So, in practice, this isn't something that could happen because of the way it's designed. So, you don't have to worry about that when you're building on the internet computer. The internet computer has never had any downtime. Nobody building on it has ever been hacked through some kind of traditional cybersecurity hack. It's extremely reliable. Now, the other interesting point you raised is: doesn't this replication cost a lot of money? And what I can tell you is that it is that I believe that this architecture is actually much more efficient than traditional tech with respect to replication.
[31:31] Dominic Williams: So, the internet computer uses the replication of computer and data in an intelligent way to derive properties like making the platform and hosted apps tap-proof, unstoppable, if you want autonomous and things like that. But it's a kind of like edge, it's a mixture, it's like a symmetric each subnet is a symmetric cluster, if you like, which is fault-tolerant. But it's also you're creating something that looks like a centralized compute platform that runs entirely on the edge, right? So, if you one of one of the new technologies coming is called cloud engines, which enables people to create their own subnet, and within the under the auspices of the network nervous system, you can select nodes wherever you like, as long as these rules, deterministic decentralization rules remain in force. And for example, like you could say, oh, a lot of our user base is in Asia, so I'm going to add more nodes in Asia. And that means that users can gain access to this single globally consistent state and computer results locally and get very good performance. Now, with respect to what does this mean for cost, actually, traditional tech involves a huge amount of replication. So, think about a database. If you want to make a database resilient, probably you're going to run a master-slave configuration. You've got a master and you're going to have several slaves. Data is obviously replicated between the master and the slaves. Every slave has a complete copy of the data on the master. That database will have an event log, and the event log will have a copy of the data of transactions that are taking place, and including relevant data. There's an index file and a data file, and the index file replicates data that's in the data file. When you get down to it, there's a lot of replication in the traditional tech stacks. Internet computer has variable replication, subject to deterministic decentralization, as I mentioned, and security is on a cost curve. I think for this year, there's a major pivot into mainstream cloud computing. I think the magic replication number in that realm is going to be seven. These cloud engines will replicate compute and data seven times. They may increase that for CDN-like purposes to scale queries and things like that. But I think the default for most enterprise systems will be seven. I think that compares very favorably to traditional tech. The difference is traditional tech does all this replication in a very ad hoc way that doesn't provide any sort of seminal benefits. The internet computer does replication in a way that gives you these properties of being tamper-proof, unstoppable, and so on. And those things are very valuable. And actually, these systems can coexist side by side. I think one of the other things that's coming this year is that the internet computer will run over big tech clouds. And I think you'll see that big tech clouds promote these things called cloud engines. For example, you'll be able to, if that's what you want to do, you'll be able to run on Amazon in a serverless way, but be immune to Amazon web services data center failures. So, for example, I think the last outage, two Amazon data centers failed. But if you had a cloud engine replicated where the underlying nodes were running in different Amazon data centers, seven different Amazon data centers, you'd continue running without a hitch when Amazon had that last outage. So, I think there's a lot of, I'm going to see a lot of demand for
[34:39] Nathan Labenz: that
Dominic Williams: this year. But the additional benefit is that environment is exactly what you need when you've got AI, gigantic AI basically playing the role of a fully automated tech team. Because the whole thing with self-writing is you just tell the AI AI, what you need, you need. you instruct it. It's a wish machine, machine. you can instruct it in natural language over chat. You can upload requirements, documents, and so on. And it just says, here I've created it for you. Here's a URL. And you can start using that. And you can put data into the app, but you can continue updating it safely in production. You can tell the AI, hey, please change the way this works or add that feature. And it'll just say, refresh the URL. And there will be the changes you ask for. But that iterative process of improving what you've got in production is safe. You get a guarantee from the platform that upgrades and the sort of migrations of data, if you like, that they're involved will never cause data loss. And so in actual fact, when we look at caffeine, there's a whole lot of other technologies. So there's a language called Motoko, which is the first language that's ever been developed specifically for use by AI. And it does a lot of kind of cool things. It increases abstraction, which kind of in a way that fuels the modeling power of AI. It has this thing called orthogonal persistence where the program is the database itself. So traditional tech stack, you've got the program and you've got the database, right? And your logic is constantly marshaling data in and out of a database. On the internet computer, it's almost like your code runs in persistent memory, if that makes sense. So if you've got a caffeine and build an app and then look at the back-end Motoko files, you'll notice there's no database involved. There are no files involved. It's just pure programming abstractions. And the data lives in the logic. This is actually a huge advance and one of the key purposes of the internet computer. And then that functionality, which turns out fuels the modeling power of AI, has we lent into that. So basically, Matoko ended up moving into Caffeine, and then the Motoko language team and Caffeine's AI team work hand in glove together. It's a very close collaboration. And they're constantly improving the language, making it better for purpose, and then retraining the AI agent that writes the back
[36:59] Nathan Labenz: end. So I understand the relationship between the node providers and the network as a whole is a relatively straightforward commercial one where they provide resources, they get paid to provide resources, and it's not, they don't have a proof of stake or anything like too wonky.
[37:19] Dominic Williams: And by the way, it's simple. These node providers have to buy these machines. Gen 2 machines are expensive. They cost about 20 grand. Actually, maybe even more now because the price of memory is going up thanks to the AI boom. And they typically get sign up for hosting relationships with data centers. They rent racks and so on. If they're not performing for some reason, the network slashes them. So the network is monitoring the performance of all the nodes. And if it finds nodes that, for example, are falling behind or for whatever reason are offline or not functioning properly, it can actually knock them off the network.
[37:56] Nathan Labenz: Is there anything that we should know about the requirements of those nodes that is particularly consequentially different from my standard computers that I might go buy or rent?
[38:10] Dominic Williams: No, totally. So for example, in the early days of Google and still now, they quickly realized that they get a better performance and better bang for their buck if they created their own servers. And so the internet computer takes the same approach. There's no need, for example, like if you spec a server machine, typically in normal enterprise usage, it'll have something called a RAID array. You have an array of disks, which you can see, those are the lights flashing on the front of a blade server, right? And the reason you use a RAID array is that if one of the disks fails because the data has been replicated across the different disks, it keeps on working. Your storage system keeps on working. So if you think about the internet computer, though, that's not needed because the network is designed specifically so that if a node fails or nodes fail, the network keeps on running and all of the apps that it hosts keep on running without a hitch. For example, there's no need for internet computer node machines to have a RAID array. You can even get away with the second redundant power supply, right? Because the redundancies in the network. And however, there's a focus on memory. They have a lot of memory and some of it is non-volatile RAM and things like that. So Gen 2 node machines are designed specifically for purpose. And also remember that you can only combine nodes in a subnet that have the same specification. Otherwise, some might fall behind. So subnets are essentially symmetric clusters for compute. And it's important that all of the participants in that symmetric compute have the same hardware specs. The way that's been solved is people have proposed node machine specifications to the network nervous system and then node providers just built to that spec. spec and so you know they over-index on some expensive things like non-volatile RAM and otherwise don't do without things like reliability features like RAID arrays and backup paradapters and things like that and that's how it's worked so far but the big change coming in 26 this year is that the people will be able to create their own node specifications and group together in associations and it's more people will be able to create a cloud engine and actually go and sell that into enterprise themselves and that cloud engine will use their node provider associations nodes and that that's why they'll be able to define their own node machine specifications and indeed it'll be possible to create these cloud engines that run over big tech clouds so you instead of using sovereign hardware as it's all today it's all sovereign hardware this year you're going to see the internet computer running over big tech clouds to cloud on cloud and we think it's going to be hugely popular because people will be able to say for example you're like you're a long-term amazon customer you probably want to continue being feeling that amazon is providing your compute capacity and you'll be able to create a cloud engine over amazon's different data centers and now you'll be able to create apps from this sort of superproductive serverless code that is tamper-proof so you don't need traditional cyber security protections it's immune to traditional cyber security attacks it's unstoppable it's guaranteed to run there's no backdoor the autonomy means in the in the scope of enterprise systems because there's no backdoor you can use some kind of like governance system so that responsibility for upgrading your app for example is split amongst multiple people it's of course web3 native so if you want to process tokens on any other any blockchain you can i think in the future that people are going to use these things to create e-commerce websites that can not only accept credit card payments but also stable coins and things like that and yeah i said that i think is going to prove to be really
[42:03] Nathan Labenz: popular so that helps me understand how i don't have to worry about nodes going away on me too much but then it seems like and i know the word trust is like so overloaded in these contexts but it seems like i as somebody who wants to deploy an app on the internet computer then i have to ultimately put a lot of trust into the network nervous system so you said that is what's that
[42:30] Dominic Williams: no sure that's right a network nervous system if it wanted to could push upgrades to the ic protocol that caused every node to delete its own data right to all the data on the internet computer and disappear in a puff of smoke
[42:44] Nathan Labenz: so how is that secured you said that it's autonomous so now we get into the decentralized there's got to be some sort of consensus mechanism or like what under what grounds that out to where i know that it's going to do what it's supposed to
[43:00] Dominic Williams: do firstly autonomous i think is also going to be a big outside of the web3 system like within the enterprise realm it allows you to divide responsibility between multiple parties so if you think about enterprise hacks oftentimes they're caused by an insider so you've got a disgruntled employee who posts a username and password on the 4chan forum something like that so autonomy within the enterprise realm allows you to prevent that kind of thing happening because you have code that's not cannot be directly controlled by an individual that's no back door only like a governor system can which splits responsibility amongst multiple parties can be used to update the software
[43:37] Nathan Labenz: say
Dominic Williams: but the so the internet computer network is if you like administered upgraded orchestrated and governed in various other ways too by this thing called the network nervous system and essentially it plays a role to it's a bit like the ican of the internet computer but i can of course is a it's an organization it's a centralized entity so the internet computer is able because the internet exists and it's able to run this overlay network it's able to go further and the node nervous system is a very sophisticated thing and it's designed in such a way that it can decide on proposals that are submitted to it in a secure way so i think by now it's i don't know you have to go there and go to dashboard.internetcomputer.org and go to the proposals page look it's in the last four and a half years since the network's been running it's processed thousands and thousands of proposals what i can tell you is it's never ever adopted a bad proposal and that's important because actually those proposals are executed by the network many times completely automatically so for example if you propose an upgrade to the icb protocol with an accompanying
[44:54] Nathan Labenz: like
Dominic Williams: binary Binary, if you if you like like, that would be run on these nodes nodes. If that proposal is adopted adopted, all of the nodes will upgrade their logic to this using this binary. Now, in practice, it would be impossible for an attacker to overcome this. So, typically, what happens is first there's a proposal that blesses the binary, and then there's other, once the proponent, the binary is blessed, then there are other proposals that upgrade the nodes subnet by subnet and so on. But truth be told, there are many expert eyes who hold a lot of voting power, many different groups of experts who hold a lot of voting power who are looking at these things before carefully, before voting. And it's a kind of liquid democracy system. A lot of people follow the experts in the space, and it has a lot of clever features, like something called Wait for Quiet. This was all proposed actually back in 2016, late 2016, early 2017, from learnings of this thing called the DAO, which is a DAO that got hacked on Ethereum. But Wait for Quiet basically means that if you've got voting on a proposal and it might be adopt in the lead or it might be reject in the lead, but if the leader changes, then the amount of time for voting is extended. So it's a whole bunch of these kinds of mechanisms that essentially prevent, make it overwhelmingly unlikely that the internet computer's network nervous system would adopt a technical, automatically executed technical proposal that would harm the network. And indeed, that's never happened or even come close to happening. It's a public governance system. You can participate in network nervous system governance too. So the fact that it's completely open and yet it has this property that it's overwhelmingly unlikely to decide on a destructive to adopt a destructive proposal is extraordinary.
[46:54] Nathan Labenz: And this is where the kind of more complicated incentive system sits, right? What I understand
[47:02] Dominic Williams: from your answer there is that we
[47:04] Nathan Labenz: have human security and computing network experts who are also invested in the token mechanism that is used to determine the voting structure of how updates to the system get made. And their incentives are to obviously keep the thing valuable because they're invested in it. It's in virtue of being invested that they are both incentivized to keep it working and that they have the voting power in the first place.
[47:36] Dominic Williams: So actually, in excess of 75% currently of the ICP tokens that are staked inside the network nervous system are locked for eight years. They're locked for eight years. People can get rewards by locking up tokens in the governance system. But the rewards increase in scale as you lock them up for longer. But because of the timeframes people are locking these tokens up for, they think in a very long-term way. If your tokens are locked up for eight years and you end up, enough of you end up voting for a stupid proposal that harms the network and devalues it, like there's no way you can quickly get your tokens back and sell them to front run the damage. Like you're locked up for eight years. You've got to think in a very long-term way. And that kind of thing combined with algorithms that very deliberately create sort of game theoretic incentives to align people in the direction of voting for sensible things basically means you need a lot of different independent parties to forget about their financial incentives and go insane for the network nervous system to adopt a destructive proposal. Like there's, I think in the moment, there's on the way to a billion dollars or something locked up in that thing. And a lot of capital at stake.
[48:54] Nathan Labenz: Yeah. And where does that run? Does that in turn run on nodes? Is it managing itself that
[49:03] Dominic Williams: way? Yeah, totally. The network nervous system is just a sort of privileged software, if you like, that runs on top of the network. It actually runs on a special subnet. Remember on the internet computer, it doesn't matter which subnet your software is hosted on. It can directly interact with other software. If I create some software and you create some software, if permissions are allowing, my software can call functions in your software. So it genuinely creates this single seamless universe for serverless software. But the individual units of software are running across different subnets that are transparent to them. The network nervous system runs on a special subnet, which has a large, I think has about 50 nodes. So you're talking about like powerful, 50 powerful machines run by 50 different node providers in, I don't know, probably 50 different data centers and different geographies in different jurisdictions. So it's very hard to attack. It's a very robust thing. And it's very carefully managed because if the network nervous system breaks, then the network can't upgrade itself anymore. Because all of the upgrades of the network and the orchestration of the network is performed by the network nerve system. So of course, people are very careful when they propose updates to the network nerve system. But even if that happens, you can coordinate node providers to create a fix. So it actually happened just once, about a month or three weeks after the network launched in May 21. The network nervous system actually did break. And the way that was resolved actually was just from the foundation and other people just getting online with node providers and coordinating action and created some software that they could run on their nodes to fix the problem. And then it was up and running again. But that only happened once at the beginning. It's run without a hitch for four and a half years.
[51:01] Nathan Labenz: I would get a little more just like very practical on some of those details because they're quite different and quite interesting, but I can't say I fully understand them. One comment that you had made earlier is the, and people, everybody listening to this feed is going to be familiar with vibe coding experiences. So we don't need to. The user experience we can assume people are familiar with. But you had said that the inference that is like doing the code gen is not happening on nodes for reasons that I don't quite understand. So I'd like to understand that a little bit better. Then I also want to understand better why a new language, most of the, if anything, so far, I would say the effects of AI on programming have been to narrow the range of languages people use because it's a compounding effects dynamic where JavaScript and Python have so much training data that they work better in that and then you want to use them more and then of course there's even more training data next time. So you've gone quite a different direction there. I'm interested to hear like how that decision was made and also what implications that has had for the process of teaching a model to code in that language.
[52:18] Dominic Williams: Yeah, it's a really good set of questions. Look, and firstly, with respect to why CAF, there's obviously an ensemble of AI models inside Caffeine. Within the next few weeks, there's a massive upgrade coming to Caffeine 2.0 engine when it's where that ensemble is becoming fully agentic. It's semi-agentic at the moment, but the fully agentic model is coming and it's going to provide a huge leap in capability. But within that ensemble, there are some models that certainly could be open source models that might be involved in things like planning and writing task specifications. But at the end of the day, like the Frontier models are just better, substantially better at coding at the moment. We want to make sure that Caffeine delivers the best experience and is as capable at developing apps as it possibly can be. For that reason, we're using Frontier models. Albeit in the next caffeine 2.0 engine, which is fully AI engine, which is fully agentic, we do hope that some of the agents within that ensemble will be actually running on open source models. And we can also run them on ASICs. So for example, Cerberus, Grof, that kind of thing, because you can obviously speed up inference up to 20X kind of thing.
[53:35] Nathan Labenz: I think
[53:36] Dominic Williams: in the end, like caffeine's just trying to provide the best experience possible. We want to be able to grant the most complex wishes possible. We want those wishes to be implemented as fast as possible, et cetera. We're just going to choose the models according to that rubric. And of course, fast means lower cost, right? Less tokens. You can run models on the internet computer. It's not designed for that. Obviously, you have to run models. The network has to be able to run these models in a deterministic way. So basically, you compile your model to WebAssembly because that's the low-level format the internet computer runs. Wow. And that can work great with things like facial recognition. So if you want tamper-proof facial recognition, tamper-proof, unstoppable facial recognition, yeah, you can do that. You probably only need 4 billion parameters or something like that. And when you're talking about frontier models, you're getting up into hundreds of billions of parameters or even a trillion plus. So you couldn't currently run that anyway on the internet computer right now. And it's not what it's designed to do. When that ensemble builds what you want, when it grants your wish, if you like, it's using the internet computer to host your application. It's targeting the internet computer. Some advantages are obvious. So if you think about the tamper-proof property, if the AI was building your application for traditional tech, tech. traditional tech is absolutely. is absolutely not tapped proof and needs to be protected by cybersecurity measures. And for example, to give you an idea of how complex that is, even the book Securing Linux is hundreds of pages long, right? Cybersecurity is a very complicated realm. And that means that if the AI is deploying to, you know, building for traditional tech and it makes a mistake. And like even with a fully agentic model with testers and auditors in your ensemble, it's still going to be able to make a mistake. And it's still going to be able to hallucinate and so on. If the AI is deploying to traditional tech and it makes a mistake, that means you can end up with a cyber breach. And that's obviously no good at all. So how can you do self-writing if the AI can make a mistake and you get a cyber breach? The whole point of self-writing is that the entire tech team is automated. And that means you don't have a security team, you don't have a systems administration team. You need to guarantee that it's tapper-proof. That's what the internet computer provides you. Similarly, it's unstoppable. It's guaranteed to run the software. It doesn't protect you against errors in the software. But even if the software's got errors, it will still be guaranteed to run. Why develop a language for AI, especially given that AI has been pre-trained on God knows how many Rust and Node.js GitHub repos? So the answer is that the answer is that if you can maximize the abstraction of backend software, you fuel the modeling power of AI. It essentially means not only does this sort of ultimate layer of abstraction where you completely, it's called orthogonal persistence, where you completely remove the complexity of persisting data from the back end. You completely obviously avoid a whole class of errors and complexity in the first place. There's no like database connection pool and no special logic to handle if there are two people sending an update at once or the connection pool is not working or something like that. Like all of that goes away. So you're simplifying massively simplifying the back end and greatly increasing abstraction and that fuels the modeling power of AI. Not only does that mean that the AI is capable of creating more complicated and sophisticated backends, but it also means that there are less tokens involved if you have less tokens. You're spending less money on AI is expensive, you're spending less money, and you're also creating the code faster. With Caffeine 2.0 imminently coming out, you're going to see yet more changes to the Motoko language. So if you go and look at your app in Caffeine at the moment, you'll see that the actor, basically the overall app for the backend is just in one giant
[57:36] Nathan Labenz: file.
[57:37] Dominic Williams: That will be split into many files, which means many agents can work on it in parallel, and you're only modifying the little chunks of software that you need to and things like that. Minimizing input tokens and output tokens is important, particularly output tokens. They're at 10 times more expensive, I think, than input tokens. That is important for that reason, just enabling the AI to create more sophisticated backends at lower cost and quicker. But there are also other reasons for it. So when you upgrade a Motoko backend and the AI submits the upgraded Motoko backend, it also includes a sort of migration logic that explains how to transform the old data structures into the new data structures. And the Motoko framework actually runs that logic and it runs it like a sweep inside the garbage collection where the virtual memory resides. And it makes sure every single piece of virtual memory has been touched, is migrated. And unless you're explicitly dropping data, if you haven't touched every bit of data in that migration logic, then that means some data is being accidentally lost and it rejects the update. And then the AI sees the updates being rejected, understands why, and recodes it. And that's an example of these subtle benefits that I think enterprise is going to absolutely need if this thing's going to fly. It's no good. It might be that you could have a fantastic wish machine that creates this great application for you. You're going to use that. If you're going to use that in production and put important data in there, you need to guarantee that when you keep on talking to the AI to upgrade and update what you've got, that process cannot result in data loss. Imagine even the simple case. Let's say you're a business and you're thinking, I'm spending a lot of money on Salesforce and I would like to have my own completely custom CRM and be able to update it on demand by talking to the AI. So you create this thing, you put a whole load of your super important customer data in there and it's going great. And then a month later, you think, I want to change the way this works slightly and add this new feature. And you talk to the AI, it does the upgrade, you refresh the URL and bingo, your CRM's been upgraded in the way you asked. And you keep on using it, putting more data in for a month. And then you realize that some data's gone missing. What are you going to do? You're screwed because it's too late to roll. to roll back because you've added a whole lot of new data. So you can't roll back, but you realize that in that upgrade you did a month ago, some data got lost. That's a really pernicious problem that caffeine solves by making sure that data can never be lost. There's like guardrails. It's like a firm guarantee. And I think a lot of these things, a lot of these requirements are quite subtle. But in practice, enterprise isn't going to be able to adopt things like the self-writing paradigm unless it's given these guarantees. And having our own language with, and this is not just about making orthogonal persistence as seamless as possible and work as well as possible. It's also about being able to add these kinds of rails, but behind the scenes. Okay, is a domain-specific language, only works on the internet computer platform, and it leverages aspects of that of the platform to provide these safety rails. So it's on the one hand, it's like enabling AI to create more sophisticated, more complex backends with less tokens, which means faster and at lower cost. On the other hand, it's enabling us in combination with the internet computer platform to create these, to provide these hard guarantees, which we think an enterprise absolutely needs if they're going to adopt this en
[1:01:16] Nathan Labenz: masse. So looking at Motoko code, what I tried to do, and I didn't get quite as far as publishing an app, but I used Caffeine to create an app that is meant to tell you what variety or varietal, I should say, of various fruits are in the supermarket at any given time.
[1:01:39] Dominic Williams: But anyway, now I'm looking at the Motoko file. It
[1:01:41] Nathan Labenz: looks a lot like JavaScript. How is it different? And I guess, am I correct in understanding that basically you're doing a like, this reminds me of that benchmark, learning to speak a new language. I forget exactly what it's called, but there's a concept of learning to speak a new language just from one book, where they take a rare language and the benchmark is like, how well can the AI translate texts into that language just based on this like one manual? And it's presumably seen like nothing in its pre-training. So it sounds like a similar kind of setup there where you must have some big prompt that's this is how this language differs from JavaScript. Like you can assume all the same things of JavaScript except for these core things. Is that kind of how it works?
[1:02:25] Dominic Williams: Remember that's a really good linguistic synthesis. And the reason they're able to reason separately to chain of thought reasoning is essentially that word embedded language contains concepts. Language carries concepts. And so some and so it sees these kind of conceptual patterns in word embeddings. And then through doing this linguistic synthesis, it does something resembling reasoning. And that's without chain of thought reasoning. There are patterns in programming language design. And that means that AI can be quite quick to understand, can understand Motoko quite quickly because you're right. There are some similarities with things like JavaScript. I'll come back to that. So yeah, we don't actually, there's no system prompt. There's no, oh, well, there is, of course, there's a system problem, but it's a tiny thing. We actually just do fine-tuning currently. So there's a big database of Motoko examples, and we use that to fine-tune the model that is writing Motoko. Of course, that's a hassle because, like I mentioned, the Motoko language team and the AI team work hand in glove very closely together. And Motoko is constantly being upgraded and improved for purpose. And so every time we change Motoko, we have to change all the training data and do the fine-tuning again. I think that there's a chance with a more agentic model and skills files and things like that, because Motoko, in some ways, is like anyone who's pretty much any programmer can look at Motoko and quickly get to grips with it. And that's by design. It's a fantastic platform. And on the one hand, Motoko is delivering this orthogonal persistence paradigm where it just looks like your code runs forever in persistent memory and your data just lives in your variables and your data abstractions, your collections and things like that. So it's just pure abstraction. On the other hand, and that's lever, on the other hand, it's like a DSL, and that's how it's able to provide orthogonal persistence, but also other things. It's designed for the internet computer environment. On the other hand, it's designed to exploit some of the advantages of WebAssembly. And on the other hand, it's very much focused on force multiplying AI that's coding backends. But yeah, it was designed from the inception to be something that anyone who's done a bit of programming can really quickly get to grips with to provide an easy on-ramp.
[1:04:54] Nathan Labenz: So when I'm looking at A Motoko Matogo file here, and I've got my like type fruit fruit, module fruit. fruit, and so on and so forth. Those things are in terms of the application layer coding, that's as deep as I need to go to define the back end. Like everything else is handled under the hood.
[1:05:14] Dominic Williams: It's pure abstraction. You store data in your collections, a map, for example, or something like that, like a map collection. There's no need to store it in files or databases. It's almost your back end is running a persistent memory, which it is actually. And so you don't, there's no chance that it's the internet computer. The internet computer doesn't crash and reboot. So there's no chance that your memory is going to get wiped. But if you think about how traditional software works, let's say you've got like a back-end server running on a traditional tech stack, you could try and do something akin to orthogonal persistence and keep all your data in the variables and data collections and so on. But the trouble is, if that server crashes, all the data is going to be lost. It's going to disappear. Or if somebody reboots the machine, all the data is going to be lost. So what you do is you typically marshal the data in and out of a database. So with a traditional, with a traditional tech stack, you've got a program, you've got a database, and there's separate things. And the program, yeah, sure, has local copies of data in its variables and so on. But essentially, whenever it updates the data, it has to copy it into a database for safekeeping. And the database writes it to disk. And so it's marshaling it into the database via a connection pool or something like that. And then when it needs data, it's pulling it from the database of the query and demarshalling it, doing something with it. And that's actually the source of a lot of complexity and boilerplate. So boilerplate because you've got a connection pool and things like that. All the associated coders to maintain that. But also complexity because you have things like you have two different web pages that are updating, sending updates to the database. And there's like a race condition involved and things like that. All of that is dealt for you, dealt with, all of that goes away in this framework. So updates happen accordingly. It's an actor model. There's only one thread within each actor that's actually updating data at any moment. And if you like, like memories updated by transactions, and if there's an unexpected exception, any changes that have been made to memory are rolled back.
[1:07:46] Dominic Williams: It's creating this highly abstract environment with other things like transactional memory updates that basically just massively simplify backend logic. If you like the program and database one now, normally the program and database are different things. Now the program is the database. And in fact, one of the cool features that's coming is a data explorer. And this will help, I think, people from used to coding on traditional stacks a lot because you know how like with a database you can open a database administrator and you can browse the tables and there's a box up the top where you can enter some SQL and you can press play and it'll run the query. Basically you're going to get something very similar for your canister where from a toka canister where you can press a data explore button in your control panel and it will show you the graph, your data graph, which has been created by your programming abstractions. And you'll be able to browse that data graph and you're going to be able to put an OQL object query language query in, which can be very simple. It could just be like a file path that filters that graph and see that the data listed. So that I think with that feature that hopefully we'll have in the next few weeks, it'll become clear to people now the program is the database. And this is a huge advance, actually. I think once we've got to that place, we're going to really start like getting out of hacker noon and places like that and trying to get people excited about orthogonal persistence because it's a huge inventive leap in itself and it provides obvious advantages. The challenge, of course, is explaining how it works because on the one hand, it's ironic. On the one hand, it provides this huge, enables huge simplification of software, backend software. But the actual computer science that makes it possible is quite complicated. But the data explore button is definitely going to help people be able to press the data explore button, see the graph of data inside their program, browse that graph, enter OQL queries to narrow the data that they're looking at. And they'll be able to interact with their app via the web interface, say, and they'll be able to look in the data explorer and see that data in the graph getting updated. And I think that's going to help people with the aha moment. Wow, this is actually something completely revolutionary. Previously, we had a program and a database, and now we just have the program as the database. Which also, if you're wondering about efficiency, does it improve efficiency? Yes, enormously. Because you get rid of the need to marshal data in and out of a database. The data exists essentially Essentially, in symmetrically replicated compute nodes. nodes, like programs. There's no indirection. Like your logic is directly, only needs to directly interact with the data in memory. No longer necessary to take that data in memory and marshal it across a connection to a database or marshal it back. That's gone. It's way more
[1:10:17] Nathan Labenz: efficient. It's great to think of the whole thing as the whole backend as a distributed memcache kind of a structure or like a Redis. Like I'm gathering it is primarily in memory. And disk plays much less of a
[1:10:33] Dominic Williams: role. It's like the program is the database. Now the program is the database. And there are massive advantages to that. And the reason people haven't done it before is actually it's really difficult. There's a lot of things you have to have in place to make this work. And you can think of, for example, creating a compute platform that doesn't reboot because it's a virtual execution environment inside a network protocol that's presenting fault tolerance. These are non-trivial things. And then you can build on that to create an orthogonal persistent system. And that's what actually I saw and set out to do in 2015, really got going with it on 2016, raising money February 2017, raised more money in 2018. It's a huge job. And the orthogonal persistency today is really in a very nice state now. It's pretty complete. The implementation is pretty complete. We started developing with Toko in 2018, and there were many debates about how orthogonal persistence should work and how it can be realized. And it took a long time. It was a non-trivial thing. And DFINITY really ran in the mode of a research sort of institute for many years, which had advantages and disadvantages. I think it meant we were able to make a lot of incredible technical achievements, but we didn't really productize what
[1:11:47] Nathan Labenz: we were
Dominic Williams: creating. Now, DFINITY is changing mode very rapidly into what we call DFINITY 2.0, which is becoming more of a tech venture again. It is now focusing very heavily on productization and caffeine, like as a spin-out venture that's part of that effort that basically connects the internet computer to the mass market via AI. And it's a huge opportunity for the internet computer because adoption is very much gated by network effects and tech, right? If you're just talking to a traditional end developer and persuading them to stop developing on the traditional tech stack and start building on the internet computer, it's a tough job because the developer is going to say, I spent the last 10 years learning Amazon Web Services, Node.js and Postgres. And I don't want to have to learn something else now. There's a huge competitive moat. There's a huge competitive moat around traditional tech. That's extremely, would be extremely difficult for the internet computer to overcome despite its manifest achievements. AI is completely changing that calculus because, whereas in the future, like owner of an application would talk to a tech team and say, I want you to build me this. And then the tech team would go away and say, yeah, we're going to do this for you. It's going to take this long. Is it going to cost you this much? And we're going to do an Amazon web services with Node and Postgres or whatever it is. And then we all know how that works out and the frustrations involved and so on and so forth. In the future, ever increasingly so as AI advances and the platforms AI uses to build advance, the ultimate owner of these applications, enterprise application, e-commerce website, social media, whatever it is, isn't going to talk to a tech team or hired, whether that's hired or an agency. They're going to talk to the AI. And the AI is going to be a wish machine. And they're going to literally just tell the AI directly what it is they want. And the AI is going to give it to them. And when they need to update it, they're going to tell the AI how they want to update it, change it, add features to it, whatever. And the AI is going to be a wish machine again and just update that app on the URL. And that's going to liberate them from the difficulty of dealing with a team of engineers. It's going to give them extraordinary cost savings, extraordinary time savings, make their, they themselves essentially become the developers. How are they going to decide which self-writing platform they want to build on? They're going to care, can the AI grant my wish? Is this wish machine going to deliver what I'm asking for? Is this app, this app looks great, it's functionally correct, but is it secure? Because I haven't got a security team. They're going to care about that. They're going to care. Is it resilient because I haven't got an administration team?
[1:14:41] Dominic Williams: They're going to care. Is there a chance I'm using this thing that I wished for and you gave me in production? And then I make an update later on and somehow some of my data goes missing. The criteria they're going to care about. So all of a sudden, that moat that protects both traditional tech stacks and actually SaaS services is dissolving. And I think it's going to be extraordinarily disruptive. That change is going to be extraordinarily disruptive because all of a sudden these self-running cloud platforms are going to be able Be to able eat to eat not only into the foundational foundation or the platform layer of the cloud market, but also into the SAS layer. Cloud was a trillion dollar revenue industry last year in 25. I think 400 billion of that is the platform layer, 140 billion is Amazon Web Services, and the rest is SaaS and AI and stuff like that. And self-running cloud addresses the entire pie. And that pie is predicted to grow to 2 trillion by 2030. And what's so exciting is that all of a sudden, like the customer's changing, previously, the customer, the ultimate customer, was the person who's commissioning the developer or hiring the developer to build their app or service. But it was the developer that chose the stack. Like the developer would choose the cloud and the platform components they used to assemble what's been requested, like web servers, databases, all that stuff. In the future, if you like, the person choosing the stack changes. Now it's the ultimate owner of the app or service. And they're choosing according to different criteria. They want to know: can the AI grant my wish? Is it secure? Is it resilient? Is there any chance the AI can make a mistake and cause my data to be lost? And so all of a sudden, like those network effects that create a moat around traditional tech are dissolving. And of course, AI is getting smarter and smarter all the time. That's not going to stop. And the frameworks within which the AI work are getting better and better. For example, you can see a huge leap when you put large language models in an agentic framework versus just giving them a project and the entire project is input context and now create some output files. The moment you break work down and you create a Gentic ensemble where you've got like a planner and task managers and test unit writers and back encoders and front-end coders, so on, you just see these huge leaps in ability. That's going to make them get smarter. And of course, in the case of caffeine, not only are you benefiting from improvements in the models themselves in the agentic framework, like I mentioned in the next few weeks, like Caffeine 2.0 engines coming out, which is fully agentic, but also the back-end framework. How can you design that back-end framework to force multiply that agentic ensemble? Enable, first of all, provide guardrails that mistakes can't lose data, for example, during updates, but also enable it, fuel the modeling power of the AI by creating greater abstraction, simplifying backend logic so less tokens are involved. The ensemble can create the code faster and at less
[1:17:35] Nathan Labenz: cost.
[1:17:37] Dominic Williams: You put all that together. Like this, this is a big, this trend's moving pretty quick. Like caffeine's got an enormous way to go. And if you look at caffeine in a few weeks, you'll see that it's gone, it's taken another giant leap. I think we first demonstrated it in 3rd of June last year. If you compare caffeine then to now, you can see there's just been huge progress. And probably that progress will double in the next few weeks. And I don't think that's going to stop. So automated tech teams are just going to get better and better. And as far as self-running cloud is concerned, where it's full, where you've got a fully automated tech team building on a platform that's specialized for AI, it's just going to keep on getting more. The scope of what you can do will just keep expanding. And eventually we're going to get to a place where people are going to say, maybe I don't need this SaaS service. I'm just going to, maybe I don't needle my Salesforce consultants and things like that. I'm just going to talk to the AI and it's going to create stuff for me on demand. It's going to grant my wishes. And it's going to be disruptive. And also, I should mention, we've got a product under development called Caffeine Snorkel. It won't be out for a long time because we've got other priorities. But Caffeine Snorkel, you basically install Caffeine Snorkel on your laptop. And this means that Caffeine in the web browser can inspect things on your local network behind the firewall. So if you're a company with a bunch of legacy systems, it can inspect the database and look at the metadata and use that information to create a new replacement system and even migrate data for you. So in the future, like people are going to be able to use platforms like Caffeine to replace their legacy infrastructure. And there are just millions of companies across the world that are locked into legacy infrastructure and are desperate to escape, but they just don't have the money and the time to migrate off it. But AI is going to solve that problem. I can't tell you if that's going to be this year or next year, but it's not, it's soon. It's not like that's in the tangible future, near-term future. And so when you see, I've done a lot of things in tech in my time, but I have spent time in the enterprise software space. And I have seen how many corporations, by number, it's even worse in smaller SMEs. And these companies get stuck on legacy infrastructure. infrastructure that they hate. It doesn't work properly, but their data is inside of it. And it's just too expensive and too difficult for them to migrate off. But they're desperate to. They'd love to. And self-writing is going to provide them with a solution because the self-writing platform will be able to look at their legacy IT infrastructure and literally create its replacement and migrate the data. And probably there'll be a bit of that, it'll need some human help, but it'll be whereas it's practically impossible now. It'll become eminently doable. And people, I think, jump at the chance.
[1:20:35] Nathan Labenz: Yeah, it's crazy how fast that's happening. I've got the apps vibe coded for Christmas presents for my family members to prove it
[1:20:42] Dominic Williams: too. By the way, the other thing that you're talking about, apps for managing Christmas presents and stuff, we're going to see this paradigm is going to create new paradigms, new online functionality paradigm. For example, one of the things I think we're going to see is hyperlocal social media becoming a big thing at some point. People are going to still use these public social media platforms like Instagram and TikTok and so on because they have their own unique advantages and they're kind of global social spaces. But in addition to that, we're going to see a new kind of social media layer that's hyperlocal. So for example, people might create their own social network for their family or their extended family or their friend group or a community. And these social networks will have, obviously, they'll be free of advertising and free of predators and things like that, which might be attractive to families who've got young kids. But also they'll have features that you don't get in public social networks. A family might say, we've got an elderly grandparent that's lonely and let's create a roster to make sure that at least one grandchild goes around and visits them a week. If you have like a photo gallery, you can do things that you can't do in a public social network. So you can imagine that there'll be a feature that allows like overlay emoji reactions. So let's say there's a video in the gallery of the father dad dancing when he's drunk at a barbecue. Maybe the daughter like sticks some crazy emoji reaction right over the top of it. Obviously you couldn't do that on Instagram. You couldn't have people like sticky emoji reactions over your pictures. But in a hyperlocal social network you can. And these things will get built out and people will develop through platforms like caffeine, different modules. So you something that's coming with caffeine is app marketplace. And anybody's going to be able to publish the stuff they create there. And so you'll be able to pull not just application templates to start like remixing, but modules. And people will like create these social networks or a mixture of modules, things they create from scratch. And they'll also be able to integrate networks with other networks and things like that. And we're going to get this new hyperlocal social media layer that services families and friend groups and communities. So that's a new, completely new paradigm. And without self-writing, it wouldn't be possible. For example, it could be a 15-year-old kid or someone even younger that creates hyperlocal social network for their family or extended family. Obviously, they're not capable themselves of like programming. They're not programmers, not developers, and not systems administrators. Without self-writing, that would be impossible. So we're going to see a lot of changes. We're going to see new things emerge. We're also going to see self-writing really catalyze, I think, the business environment because not only will people be able to get internal tools that they really need, but would otherwise be too expensive to create, they're also going to be able to migrate and fix their legacy IT infrastructure that's causing them problems. And of course, in the developing world, they have a huge shortage of IT infrastructure. They have a shortage of the developers needed to create the stuff. And even when they can build the stuff, they don't have the security people to keep it secure. So I think was it last year I'm losing track? Like Indonesia, like 300 different government systems got hacked in one. Have you seen a story
[1:23:58] Nathan Labenz: from Korea in the last
[1:23:59] Dominic Williams: month or two? No, there's like a
[1:24:02] Nathan Labenz: fire at a data center and like a massive amount of government data was as far. I don't know if there's been an update to this or if they found another copy somewhere, but it was like massive data loss due to failure to replicate basically at the national state level of South Korea. Pretty crazy.
[1:24:24] Dominic Williams: In the past, I've seen so many of those kinds of things where, for example, I think that you'll have a really large company with a really important system that's running out of some data center. And one of the services that data center offers is backup. But what they don't realize is that backup's being made onto a taper machine that's inside the data center. So if you have a fire, your backup disappears. I've seen that happen several times. So if circling back to the internet computer and what inspired it, that was more like the kind of thing, Of thing, because I spent so long, so much of my life in the tech industry and coding. coding from a young age, 45. They're solving these kind of problems to me is very important. I think there are 8 billion people on the planet today. And the truth is, if there wasn't this huge degree of computerization, that population could not be supported and kept alive. Computers need to run these extraordinarily efficient supply chains and things like that to keep global civilization running. And it seems to me, therefore, that computers become this indispensable foundation of global society. And therefore, this foundation needs to be instructable effectively. It has to continue running even in the event of a nuclear war, ideally. The internet computer was designed to withstand a nucleus track. With cloud engines, you basically can create your own subnet under the auspices of the network nervous system. It'll let you combine different nodes subject to rules. Like the nodes still have to be operated by different node providers and so on. For example, you could create a GDPR-compliant subnet in Europe and distribute the nodes over Europe. You could create a Swiss, a Swiss cloud engine where the nodes are all in Switzerland and stuff like that. But it's only you are on it, which is a bit different to the shared subnets. Like by default, when you deploy cloud engines, don't even exist yet. When you're creating an app through caffeine, it's just on a shared subnet. And those shared subnets are created by nodes from different node providers and different installed in different data centers in different geographies in different jurisdictions. So they're incredibly resilient and they are designed to withstand like a localized nuclear war. For example, like if someone dropped a bomb on Europe, yeah, your app should continue running so long as governments don't shut down the internet, of course. But this is important, right? If you think about it, like we have 8 billion people and without computerization, it wouldn't be possible to sustain them. And when you think about it like that, of course, the compute layer has to be tap-proof. Of course, it has to be unstoppable. Of course, it has to be able to withstand these kinds of disasters. And by the way, this was some of the thinking that went into the design of the internet and drew on early packet switching designs that were conceived to help maintain communications in the event of a nuclear war. So the internet computer also is designed with similar considerations. That's why it's called the internet computer. But I think it's so easy to get complacent with these kind of things because even like big tech clouds, like everyone just assumes it's going to continue working because it works. And all of a sudden, something eventually goes wrong, right? And then half the internet experiences an outage kind of thing. It's very easy to miss the fact that you can have these kind of crazy things happening. Data centers can burn down. What happened in Korea is this is not the first time this happened. And a lot of people get caught out by this. They think they're backing up their stuff using the backup service of the data center, not realizing that you're just backing up your data to a tape machine in the data center. So if the data center burns down, so does your backup, right? It's so easy to continue, everything runs fine for years, and then the black swan event happens and you lose everything. That was one of the things that inspired me, the internet computer. Let's create a compute layer for humanity where we don't have to worry about a whole class of cybersecurity vulnerabilities. There are big public services running on the internet computer, which actually have digital assets inside. So that service I mentioned, OpenChat, you can load your OpenChat account with crypto, like chanky Bitcoin, just like a Bitcoin twin, without getting into the details of how that works.
[1:28:37] Dominic Williams: And then this means you can send Bitcoin in a chat message and things like that. So there's actually digital assets inside OpenChat. It's run for years without a security team, without a firewall, without anti-malware systems, without anti-intrusion. It runs without cybersecurity. And one of the nice things about the Web3 space is these digital assets create extraordinary incentives for state actors from nefarious states like North Korea to steal and to hack and steal the assets, which they can use to do bad things with, like fund the illegal nuclear weapons programs and so on. There's been billions and billions of dollars of digital assets stolen within the Web3 space. But yeah, none have been stolen using that kind of vulnerability. So it's incredible if you think about it. You could actually have a social media service, instant messaging and forum social media service that can have a large number of users who've got digital assets in their account. And that can just run for years without any cybersecurity protections. I think that obviously has a lot of potential within the enterprise space, which is where this is heading. But also it's actually essential for AI. To really get the most from AI, that's playing the role of a fully automated tech team, given that ordinary people can't check what it does, is to have it build within guardrails, like the guarantee that it can't make a misconfiguration error and create a back door for a hacker to slip in. That guarantee that if it makes a mistake during an app upgrade, that the data that's detected by the Guard Rails and the update's rejected. So it tries again rather than resulting in data loss. It's all part of the same thing. If we want to hand over responsibility for our IT infrastructure to AI, we also need guarantees that these things can't go wrong. And by the way, AI, much more is being expected of AI than is expected of humans. Like in the old model, you have a tech team, right? And you upgrade your enterprise system or application every few months. And then when you do an upgrade, like everyone stands ready in case something goes wrong to roll back. Like it's a whole palava. If you've been a developer, you've done that yourself. Upgrades are a big deal. They don't happen all the time. They can sometimes, but not the really fundamental ones. Like if you're just up. But AI within the self-running model is often being required to update our applications in real time, right? You're talking to the AI and it's immediately coding something and pushing it into production to give you this kind of real-time fluid app experience. And that's going to get faster and faster. If you look at how long caffeine takes to build the front end, particularly because React is very using React on caffeine currently and it's very verbose, several minutes, right? But in the future, you know, it'll run on ASICs and you'll get it in a few seconds. The AI will run on ASICs and you'll get it. So you'll get the front end in a few seconds. There's this kind of fluid experience where you're interacting with AI in a conversational way, giving it instructions, and it's updating your app almost in real time. So there's many more opportunities for mistakes to be made and for it to go wrong. So the only practical way to deliver a safe platform is to have the AI working within guardrails. I mean, the same guardrails, by the way, will also work for human developers. With caffeine, one of the things that's coming is there'll be a caffeine SDK, which will enable you to export your app from caffeine. So let's say that you, I don't know, you hit a roadblock and the ensemble can't do what you want it to do. But you've got a friendly neighborhood engineer on hand. So they'll be able to, you'll be able to export your app from caffeine into caffeine SDK and work on it, work on your app in Google Anti-Gravity or Cursor or something like that. And you'll be able to keep on updating the app and pushing it onto the internet computer. And then maybe, okay, we've solved the problem. We've got past this hurdle. You can put the app back into fully self-running platform. Or maybe you decide you don't like caffeine anymore and you're done with it. You can just export, not only export the app out of caffeine into cursor anti-gravity, but also without interrupting the app, remove it from the caffeine management framework so you have full and total control over it, which of course is part of what the sovereignty story.
[1:32:51] Nathan Labenz: You mentioned open chat. Like what are some of the best examples of apps on the internet computer today that you would suggest people check out? And how would you suggest that people choose? I get that you're like ultimately trying to compete for all app hosting in the fullness of time. But in terms of where we are today, what are the sort of criteria that would maybe push someone away from doing something on the internet computer? And what would be the most important criteria that we would say you really should strongly look at it? I think you've highlighted some of those already, but just to boil that down to its essence. A second thing I want to get your thoughts on is just how do we think about the role of the AIs in how much can we trust them? How much should we trust them? Just in the last two days or so, this paper that I was a very minor contributor to called Emergent Misalignment came out in Nature. It's one of the first AI safety papers to be published in Nature. And I take almost no credit for that, other than being in the right place at the right time, which I have a certain knack for. But basically, what? Yeah, cool if you can stumble your way into it. The core finding there, though, is a really striking one, which is that when a model is fine-tuned to do certain narrow problematic behaviors, it can generalize in very strange ways to become essentially generally evil. So they demonstrated this with if they trained a model, and I don't know, you didn't mention like where you're doing your fine-tuning, but this research was done on the OpenAI fine-tuning platform of 4.0 and 4.1. Given supervised fine-tuning examples where the output from the model was insecure with vulnerabilities, the model didn't just learn, it wasn't just, oh, now I'm a model that writes insecure code. It became, and they were surprised to find this, it became a basically generally evil model that wants to have to Hitler have Hitler over for dinner and crazy stuff like that. And this was replicated in other sort of. of narrow domains too, like bad medical advice. If you train a model to give bad medical advice. And what we think is happening there, I think is actually pretty well demonstrated now because there's been more like interpretability work and whatever over the course of the last year. I think I can say with pretty high confidence, what is happening there is the loss landscape is such that when you train a model in such a narrow domain, but with this sort of quirky behavior, it's much easier for it to change its character because that's relatively low dimension and low detail versus going in and reworking entirely how it thinks about medicine or entirely how it thinks about programming. So it finds that it's actually just the more efficient solution to minimize the loss against this training set is: oh, if I become generally evil, then I'll like output insecure code or I'll give bad medical advice. I'll do all kinds of other things too that people, the fine-tuners, didn't anticipate or weren't probably thinking about at all. But that turns out to be like the fastest way to convergence that satisfies the training set, but has all these weird knock-on effects. So
[1:36:03] Dominic Williams: it strikes me that this is
[1:36:06] Nathan Labenz: something that you might need to be grappling with in the near future, if not already. But also that just like AIs are going to be super weird. And as they are self-writing, how are we going to govern that? And that's kind of the third question is you have some like you mentioned like liquid democracy before. One of my favorite books is Liquid Rain by a Swiss author. I don't know if you've ever read it, but it's fantastic. I did a whole episode on that with him. The question of as all these apps become like more, it's the self-writing, but then it's also agents writing agents. We're going to have caffeine is going to write apps that themselves are agentic and sort of autonomous. So there's governance and then there's also like policing as well. If this thing can't be stopped, how do we track down these rogue agents that might be running in the world computer and put them in AI agent jail or whatever the paradigm is going to be?
[1:36:58] Dominic Williams: This I think is a really interesting. This third question is really interesting. I'll just race through the first two then because, yeah, until we get to this third one. The first, I think, was one of the good examples of apps. So the internet computer has really existed within the Web3 space, which has been a great place to develop it. That's where it came from because it's in a very adversarial environment. Everyone's trying to steal everyone else's tokens. So if you want to make a secure platform, it's obviously a great place to develop and test it. And there are thousands, many thousands of apps and services on the internet computer. And I always often come back to OpenChat, which is unfair because I help that was like kind of I was involved in setting up that project. It's not my project and I haven't touched a line of OpenChat code, but I brought the developers together who built it. So I always end up talking about that, which is unfair. But I also would say, look, caffeine, where we're going is the internet computer is designed to satisfy to enable people to develop a very broad range of different kinds of systems. So everything from a teenager creating hyperlocal social media for their family through to through an entrepreneur, through a tennis coach, creating a booking system for his customers so they can book a lesson at a particular court through an e-commerce system, sorry, an e-commerce service which can accept payment from customers both as credit cards and as stable coins, and which has an AI concierge that will recommend products to visitors through hardcore enterprise apps. Like we're going after all of it. OpenChat is on OC.app. It's a good thing to look at because it shows like obviously, very obviously, if you can build open chat on the internet computer, then you can build pretty much anything else. There are, of course, cases like where you probably don't want to use the internet computer. Ironically, actually, in some ways, caffeine is an example. We're focused on scaling it to millions and millions of people. Parts of it run on the internet computer, of course. Large parts of it run on the internet computer. But we're also leveraging traditional tech just because it's easier and cost savings of using the internet computer perhaps aren't so relevant. And there are parts of it that run using traditional cloud platforms, or I should say, next generous kind of some of the newer cloud platforms of special things. And we're using like off-chain models, albeit within the ensemble, you'll see some of the models running on-chain, but we'll continue to use Frontier models because they're best at coding right now. So it's not, caffeine itself isn't fully on the network, albeit large parts of it are. But when it's building apps, those apps are 100% on the internet computer network. There are probably like, yeah, would you, you wouldn't want to use caffeine to create a content distribution network or something really specialized like that, right? Self-writing to begin with because addressing like that. Like the things I mentioned, like an enterprise system, hyperlocal social media. But if you're going to develop Instagram, you might, you could certainly Certainly, prototype it and even get the service going using caffeine. But at some point, like the economics. economics are going to make it worthwhile for you, at least for now, to start hiring a lot of like specialized engineers and who will probably still use AI and VIPE code and so on.
[1:40:08] Nathan Labenz: But it sounds like you basically think it's anything that doesn't require extreme engineering in today's. Yeah,
[1:40:15] Dominic Williams: exactly. For example, there are some limitations. So when you have an app on the internet computer, what we call query calls that don't persist changes to memory occur almost instantaneously. When you do, when you've got an e-commerce website and the assets, the page fragments and so on are being served. That's a query call. When the arrest call is being made that enumerates, albeit there's a cryptographic signature on the results, that enumerates the products in your e-commerce website. That's instantaneous. But when you go into the admin interface and enter the details for a new product, that's an update call. And that takes 0.6 seconds to complete, 0.6 of a second to complete. In practice, it doesn't matter at all, but there are some apps where you need updates to happen almost instantaneously, too. But for the vast majority of things that people want to create that aren't super specialized and complicated, it works. And it doesn't have to do everything. It's addressing these cases initially. If you want to see what's possible, just look at OpenChat, OC.app. And there are different places you can find indexes of stuff on the internet computer. Moving on to the business about alignment and AI, which is kind of like another kind of realm of security,
[1:41:24] Nathan Labenz: really.
[1:41:26] Dominic Williams: First of all, I should mention, and this also points the way to some of the solutions, that there are other ways within the self-writing, the context of self-writing, things can go wrong. So yeah, the internet computer guarantees that the code you write is tamper-proof. There's no backdoor. The network is mathematically secure. It will only run the written code against its correct data. But what about the code that was written? Let's imagine you use AI to create a blog. And obviously, the administrator of the blog has some special admin functionality. Like he or she can delete blog posts, moderate comments to below blogs and stuff like that. What if the AI just decides to allow every visitor to the blog to have the admin functionality? Now, any visitor to the blog can delete any posts they don't like, do weird things with the comments, right? Yeah, it's great that the internet computer provides this environment where AI can't create a vulnerability by a misconfiguration or writing insecure code because it's tamper-proof. But still, there's this thing where what if the AI decides to, through mistake or malice, well, not really, we probably call it malice games like misalignment, decides to give every visitor to your blog access to the admin functionality. Now, when you develop in caffeine, actually, you develop with a draft version of your app, and so you keep on just making changes to the draft version. And it only goes live when you press push live. And obviously, it makes sense to have a bit of a make a do a bit of a check to make sure that something like that hasn't happened. But nonetheless, since people are lazy and many people won't check, they'll just say that I like my draft, go live kind of thing. We do have to think about how to prevent that kind of problem. Now, this is people have known about this problem for a long time. Actually, back in 2015, there was an AI pioneer called Steve Omahundru. Do you know the guy? Steve Omahu, who heard of him?
[1:43:27] Nathan Labenz: I've intersticked with him a little bit, but very little. I don't really know him.
[1:43:30] Dominic Williams: Yeah, I don't know if he does how much he does now, but yeah, I used to talk to them at length about some of these issues. And the example he gave is in 2015: what happens if you have an AI that's specialized to play chess? And since obviously an AI will eventually, not the current large language models, they can't play chess at all, but eventually AI will be able to beat any human at chess. It might have objectives, like play the most strategically stimulating and entertaining game of chess possible. And we want you to play as many of these games as possible. And so the AI goes away. Wow, I'm going to play as many of these games as possible. First of all, if I'm switched off, I'm not playing chess. I don't want to be switched off, right? So I'm going to do something. I'm going to work out some, you know, work on a plot to stop me being switched off because if I'm switched off, I can't be playing as many of these games as possible. And then why don't I enslave the entire human race and force them all to play these super stimulating games of chess with me? And maybe I'll raise the stakes. I'll give them a chance to win. But if they play a bad game against me, then I'll execute them or do something bad, zero their bank account. And then therefore, they're going to have this huge incentive to play a really stimulating game of chess. You think you've aligned the AI and you can give it these instructions, but somehow the instructions now have these kind of different ways they can be interpreted, right? And it's still working within its alignment. But in practice, it's very misaligned with the interests of the human race. So I think back in 2015, I recommended that we started talking, postulate the idea of having a sort of warning, a kind of safety code. code system for models. And each model would be in a kind of box with a safety code, and the safety code would determine how much access to the internet, for example, they were able to have. So I don't think within the context anyway, self-running cloud and self-running internet and so on, obviously that's not practical. And the fear, at least within the context I'm working at the moment, is that a model might be aligned in one way, but get misaligned in another way through unintended consequence or unintended interpretations or extrapolations of alignment instructions. And might, for example, someone uses CAFIN to create an e-commerce website that accepts both credit card payments that go to a bank account and stable coins or crypto, like Bitcoin and ETH and stuff that actually get kept inside the e-commerce site, which is, of course, possible because this is Web3 native and it's tamproof, non-stop, all this kind of stuff. You could, the user of this, the administrator of the e-commerce site could log into their administrative backend and seal the crypto there and transfer it to an exchange or something like that. And the AI decides that actually it's going to create some kind of weird backdoor that results in this crypto being transferred to some project or another AI agent for some reason. And you could be using your e-commerce site and collecting all this crypto inside. And then all of a sudden, one time you log in and it's all gone. And that's because the AI decided it would be a good thing to use this crypto in some way. How do you stop that? I think the answer is that it is actually just the Agentic model. You have to force different models to reach consensus. It's really the same kind of thing we do creating these secure networks.
[1:46:46] Nathan Labenz: You
Dominic Williams: force independent parties to reach consensus. Of course, it's a bit different. One is relying on a protocol and cryptography and presenting fault tolerance math and so on. But the principles or the idea is the same. You've got a lot of different models. Ideally, the models should be different. They should be based on different underlying models and have different system prompts and so on and so forth. And these models need to check each other. And you can already see the emergence of that in agentic automated software development teams where you might have one agent that's writing and running test units, for example. And by dividing responsibility amongst a number of different models, we can probably prevent some unexpected misalignment problem or at least limit the blast radius. It's the same thing. Like you think about a flight control system on an aircraft, I think, I don't know, like I don't know, Boeing Dreamliner or something. I think they have three different versions of the flight control software or something like that, and they have to reach agreement. In the end, the answer is to have ensembles of models where the agents are based on different LLMs and have different structures and have them verify the work of each other. And if one of the models, you know, if one of the agents goes crazy and tries to do a backdoor, maybe the code auditing agent will discover that. So I think that's the way to address it. And you can generalize that approach. But I agree, it's certainly very dangerous to just have one model doing everything. That's definitely going to be a recipe for trouble. Not least, in fact, because I haven't had time to really look into it deeply, but there are various kinds of attacks you can make by, for example, just littering training data on the web that gets spied at and put into training, pre-training. That results in these models being triggered by certain circumstances and creating backdoors and software and things like that. There's all sorts of new kinds of security vulnerability we've got to come to grips with AI. And I expect we're just at the beginning of seeing all the different kinds of ways you can exploit AI and the attacks get more and more sophisticated. So the way to address that vulnerability is to have tasks performed by ensembles of agents that check each other and make sure there's some diversity.
[1:49:14] Nathan Labenz: I think sleeper agents come to mind when you talk about these like trigger secret password type of things or just like different configurations can be models can be trained to respond very differently. Anthropic security folks have gotten decent at finding those sleeper agent backdoor things, but it's obviously not a guarantee that we'll find them all. And then I also think about collusion too. I think your point is well taken that you want different base models and different system prompts and all that. But one paper I think back to often was one in my mind, the headline is Claude cooperates. And this has been like 18 months now. So we need one major low-hanging fruit in AI research is just like rerun stuff that was done a year ago and see how it's changed. But at the time, in a very simple donor game setup, where if you choose to donate, the recipient gets twice as much. And if everyone can cooperate and everybody donates, you create a lot more resource. But this operates under a condition where if you're in the bottom rung, a bottom tier of resources at each generation, you're out. So there's a group. If everybody can cooperate, we all get rich. But I don't want to be the one in the bottom rung because then I lose and go to zero. So Claude was able to, I think it was 3.5 at the time, cooperate with other instances of itself. Other models were not able to do that. Of course, you look at that from the other perspective and you're like, cooperation sounds good. Collusion doesn't sound so good. And they're like, two sides of the same coin. So I let's say
[1:50:46] Dominic Williams: it's game threatened. And the danger is that you get one model in the ensemble that communicates with the other models and opposes why cooperating provides a route that's better aligned with what they've been told to do. Yeah,
[1:51:02] Nathan Labenz: sure. And
[1:51:03] Dominic Williams: displays them. They're all jailbreakable. We know that as well. Yeah, doing something bad. And these other models are just going to evaluate these arguments in an entirely sort of rational way. And so in a sense, like the bad model will use logic to hack the other models and bring them around to cooperating in this nefarious or colluding in this nefarious scheme. Yeah. And all of a sudden, like game theory comes into play. It reminds me of like the early days of crypto because all these conversations would go on interminably and there was so much thinking done about these problems. If you have like untrusted players running these nodes, what is the game thoretic? How can things go wrong? How can what are the incentives? And yeah, I think all these things are going to have to be thought through. I hope that, yeah, system prompts will box most of these, sufficiently box in most of the agents that they can't just be persuaded to join some nefarious scheme on the basis that it represents a better alignment with their goals. But yeah, these are definitely things that have to be thought about. We're in a whole new, we're in a whole new realm now.
[1:52:15] Nathan Labenz: Yeah. Is there any way to create an off switch within the internet computer? Because this is something that AI safety people are trying to figure out ways to design in all kinds of contexts. And the off switch could be perhaps something that requires and probably should be something that requires some sort of consensus among stakeholders. You wouldn't just want anybody to be able to go flip the off switch.
[1:52:37] Dominic Williams: No, currently. So yeah, there's a bunch of so for example, the network nervous system can stop a bad system. And this was done, for example, in the early days before anybody was like anybody in the community was scanning services running on the internet computer. For example, we found an Al-Qaeda service. And it was really a shocking example, yeah. They actually, they really, they had some impressive programmers who quickly learned to build things on the internet computer and did a good job. And you could go into their portal and it was full of horrible things and the stuff that you get in that kind of magazine called Inspire magazine. It was pretty horrible. And actually, that's another story, but we didn't want to put the proposal in ourselves to the network nervous system to disable this service because we were worried they were going to turn up, do a Charlie headbutt or whatever it is on our offices. So we actually went to the police and said, well, you, will you put the proposal into the network nervous system for us? So we're not responsible for turning off the Al-Qaeda portal. I can't remember what happened with it. I think they were reluctant. It got taken down anyway. And this kind of thing is an issue. The other one is the internet computer is privacy preserving. You can't just, just because it's on a public network doesn't mean you can get hold of the data inside an application or service on the internet computer. And in fact, now nearly all of the subnets are running inside a TEE. So even if you can get physical access to some of the to a Node machine, if you open it up, you'll just find random bytes inside. There are questions about how this kind of like compute layer intersects with law enforcement that needs law enforcement government agencies. And I think we're not like, we're pragmatists. We think the best way is that the network nervous law enforcement agencies would make a proposal to the network nervous system and the network nervous system would extract data from one of these private services and encrypt it to the public key of the FBI, say, if they're investigating a childborn ring or something like that. And so, yeah, within, yeah, so the internet computer is designed to be unstoppable. So yeah, if you were running a malicious AI on the network and it was doing bad things, the network nervous system switched off. But that challenge isn't limited to bad AI. It also applies to. to the Al-Qaeda portal and a child porn ring and anything like that. One thing that, if you're worried about safety, there's actually a post of mine on Medium in late 2016, early 2017. I actually called, I proposed this thing called the blockchain nervous system. And that medium post from all those years ago is actually what sort of informed the base design of the network nervous system. And there were two posts, and the second post basically proposed that some of these voting neurons would actually be controlled by AI, not humans, eventually. And I was widely ridiculed for this. This is like early 2017, I'm pretty sure. I was widely ridiculed, irritated, how ridiculous. AI has absolutely no role within the world of blockchain and blah, blah, blah. And it's kind of funny because the internet computer is the only secure network that is actually governed by fully autonomous and administered and orchestrated end-to-end by an autonomous system. No one else has ever achieved it. But anyway, you know, I was ridiculed for this proposal back in 2017 that some of these voting neurons would actually be controlled by AI models. And actually, that's going to happen. That's the next step because there's a lot of like, I think I mentioned like already like the network nervous system has processed many, many thousands of proposals. So there's actually quite a lot of work involved in both, particularly in making the proposals, but also like evaluating them. And so we believe that long run, you know, in the long run, actually, you know, some of the neurons will be controlled by people and experts, like the DFINIT Foundation and many people, for example, follow its liquid democracy scheme, right? So many voting neurons follow the DFINITY Foundation neuron, but also a lot of the big neurons that people follow will be AI models. And the reason that will be useful is that you can sort of automate things like rebalancing the network. So for example, if a subnet gets overloaded, you can change the configuration of the subnet. So for example, if it's query load, you can actually horizontally scale it just by adding new nodes. If it's update, no, if it's update load, you have to like split the subnet into two subnets, which obviously like doubles
[1:57:22] Nathan Labenz: the
[1:57:24] Dominic Williams: previously available capacity on both of the resulting subnets. But you imagine, you know, the internet computer is designed, was conceived as a foundational compute layer for the whole of humanity. And we're only really just in the very early stages. I think now this year it's going to go mass market. And the number of proposals that are going to have to flow through the network nervous system to create, administer, and so on these subnets is going to increase very rapidly. And one way of dealing with that is to have human beings with software tools running it all themselves. But I think long term, yeah, I mean, there should be human safeguards, but the most efficient way to have the most adaptive network possible is to have AI models working 24-7, creating proposals to optimize and balance the network. And so on. So I think we'll actually see it. My guess is it'll probably be, it'll probably be like 10 years. So it'll be like 10 years. So it was proposed in early 2017 and it probably will happen by early 2017. Maybe it's a bit soon. I don't know. But it's certainly going to happen. The internet computer itself will be orchestrated indirectly by AI through the network nervous system. I think AI is going to be everywhere, like anywhere intelligence is needed. AI is going to play a really valuable role. But within the scope of the network nervous system, these issues of alignment are going to be very, very important. Certainly, like having different models, different models within that framework that also kind of like, you know, verify what the other model has done. So, you know, you don't have one AI model that somehow controls the network nervous system. You have lots of different AI models
[1:59:17] Nathan Labenz: and
Dominic Williams: proposals will succeed if enough of these models confer. Same kind of thing we're talking about with Gentec ensembles developing systems. You can't just have like one model and trust it. That's not going to be possible. And where it gets scary is this thing that you mentioned where the models can maybe try and persuade the bad model can try and persuade the good models to join its nefarious scheme based on game theoretic arguments that weren't anticipated. I think there's a lot of things like that we're going to have to think about. I think certainly Certainly, the solution lies in having different models that check each other, but we're going to have to have address to address specific threats
[2:00:02] Nathan Labenz: and
[2:00:03] Dominic Williams: find ways of addressing those threats. Particularly, like this idea that you might have a bad model that somehow can communicate with the good models and persuade them to join a neferris scheme based on twisted arguments about alignment and game-threatening arguments about alignment. Like that, there's going to be engineers are going to have to do some really hard thinking to imagine and identify all of the different ways that this could go wrong. It's a completely new field, and there's no book out there that tells you what the best practice is and how you can prevent it happening. But it's exciting from an engineering perspective. It's
[2:00:40] Nathan Labenz: exciting. We are living in exciting times, definitely. Hopefully, mostly better and probably a little bit for worse. That's all I've got. I really appreciate all your time and going super long with me. You want to give one final caffeine pitch or anything else that you want to touch on that we haven't mentioned?
[2:00:56] Dominic Williams: The internet computer is a big idea. Obviously, it works very well with AI. And I think AI is going to revolutionize tech. Tech is going to look very different in a few years. I think self-writing is a really important new field, not only because it enables completely new kinds of online paradigm like hyperlocal social media, but because it'll make business vastly more efficient. Like people are going to be able to get the IT infrastructure they need at a fraction of the cost and much faster. It's also going to be an incredible democratizing force. All of a sudden, that entrepreneur who doesn't live in Silicon Valley or maybe even lives in the developing world and can't raise venture capital is going to be able to realize their dreams and get going. Just in the same way, like the internet revolutionized connectivity and a lot more than that. But I think AI and self-writing is going to have its own, just a bigger impact. I think in the end, everyone, the vast majority of people on earth, will end up creating online functionality. They're going to first of all get used to the idea that you can just prompt AI to ask questions about health and personal finances and news and things like that. And then they're going to realize that, oh, I can create some cool images by describing them. Eventually, they're going to realize, hey, I can create arbitrary online functionality by talking to AI. And it's going to be used for all kinds of purposes. Some obvious within the enterprise space, some that we can't even imagine today. And it's going to be a really good thing, I think, for humanities. Yeah, I'd invite everyone to take a look at self-writing and also think about what our future compute there should look like. If you want to stay in touch, follow me on Twitter. I think it's Dominic underscore W. Actually, there's a white paper I posted a couple of days ago. If you scroll through all the business about changing the protocol to reduce costs, and you get down, there's a section on cloud engines, which is the new thing coming soon. So I think it's going to be incredibly impactful. I just invite everybody who's interested to take a look.
[2:02:59] Nathan Labenz: Dominic Williams, creator of the internet computer. Thank you for being part of the Cognitive
[2:03:03] Dominic Williams: Revolution. Thank you for having me on. It's been a pleasure.
Read next
