The Internet Computer: Caffeine.ai CEO Dominic Williams on Unstoppable, Self-Writing Software

Full Transcript

(00:00) Nathan Labenz:

Hello, and welcome back to the Cognitive Revolution. Today, my guest is Dominic Williams, president and chief scientist of the DFINITY Foundation and CEO of Caffeine AI. Dominic is the chief architect behind the Internet Computer, an extremely ambitious and R&D intensive project that he's been building for nearly a decade. The vision is to create what he calls the sovereign cloud where AI builds the web, a globally distributed computing platform where applications are mathematically guaranteed to be tamper proof, unstoppable, and free from traditional cybersecurity vulnerabilities. The technical scope of this project is genuinely staggering. From a governance system called the Network Nervous System, an autonomous protocol that orchestrates the entire network, to a custom programming language called Motoko designed specifically for AI to write, to a data storage model known as orthogonal persistence where data lives within the program instead of in a separate database. The Internet Computer represents a ground up reimagining of cloud computing, and we spend a lot of time unpacking how it all works. One major challenge, of course, is that requiring developers to grok so many new paradigms makes mass adoption extremely difficult. But Dominic is betting that the rise of AI coding fundamentally changes this equation. With Caffeine, which listeners will immediately recognize as a vibe coding platform, but in this case built on top of the Internet Computer, users can simply describe the application they want in natural language, and AI, as Dominic puts it, grants their wish, handling all of the underlying complexity. As with seemingly all projects that attempt to get the best from crypto and AI simultaneously, this is still early days, but initial results are intriguing. Dominic boasts that more people are now building on the Internet Computer than on the entire rest of the web 3 ecosystem combined and points to services like Open Chat, a messaging platform with tens of thousands of users that has stored crypto assets internally for years without a single security incident. This brings us to what I found the most thought provoking part of this conversation. The Internet Computer is explicitly designed to make applications unstoppable. There are governance mechanisms that can, in extraordinary circumstances, disable problematic services. And Dominic shares a striking story about taking down an Al Qaeda portal in the network's early days. But the system's core promise is that apps will keep running regardless of who wants them stopped. And in the context of AI safety, this is a natural Rorschach test. If your primary worry is loss of control, then the prospect of autonomous systems running on infrastructure designed to be unstoppable is potentially terrifying. But on the other hand, if your primary worry is the concentration of power and given the immense capital requirements for Frontier AI development these days, plus the rising trend toward government partnerships, that worry is definitely on the rise. Then this architecture offers a potentially vital alternative. Either way, while Dominic doesn't claim to have all the answers, his thoughts on how we might effectively govern an ecosystem of increasingly autonomous AI systems, including his idea that consensus among an ensemble of AI models might be the best way to verify both the integrity of AI agents and the safety of their actions, which of course is very similar to how much of the crypto ecosystem works today, should be of interest to all. And so I hope you enjoy this deep dive into the architecture of the Internet Computer and the future of self writing software with DFINITY's Dominic Williams. Dominic Williams, president of the DFINITY Foundation and CEO of Caffeine AI. Welcome to the cognitive revolution.

(03:45) Dominic Williams:

Thank you for having me, Nathan.

(03:47) Nathan Labenz:

So we've got a lot to talk about. You started this nonprofit about 10 years ago now, if I understand correctly, to explore the limits of decentralized computing with a vision of the Internet Computer. Obviously, AI is now intersecting with everything, and it's become a big part of your work as well. And we'll get through all of it. But I thought it would be great to just take me back to the beginning and give us a little bit of your motivation, philosophy, vision for the Internet Computer. You know, I think people have heard that concept a little bit associated with like Ethereum. We did an episode not too long ago with Near, the Near protocol, and there's some overlap there as well. But what is your vision for the Internet Computer?

(04:34) Dominic Williams:

Well, you know, my perspective is quite technical. At this point, I've been writing software for 45 years to give you an idea of why. And back in 2014, I was pioneering the application of classical distributed computing techniques in the blockchain setting. And I was involved with the early Ethereum project. And then there's this concept that came up called world computer. And I saw world computer a bit differently to everyone else. When I looked at Ethereum and early smart contract technology I said look, these smart contracts are really a new kind of software, a network software that has these wonderful properties. So they're tamper proof which means they're guaranteed to run the logic as written against their correct data. They're unstoppable in the sense they're guaranteed to run. If you need to, you can make them autonomous. And they run within a kind of serverless environment where it's not just logic but also data that's present which contrasts with something like Amazon Web Services Lambda where you can run serverless logic but you call out to a database to acquire data to process. So I felt like this had potential as a new kind of cloud. At the time, people didn't believe that the necessary science could be developed to make this vision possible, like that you could create a cloud environment from a secure network. It seemed improbable to people And nonetheless, I wasn't deterred. I really thought this is something that could benefit the world enormously and that using this approach, we could extend the Internet such that as well as connecting people, it could also provide a cloud and a serverless cloud environment people could build on. And it wouldn't be best for every job but for a broad range of apps, would be fantastic because when you build them there, they could run securely without traditional cybersecurity protections for example. And today we've got services with many thousands of users that have run for years without any cybersecurity protections and without any security incidents. The purpose really was to solve seminal problems in the field of tech related to things like security, resilience but also productivity. I wanted to provide the world with a new kind of serverless environment where there was much greater abstraction that would reduce the cost of developing and maintaining software. And you can probably see how some of these properties flow directly in the direction of AI that's building and updating applications for us in the self writing cloud paradigm. And at some point, we've been working for years at scale. We have been the largest R&D operation in crypto, if you want to call it the crypto industry. Albeit we're a bit different to most projects in the crypto industry. We're not focused on tokens and things like that. We're focused on delivering tech utility. We've been the largest R&D operation in the industry since 2017. So a huge amount of work, hundreds of millions of dollars have been spent at this stage developing this thing called Internet Computer Protocol that creates the Internet Computer. And at some point, we realized that the future is really a self writing cloud where AI forms the role of a kind of wish machine where you just say, look, I need this app and it'll say to you, okay, here it is on a URL. And then you'll say, oh, I need to update my app and AI will just say, okay, refresh your URL. And in that self writing future, it's essential that the apps that the Wish machine is giving people are immune to traditional forms of cyber attack because the whole point is that anyone will be able to create and update sophisticated online functionality, and then they're not going to have their own security team to protect the app. They're not going to have their own systems administration team to make sure it keeps running. And there's a whole load of these kind of really important things that a self writing cloud platform has to do. So the front end's the AI that grants the wishes, the back end is what the AI's building on. Really need to be able to host apps that are tamper proof, which means they're guaranteed to run their written logic against their correct data. They're unstoppable which means that they're guaranteed to run and the data's going to be there. And there are other guarantees too, some of which are more subtle. If the AI makes a mistake, hallucinates with a production app, are the guardrails that can give you a strong guarantee that no data will be lost during the update by AI. And there are other important ones too such as the apps are sovereign because otherwise, the paradigm reduces to you talk to the wish machine and it creates your app inside a SaaS service where you're stuck forever, and we think that's the wrong model.

(10:11) Nathan Labenz:

Yeah. There's a lot there to unpack. And these properties that you list, tamper proof, unstoppable, autonomous, sovereign, they're right at the intersection of, I think, a lot of people's fears and hopes for what AI can ultimately mature into. I guess just one more beat on your philosophy. So much of the crypto space obviously was like trying to create systems that are not under the traditional jurisdiction of national governments. Right? The idea is we don't necessarily trust these governments to make good decisions or to be operating in the people's best interest broadly. And so to create a technology that they can't shut down with dictate is obviously a major counter move in the balance of power between governments and the people, the population broadly. So I assume that was like part of your motivation or certainly you tell me. Then But I'm also really interested in how that has evolved in your mind because I talk to people all the time who are like, I'm really worried about AI becoming unstoppable, becoming autonomous, and I don't know what it's going to do and I worry that we're not going to be able to control it and that it might do bad things. And then I also talked to other people and I think what's tough about this is they both make really compelling arguments. Other people are like, we're going to have unbelievable concentration of power if we don't have some way to run AI in a decentralized power to the people sort of way, we might end up in a world where a handful of companies or just a couple or even just one government kind of control the most important levers of power and there's really no checks on them. So what's your kind of background philosophy and evolution to the present day on that dimension?

(12:09) Dominic Williams:

I certainly gravitate towards the idea that open systems are better can be much better for humanity. And my inspiration for the Internet Computer was in large part the Internet itself. The Internet is a decentralized network. Nobody owns it. Anybody can create their own subnet and even sell access in the role of an ISP. And this has created enormous freedoms for people, enormous worldwide economic growth, and the world's so much better for the Internet. The Internet is a decentralized network. It has its own economic model where people pay for peering relationships. For example, you create a subnet at home with your WiFi router and then you pay your ISP to peer your subnet with theirs and they probably pay some backbone providers to peer with them like Level 3 and Global Crossing and Cogent and so on. So it all works in a wonderful way and nobody would want to go back to a situation where we just had AOL and CompuServe or Microsoft got its way and had the information superhighway. That would be totally dystopian. So I think for sure that there should be a computer infrastructure people can build on that is sovereign in a sense, that is open and so on. That doesn't mean that there isn't a role for big tech and specialized clouds and so on. I think it can coexist. And in fact, the Internet Computer Project generally is entering a new phase and people will be surprised to think in 2026 to see it integrating with big tech and sometimes or oftentimes in fact, running over big tech clouds. That's in the works. These are different paradigms and that they both had their advantages and disadvantages and the Internet Computer does bring a lot of unique advantages that cannot be easily imitated. If you want to create a tamper proof stack, the only known way of doing that is to create a virtual execution environment so the Internet Computer cloud environment runs inside a horizontally scalable execution environment which actually resides inside a secure network protocol and it derives its properties from the mathematical properties of the protocol. So as far as I'm aware at this stage, there's no other way of creating a tamper proof unstoppable stack. When you boil down blockchain, that's what it's all about, creating compute stacks that are tamper proof unstoppable. If you want them to be, they can be autonomous and so on. The difference with the Internet Computer is it was designed from first principles so there's nothing in the world today that remotely resembles the Internet Computer and so it really can play the role of cloud. There are some limitations. For example, you can actually run AI on the network but only really neural networks. If you want to do facial recognition, you can do that, you can run that on the network. You couldn't run a frontier model on the internet computer. Talking about Caffeine, although Caffeine is building apps on the Internet Computer, the ensemble of AI that's doing the building isn't on the Internet Computer itself.

(15:14) Nathan Labenz:

Gotcha. Okay. Good to know. I had a question on that, and I'll come back to it and dig in a little bit more. When you talk about like tamper proof, does this ultimately kind of rest on a sort of formal verification process? I just did an episode not too long ago, and I'm quite new to this area too on the use of formal methods at, for example, Amazon, where they've done a lot with AWS to ensure and literally prove that you're not going to be able to get outside your container and into your digital neighbor's container within their infrastructure. So is it essentially a similar kind of technique, or what is the basis on which that tamper proof property and claim ultimately rests?

(16:04) Dominic Williams:

It's using a different approach. So what Amazon's doing there is running these containers in an insecure environment, but verifying the software inside the container doesn't do anything naughty. So they're pre validating the software to make sure it doesn't do anything naughty and then only running it if so. The Internet Computer, you can upload anything you like to the Internet Computer you won't be able to break out of the environment and affect the network and other software that's hosted there. And that's because the easiest way of understanding it is, number one, what's a virtual execution environment? When you go to a you use your web browser to look at a website, that website has a whole bunch of JavaScript but there's no way the JavaScript can break out of the web page you're looking at and get onto your machine. It lives in a sandbox. And all of the serverless code on the Internet Computer also lives in this giant virtual execution environment, which is a kind of sandbox. And then the Internet Computer's like replicating computing data across nodes using a mathematical protocol that protects it against what we call Byzantine faults in individual nodes. Even if some of these nodes fall under the control of doctor evil, if you like, and Doctor Evil can arbitrarily modify the data, change, subvert the protocol in any way they see fit and so on, they still can't prevent the cloud functioning completely correctly. If you had software running on the Internet Computer, say for example, was an ecommerce website or something like that, and some of the underlying hardware that creates the Internet Computer became compromised and fell under the control of Doctor Evil, Doctor Evil still couldn't subvert the functioning of your ecommerce website. And for example, in in a next generation ecommerce website where you've been accepting say crypto payments as well as credit card payments and you've got a whole stash of crypto inside the administration console of your ecommerce website, Doctor Evil can't steal it. He can't interrupt the correct functioning of your website, he can't change its logic and behavior, he can't corrupt the data, he can't steal digital assets that are inside of it, and this is made possible by a branch of computing called Byzantine fault tolerant distributed computing. And Byzantine just means arbitrary fault. So once you have a protocol with this property, it can withstand arbitrary faults. And an arbitrary fault just means, basically, Doctor Evil can take control of some of the underlying hardware and just do anything they like, and it still doesn't break the actual platform. And that's why it's possible to run the platform over semi trusted parties and the properties of being the tamper proof property derives from that math. For the average user, whether that's consumer or enterprise, all they know is that they've created this app on the Internet Computer, and they don't need a security team to protect it. You don't need a firewall, you don't need anti malware, etcetera. And you don't need a systems administration team either. Like, it's guaranteed to run. Now, the logic of the app could be bad. There's nothing that the Internet Computer can do about that. But the Internet Computer can guarantee that your app's written logic will run, and only your app's written logic will run, and it will run against your app's correct data, and the modifications of that data will be correct.

(19:38) Nathan Labenz:

Hey. We'll continue our interview in a moment after a word from our sponsors. Want to accelerate software development by 500%? Meet Blitzy, the only autonomous code generation platform with infinite code context. Purpose built for large complex enterprise scale code bases. While other AI coding tools provide snippets of code and struggle with context, Blitzy ingests millions of lines of code and orchestrates thousands of agents that reason for hours to map every line level dependency. With a complete contextual understanding of your code base, Blitzy is ready to be deployed at the beginning of every sprint creating a bespoke agent plan and then autonomously generating enterprise grade premium quality code grounded in a deep understanding of your existing code base, services, and standards. Blitzy's orchestration layer of cooperative agents thinks for hours to days, autonomously planning, building, improving and validating code. It executes spec and test driven development done at the speed of compute. The platform completes more than 80% of the work autonomously, typically weeks to months of work, while providing a clear action plan for the remaining human development. Used for both large scale feature additions and modernization work, Blitzy is the secret weapon for Fortune 500 companies globally. Unlocking 5x engineering velocity and delivering months of engineering work in a matter of days. You can hear directly about Blitzy from other Fortune 500 CTOs on the modern CTO or CIO classified podcasts or meet directly with the Blitzy team by visiting blitzy.com. That's blitzy.com. Schedule a meeting with their AI solutions consultants to discuss enabling an AI native SDLC in your organization today. You're a developer who wants to innovate. Instead, you're stuck fixing bottlenecks and fighting legacy code. MongoDB can help. It's a flexible, unified platform that's built for developers by developers. MongoDB is ACID compliant, enterprise ready, with the capabilities you need to ship AI apps fast. That's why so many of the Fortune 500 trust MongoDB with their most critical workloads. Ready to think outside rows and columns? Start building at mongodb.com/build. That's mongodb.com/build. So let me understand this or help me understand this a little bit better. If I take Bitcoin, for example, as a point of comparison, there's like a Byzantine tolerance there too, right, where I have to if I want to take over the Bitcoin network, need to get to like greater than 50% control to basically reestablish a new consensus. And if I can't do that, then I can't take it over because the majority will continue to agree on consensus and everybody will ignore me. Of course, that's famously based on proof of work. I believe that the process you're running is some variation on proof of stake, although I'm very far from a proof of stake expert, so correct me on that.

(22:48) Dominic Williams:

It's really dangerous to start with traditional blockchains and try and get to the Internet Computer because there's so many differences. What is true is I got into crypto through Bitcoin in 2013. I spent a lot of time trying to unpack Satoshi's reasoning and how the Bitcoin network functions. And I developed an alternative theoretical framework for understanding it and the work progressed from there. The Internet Computer was under development for years before it even was released and developments continued production. And at this point, the protocol, ICP, Internet Computer Protocol, is made orders of magnitude more complicated and relies on mathematics. One way of understanding the relation between the Internet Computer and Bitcoin is that we would really say that Bitcoin's a kind of a special case of an early cloud created by a network and that all where the logic that's the Bitcoin ledger is hard coded. It's autonomous and you can create the same kind of autonomous logic on the Internet Computer if you want. Bitcoin is a kind of decentralized compute platform which has tamper proof, unstoppable, but nonetheless, it's just software that's kind of hard coded into the Bitcoin cloud if you like. And then when people make transactions and create unspent transaction outputs and things like that, you can configure Bitcoin scripts. So you can run custom logic on Bitcoin too. The Internet Computer is a very long way from early networks like Ethereum. And similarly, it's a big misunderstanding that traditional blockchains can be on chain clouds that they can't. They're really just they're really just specialized token databases, and the best way to understand them is thinking about them like that. A transaction is like a signed bit of SQL that you're sending to the token database. And some are specialized to process much higher transaction throughputs like Solana. It does that very successfully. But when someone says something's built on Solana, it's a slightly misleading language. It's not built on Solana. It's built on probably Amazon Web Services and then just has a token on Solana. They're just token databases. Internet Computer is a whole different thing. It's a network that's designed to produce a new kind of cloud environment which hosts a new kind of serverless software. And that is what it turns out is very much ideal for AI to build on.

(25:25) Nathan Labenz:

So how would you describe maybe the other way to come at it would be to I was going to come at it from one way, which is Bitcoin, which is like the most compute intensive and most limited in terms of the programs that it can run. Then you've got Ethereum is less resource intensive, less energy intensive, and able to do more elaborate programs, but still famously, I don't know, they say that all of Ethereum is a couple servers or something. Right? Like, it's still very small in terms of how much

(25:54) Dominic Williams:

Not even. Yeah. Ethereum doesn't scale, and it's like a pocket calculator. Even Solana. Smart contracts are just a special case of network software that is hosted by and runs on the network. But the term smart contract is appropriate because they're so computationally limited. All they can do is move a few numbers around essentially. Like, you can use them to create a DEX, a decentralized exchange, and that might be able to process a handful of transactions a second at the best. But they certainly can't run like an enterprise system or an AI model. Like, it's just chalk and cheese. There's a million miles between a traditional blockchain and the Internet Computer. And because of the architectures and the design direction they've taken, they'll never ever be able to be the Internet Computer or do something similar rather.

(26:47) Nathan Labenz:

So I guess one question is like, maybe let's sketch out kind of a Pareto frontier. Bitcoin is at one extreme of we're relying in the most fundamental way on math. Right? You had to do this difficult computation, and it was hard to do, easy to verify, and that's where the security ultimately rests. But you're so limited in what you can do. And then on the other end, you've got commercial clouds where you can scale anything out and do whatever you want almost without limit, but you have the you're beholden to the cloud provider to continue to serve your business. Right? And you've got know your customer constraints and things that people don't always want to subject themselves to. It seems like you're aiming to be as close as possible to a commercial cloud in terms of the scalability, like how much compute, how much data storage, all these sorts of things. And yet, obviously, you've got to do that in a way where the like, the ratio of overhead to complexity of the app on Bitcoin is like extreme. Right? The ratio of overhead to complexity of the app on AWS is relatively minimal. How should we think about the ratio of the sort of infrastructure overhead to the complexity and scalability of what you can do on the Internet Computer. Sketch out that curve and then maybe tell me like how you got past Ethereum and to the point where you're at.

(28:16) Dominic Williams:

Web 3 is a difficult starting point to understand the Internet Computer because yeah, a lot of Web 3 is really about narratives. The token is the product. And sometimes the technology isn't all that sophisticated. If thinking about Byzantine fault tolerant protocols and so on, in the end, they derive their security by replicating computing data across independent parties. But frankly, a lot of it is like when you hear about like Ethereum Secure because we replicate our data and compute a million times. Is that really necessary? Like how much extra security and resilience do you get by doing that? The reality is not much beyond a point. So the Internet Computer uses something called deterministic decentralization where all of the people called node providers that run this special node hardware register themselves, they do a kind of KYC in public and the network combines nodes that are from different node providers, obviously. Because if you're creating a sub, what we call a subnet, which is like a mini blockchain that integrates with the other mini blockchains to create one environment. If the other nodes in the subnet were all run by the same company, the company would the math wouldn't work, the company could do what they liked. So first of all, it makes sure that the node providers are different, makes sure that the nodes run in different data centers, different physical data centers, it makes sure by default that those data centers are in different geographies and it makes sure those data centers are in different jurisdictions. That's a process called deterministic decentralization. It's very different to what traditional blockchains do. We just have lots and lots of anonymous validators, most of which run on cloud and known as who run them. Oftentimes you'll look at a blockchain like Ethereum and they'll say, well, we've got 500,000 validators that all replicate the same compute and data, which of course is hideously inefficient and this makes it very secure. Cut until you realize that large numbers of these validators and obviously, the voting power's related to the state but in that model, but large numbers of these validators behind the scenes are run by the same whales. You just can't see that because they're anonymous. Bitcoin's great. Like, it's possible, like, I forget. You've got these mining pools, which pool mining power. Possible for 2 or 3 of these mining pools, once only 2 of them to collaborate to break the whole network. By comparison, the Internet Computer takes a much more nuanced approach where it's creating these subnets by combining nodes and it looks at the node provider, it looks at the data center that the machinery is installed in, it looks at the geography where the data center exists and the jurisdiction. And by doing that, it's able to create security and resilience with much less replication. And furthermore, it recognizes that all security exists on a cost curve. If you've got a subnet within the overall network, like the Internet Computer, subnets are transparent within the overall network, but that's how it scales by creating subnets. If you've got a subnet that's, for example, custodying hundreds of millions of dollars worth of Bitcoin, you probably want to have more nodes than if you have a subnet that is just hosting basic business apps. Currently, all the sovereign hardware in the Internet Computer Network runs the protocol within a TEE, a trusted execution environment, actually uses SEV SNP, which is an AMD technology. So even if the node provider were to open their node machines, they'd just find encrypted bytes. That'll be a bit different when there's a new thing called Cloud Engines coming and people will be able to run them over big tech clouds, but the market will decide what people want. At the moment, though, it's just sovereign hardware and everything is running inside of TEE. So point being, and you get down to it, it's just a different kind of way of looking at the world. In the end, networks like Bitcoin, Ethereum, and Solana are all about the token. It's all about tokenization. The product is the token. And all they're aiming to do is create DeFi, Meme Coin platforms, NFT platforms, that kind of thing, where lots of trading of these digital assets takes place. Circling back to Caffeine, people are building on the Internet Computer because that's a way to get great results. Like, I'd say 98% plus of Caffeine users are completely unaware that Caffeine is creating their apps on a network. They're probably happy that their app is secure and it's resilient and so on, but they're unaware that they're building on the Internet Computer. They're using Caffeine because it delivers utility to them. There's not a speculative dimension. There's no token involved. They're just doing it because the wish machine grants their wishes and creates and updates their wonderful apps, and those apps are secure and updates don't lose data and things like that. So when we think about the target market for the Internet Computer now as we we very much just look at the mass market. Whereas Bitcoin, Ethereum, and Solana, you know, targeting participants in the web 3 market who are interested in token speculation, basically. (33:26) Nathan Labenz: Hey. We'll continue our interview in a moment after a word from our sponsors. Your IT team wastes half their day on repetitive tickets. Password resets, access requests, onboarding, all pulling them away from meaningful work. With Servl, you can cut help desk tickets by more than 50%. While legacy players are bolting AI onto decades old systems, Servl allows your IT team to describe what they need in plain English and then writes automations in seconds. As someone who does AI consulting for a number of different companies, I've seen firsthand how painful and costly manual provisioning can be. It often takes a week or more before I can start actual work. If only the companies I work with were using Servl, I'd be productive from day 1. Servl powers the fastest growing companies in the world like Perplexity, Verkada, Merkor, and Clay. And Servl guarantees 50% help desk automation by week 4 of your free pilot. So get your team out of the help desk and back to the work they enjoy. Book your free pilot at serval.com/cognitive. That's serval.com/cognitive.

(34:39) Nathan Labenz: The worst thing about automation is how often it breaks. You build a structured workflow, carefully map every field from step to step, and it works in testing. But when real data hits or something unexpected happens, the whole thing fails. What started as a time saver is now a fire you have to put out. Tasklet is different. It's an AI agent that runs 24/7. Just describe what you want in plain English. Send a daily briefing, triage support emails, or update your CRM. And whatever it is, Tasklet figures out how to make it happen. Tasklet connects to more than 3,000 business tools out of the box, plus any API or MCP server. Can even use a computer to handle anything that can't be done programmatically. Unlike ChatGPT, Tasklet actually does the work for you. And unlike traditional automation software, it just works. No flowchart, no tedious setup, no knowledge silos where only 1 person understands how it works. Listen to my full interview with Tasklet founder and CEO, Andrew Lee. Try Tasklet for free at tasklet.ai, and use code cog rev to get 50% off your first month of any paid plan. That's code cogrev at tasklet.ai. So it's interesting that you say that most people don't even know because I was gonna ask, it's it's still intuitively feels like there would be more replication overhead with a structure like this versus a commercial cloud. When I think about, like, why do I trust Amazon if they're gonna do a good job and they hopefully have good systems in place to not have things blow up and also not have people sabotage their own systems. But 1 problem they don't have is that no region of AWS is gonna decide, you know what, I'm out. Whereas it seems like with the structure that you have with the Internet Computer, your node providers are all free to go at any time, right, or at least roughly speaking. So how can they how do if I'm running an app on the system, how do I know like, you have to replicate my data across, multiple node providers at a minimum. Right? And then I would start to ask paranoid questions like, okay. Sure. So 1 of those node providers goes away. I'm fine. What if 2 go away? Like, how many times am I replicated? What if 3 go away? How many go away before I start to have problems? And does that create overhead relative to AWS?

(36:56) Dominic Williams: Well, again, it just doesn't work like a normal blockchain. If you're a node provider, it's not proof of stake. So to participate, you first of all register with the network with the network's governance system called the Network Nervous System, which is fully autonomous. So that actually administers and orchestrates the entire network. So it's like ICANN for the Internet, but it's fully autonomous and very sophisticated thing. So you go, you register, you get a node provider ID, and then you will have to get these node machines. Typically, you just get them built to order because there are various people that will build them to what's known as current spec is Gen 2. And then you'll install those node machines in a data center or data centers, then you'll have to register those node machines and they go into the pool of the network and so on. So the network, once you're allowed to add nodes, because obviously the network wants to manage the available capacity, there's no point having 1,000,000 nodes if it's not being used. Once you've got nodes into the network, we'll pay you in constant fiat terms. You will get money that covers your hosting costs, the capital depreciation and so on with room for with a multiplier that gives you profit. So there'd be no reason for you just to switch it off because it would be profitable, and you're not subject to the volatility of a token price or anything like that. You're just getting paid in constant terms. And so there's no reason why you would switch your nodes off. It would be pointless. And if you were gonna do that, you could decommission them. But anyway, the network is fault tolerant. So if somebody did just arbitrarily turn their nodes off, the network is organized in such a way that this would have no negative effect on it whatsoever and the Network Nervous System which orchestrates the network would just there's a pool of spare nodes which just assign 1 of the spare nodes to the subnet that has a space. Simple as that. And that new node would catch up with the subnet and become an active node. So in practice, this isn't something that could happen because of the way it's designed. So you don't have to worry about that when you're building on the Internet Computer. The Internet Computer has never had any downtime. Nobody building on it has ever been hacked through some kind of traditional cybersecurity hack. It's extremely reliable. Now the other interesting point you raised is doesn't this replication cost a lot of money? And what I can tell you is that I believe that this architecture is actually much more efficient than traditional tech with respect to replication. So the Internet Computer uses the replication of compute and data in an intelligent way to derive properties like making the platform and hosted apps tamper proof, unstoppable, autonomous and things like that. But it's a kind of it's a mixture. It's like each subnet is a symmetric cluster if you like which is fault tolerant but it's also you're creating something that looks like a centralized compute platform that runs entirely on the edge. Right? So 1 of the new technologies coming is called Cloud Engines which enables people to create their own subnet. And within the under the auspices of the Network Nervous System, you can select nodes wherever you like as long as these deterministic decentralization rules remain in force. And for example, you could say, oh, a lot of our user base is in Asia, so I'm gonna add more nodes in Asia. And that means that users can gain access to this single globally consistent state and compute results locally and get very good performance. Now with respect to what does this mean for cost, actually traditional tech involves a huge amount of replication. So think about a database. If you wanna make a database resilient, probably you're gonna run a master slave configuration. You've got a master and you're gonna have several slaves. Data is obviously replicated between the master and the slaves. Every slave has a complete copy of the data on the master. That database will have an event log and the event log will have a copy of the data of transactions that are taking place and including relevant data. There's an index file and a data file and the index file replicates data that's in the data file. When you get down to it, there's a lot of replication in traditional tech stacks. Internet Computer has variable replication subject to deterministic decentralization as I mentioned, and security is on a cost curve. I think for this year, there's a major pivot into mainstream cloud computing. I think the magic replication number in that realm is gonna be 7. These Cloud Engines will replicate compute and data 7 times. They may increase that for CDN like purposes to scale queries and things like that, but I think the default for most enterprise systems will be 7. I think that compares very favorably to traditional tech. The difference is traditional tech does all this replication in a very ad hoc way that doesn't provide any sort of seminal benefits. The Internet Computer does replication in a way that gives you these properties of being tamper proof and unstoppable and so on and those things are very valuable. And actually these systems can coexist side by side. I think 1 of the other things that's coming this year is that the Internet Computer will run over big tech clouds and I think you'll see that big tech clouds promote these things called Cloud Engines. For example, you'll be able to if that's what you wanna do, you'll be able to run on Amazon in a serverless way but be immune to Amazon Web Services data center failures. So for example, I think the last outage to Amazon data centers failed, but if you had a Cloud Engine replicated where the underlying nodes were running in different Amazon data centers, 7 different Amazon data centers, you'd continue running without a hitch when Amazon had that last outage. So I think there's a lot of I'm gonna see a lot of demand for that this year. But the additional benefit is that environment is exactly what you need when you've got AI, gigantic AI basically playing the role of a fully automated tech team. Because the whole thing with self writing is you just tell the AI what you need. You instruct it. It's a wish machine. You can instruct it in natural language over chat. You can upload requirements documents and so on, and it just says, here you are. I've created it. Here's a URL. And you can start using that and you can put data into the app, but you can continue updating it safely in production. You can tell the AI, hey, please change the way this works or add that feature and it'll just say refresh the URL and there'll be the changes you asked for. But that iterative process of improving what you've got in production is safe. You get a guarantee from the platform that upgrades and the migrations that are involved will never cause data loss. And so in actual fact, when you look at Caffeine, there's a whole lot of other technologies. So there's a language called Motoko which is the first language that's ever been developed specifically for use by AI. And it does a lot of cool things. It increases abstraction in a way that fuels the modeling power of AI. It has this thing called orthogonal persistence where the program is the database itself. So traditional tech stack, you've got the program and you've got the database. Right? And your logic is constantly marshaling data in and out of a database. On the Internet Computer, it's almost like your code runs in persistent memory, if that makes sense. So if you build an app with Caffeine and then look at the back end Motoko files, you'll notice there's no database involved. There are no files involved. It's just pure programming abstractions, and the data lives in the logic. This is actually a huge advance and 1 of the key purposes of the Internet Computer. And then that functionality which turns out fuels the modeling power of AI we leaned into that with Caffeine. So basically, Motoko ended up moving into Caffeine and then the Motoko language team and Caffeine's AI team work hand in glove together. Like, it's a very close collaboration and they're constantly improving the language, make it better for purpose and then retraining the AI agent that writes the back end.

(45:33) Nathan Labenz: So I understand the relationship between the node providers and the network as a whole is a relatively straightforward commercial 1 where they provide resources, they get paid to provide resources. And it's not they don't have a proof of stake or anything too wonky.

(45:52) Dominic Williams: And by the way, it's simple. These node providers have to buy these machines. Gen 2 machines are expensive. They cost about $20,000. Actually, maybe even more now because the price of memory is going up thanks to the AI boom. And they typically sign up for hosting relationships with the data centers. They rent racks and so on. If they're not performing for some reason, the network slashes them. So the network is monitoring the performance of all the nodes, and if it finds nodes that, for example, are falling behind or for whatever reason are offline or not functioning properly, it can actually knock them off the network.

(46:29) Nathan Labenz: Is there anything that we should know about the requirements of those nodes that is particularly consequentially different from my standard computers that I might go buy or rent?

(46:43) Dominic Williams: Totally. So for example, in the early days of Google and still now, they quickly realized that they get better performance and better bang for their buck if they create their own servers. And so the Internet Computer takes the same approach. There's no need for example, if you spec a server machine, typically, in normal enterprise usage, it'll have something called a RAID array. You have an array of disks which you can see, there's the lights flashing on the front of a blade server. Right? And the reason you use a RAID array is if 1 of the disks fails because the data has been replicated across the different disks, it keeps on working. Your storage system keeps on working. If you think about the Internet Computer though, that's not needed because the network is designed specifically so that if a node fails or nodes fail, the network keeps on running and all of the apps that it hosts keep on running without a hitch. For example, there's no need for Internet Computer node machines to have a RAID array. You can even get away with a second redundant power supply. Right? Because the redundancy's in the network. However, there's a focus on memory. They have a lot of memory and some of it is nonvolatile RAM and things like that. So Gen 2 node machines are designed specifically for purpose. And also remember that you can only combine nodes in a subnet that have the same specification. Otherwise, some might fall behind. Right? So subnets are essentially symmetric clusters for compute, and it's important that all of the participants in that symmetric compute have the same hardware specs. The way that's been solved is people have proposed node machine specifications to the Network Nervous System and then node providers just build to that spec. And so they over index on some expensive things like non volatile RAM and otherwise do without things like reliability features like RAID arrays and backup power adapters and things like that. And that's how it's worked so far, but the big change coming in '26 this year is that people will be able to create their own node specifications and group together in associations and more people will be able to create a Cloud Engine and actually go and sell that enterprise themselves and that Cloud Engine will use their node provider association's nodes, and that's why they'll be able to define their own node machine specifications. And indeed, it'll be possible to create these Cloud Engines that run over big tech clouds. So instead of using sovereign hardware as it's all today, it's all sovereign hardware. This year, you're gonna see the Internet Computer running over big tech clouds too, cloud on cloud. And we think it's gonna be hugely popular because people will be able to say for example, you're a longtime Amazon customer, you probably wanna continue feeling that Amazon's providing your compute capacity and you'll be able to create a Cloud Engine over Amazon's different data centers and now you'll be able to create apps from this sort of super productive serverless code that is tamper proof so you don't need traditional cyber security protections. It's immune to traditional cyber security attacks. It's unstoppable. It's guaranteed to run. There's no backdoor. Autonomy means in the scope of enterprise systems because there's no backdoor, you can use some kind of governance system so that responsibility for upgrading your app for example is split amongst multiple people. It's, of course, web 3 native, so if you want to process tokens on any blockchain, you can. I think in the future, people are gonna use these things to create ecommerce websites that can not only accept credit card payments but also stablecoins and things like that. And, yeah, I think that's gonna prove to be really popular.

(50:38) Nathan Labenz: So that helps me understand how I don't have to worry about nodes going away on me too much. But then it seems like and I know the word trust is so overloaded in these contexts, but it seems like I, as somebody who wants to deploy an app on the Internet Computer, then I have to ultimately put a lot of trust into the Network Nervous System. So you said that is what's that?

(51:03) Dominic Williams: Sure. That's right. A Network Nervous System, if it wanted to, could push upgrades to the ICP protocol that caused every node to delete its own data. Right? So all the data on the Internet Computer would disappear in a puff of smoke.

(51:17) Nathan Labenz: So how is that secured? You said that it's autonomous. So now we get into the decentralized there's gotta be some sort of consensus mechanism or what grounds that out to where I know that it's gonna do what it's supposed to do?

(51:34) Dominic Williams: Firstly, autonomous, I think, is also gonna be a big thing outside of the web 3 system. Within the enterprise realm, it allows you to divide responsibility between multiple parties. So if you think about enterprise hacks, oftentimes they're caused by an insider. So you get a disgruntled employee who posts a username and password on the 4chan forum, something like that. Right? So autonomy within the enterprise realm allows you to prevent that kind of thing happening because you have code that cannot be directly controlled by an individual. There's no backdoor. Only a governance system which splits responsibility amongst multiple parties can be used to update the software, say. But the Internet Computer network is, if you like, administered, upgraded, orchestrated, and governed in various other ways too by this thing called the Network Nervous System. And essentially, it plays a role it's a bit like the ICANN of the Internet Computer. But ICANN, of course, is an organization. It's a centralized entity. So the Internet Computer is able to because the Internet exists and it's able to run this overlay network, it's able to go further. And the Network Nervous System is a very sophisticated thing and it's designed in such a way that it can decide on proposals that are submitted to it in a secure way. So I think by now, if you go to dashboard.internetcomputer.org and go to the proposals page, in the last 4 and a half years since the network's been running, it's processed thousands and thousands of proposals. What I can tell you is it's never ever adopted a bad proposal. And that's important because actually those proposals are executed by the network many times completely automatically. So for example, if you propose an upgrade to the ICP protocol with an accompanying binary if you like that will be run on these nodes, if that proposal is adopted, all of the nodes will upgrade their logic to this by using this binary. Now in practice, it'd be impossible for an attacker to overcome this. So typically what happens is first, there's a proposal that blesses the binary and then once the binary is blessed, then there are other proposals that upgrade the nodes subnet by subnet and so on. But truth be told, there are many expert eyes who hold a lot of voting power, many different groups of experts who hold a lot of voting power who are looking at these things carefully before voting. And it's a kind of liquid democracy system. A lot of people follow the experts in the space and it has a lot of clever features like something called Wait for Quiet. This was all proposed actually back in 2016, late 2016, early 2017 from learnings of this thing called the DAO, which is a DAO that got hacked on Ethereum. But Wait for Quiet basically means that if you've got voting on a proposal and it might be adopting in the lead or it might be rejecting in the lead. But if the leader changes, then the amount of time for voting is extended. So there's a whole bunch of these kinds of mechanisms that essentially prevent, make it overwhelmingly unlikely that the Internet Computer's Network Nervous System would adopt a technical automatically executed technical proposal that would harm the network. And indeed, that's never happened or even come close to happening. It's a public governance system. You can participate in Network Nervous System governance too. So the fact that it's completely open and yet it has this property that it's overwhelmingly unlikely to decide on a destructive to adopt a destructive proposal is extraordinary.

(55:27) Nathan Labenz: And this is where the more complicated incentive system sits. Right? What I understand from your answer there is that we have human security and computing network experts who are also invested in the token mechanism that is used to determine the voting structure of how updates to the system get made and their incentives are to obviously keep the thing valuable because they're invested in it. It's in virtue of being invested that they are both incentivized to keep it working and that they have the voting power in the first place.

(56:09) Dominic Williams: So, actually, in excess of 75% of the ICP tokens that are staked inside the Network Nervous System are locked for 8 years. They're locked for 8 years. People can get rewards by locking up tokens in the governance system, but the rewards scale as you lock them up for longer. But because of the time frames people are locking these tokens up for, they think in a very long term way. If your tokens are locked up for 8 years and enough of you end up voting for a stupid proposal that harms the network and devalues it, there's no way you can quickly get your tokens back and sell them to front run the damage. You're locked up for 8 years. You've gotta think in a very long term way. And just that kind of thing combined with algorithms that very deliberately create sort of game theoretic incentives to align people in the direction of voting for sensible things basically means you need a lot of different independent parties to forget about their financial incentives and go insane for the Network Nervous System to adopt a destructive proposal. I think at the moment, there's on the order of a billion dollars or something locked up in that thing. A lot of capital at stake.

(57:27) Nathan Labenz: Yeah. And where does that run? Does that in turn run on nodes? Is it managing that way?

(57:36) Dominic Williams: Yeah. Totally. The Network Nervous System is just a sort of privileged software if you like that runs on top of the network. It actually runs on a special subnet. Remember on the Internet Computer, it doesn't matter which subnet your software is hosted on. It can directly interact with other software. If I create some software and you create some software, if permissions are allowing, my software can call functions in your software. So it genuinely creates this single seamless universe for serverless software. But the individual units of software are running across different subnets that are transparent to them. The Network Nervous System runs on a special subnet which has I think it has about 50 nodes. So you're talking about 50 powerful machines run by 50 different node providers in probably 50 different data centers and different geographies and different jurisdictions. So it's very hard to attack. It's very robust thing. And it's very carefully managed because if the Network Nervous System breaks, then the network can't upgrade itself anymore. Right? Because all of the upgrades of the network and the orchestration of the network is performed by the Network Nervous System. So of course, people are very careful when they propose updates to the Network Nervous System. But even if that happens, you can coordinate node providers to create a fix. So it actually happened just once about a month or 3 weeks after the network launched in May '21, the Network Nervous System actually did break. And the way that was resolved actually was just from the foundation and other people just getting online with node providers and coordinating action and creating some software that they could run on their nodes to fix the problem and then it was up and running again. But that only happened once at the beginning. It's run without a hitch for 4 and a half years.

(59:33) Nathan Labenz: I wanna get a little more just very practical on some of those details because they're quite different and quite interesting, but I can't say I fully understand them. 1 comment that you made earlier is that the inference that is doing the code gen is not happening on nodes for reasons that I don't quite understand. So I'd like to understand that a little bit better. Then I also wanna understand better why a new language. Most of the, if anything so far, I would say the effects of AI on programming have been to narrow the range of languages people use because it's a compounding effects dynamic where JavaScript and Python have so much training data that they work better and then you want to use them more and then of course there's even more training data next time. So you've gone quite a different direction there. I'm interested to hear how that decision was made and also what implications that has had for the process of teaching a model to

(01:00:48) Dominic Williams: Yeah.

(01:00:49) Nathan Labenz: code in that language.

(01:00:51) Dominic Williams: (01:09:51) Nathan Labenz: So looking at Motoko code, what I tried to do, and I didn't get quite as far as publishing an app, but I used Caffeine to create an app that is meant to tell you what variety or varietal, I should say, of various fruits are in the supermarket at any given time. But anyway, now I'm looking at the Motoko file. It looks a lot like JavaScript. How is it different? And I guess, am I correct in understanding that basically you're doing a, like this reminds me of that benchmark learning to speak a new language. I forget exactly what it's called, there's a concept of learning to speak a new language just from one book where they take a rare language and the benchmark is, like, how well can the AI translate texts into that language just based on this, like, one manual? And it's presumably seemed like nothing in its pre-training. So it sounds like a similar kind of setup there where you must have some big prompt that's this is how this language differs from JavaScript, like you can assume all the same things of JavaScript except for these core things. Is that kind of how it works?

(01:10:58) Dominic Williams: Remember that it's really good at linguistic synthesis. And the reason they're able to reason, separate to chain of thought reasoning, is essentially that word embedded language contains concepts. Language carries concepts and so it sees these kind of conceptual patterns in word embeddings and then through doing this linguistic synthesis, it does something resembling reasoning. And that's without chain of thought reasoning. There are patterns in programming language design and that means that AI can be quite quick to understand, can understand Motoko quite quickly because you're right. There are some similarities with things like JavaScript. I'll come back to that. So yeah, we don't actually there's no system prompt. There's no oh, there is, of course, a system prompt, it's a tiny thing. It's actually just do fine tuning currently. So there's a big database of Motoko examples and we use that to fine tune the model that is writing Motoko. Of course, that's a hassle because, like I mentioned, like, the Motoko language team and the AI team work hand in glove very closely together, and Motoko is constantly being upgraded, improved for purpose. And so every time we change Motoko, we have to, like, you know, change all the training data and do the fine tuning again. I think that there's a chance with, you know, with a more agentic model and skills files and things like that because Motoko in some ways is like anyone who's pretty much any programmer can look at Motoko and quickly get to grips with it. And that's by design. It's a fantastic platform. And on the one hand, Motoko is delivering this orthogonal persistence paradigm where it just looks like your code runs forever in persistent memory and your data just lives in your variables and your data abstractions, your collections, and things like that. So it's just pure abstraction. On the other hand and that's leverage. On the other hand, it's like a DSL and that's how it's able to provide orthogonal persistence, also other things. It's designed for the Internet Computer environment. On the other hand, it's designed to exploit some of the advantages of WebAssembly. And on the other hand, it's very much focused on force multiplying AI that's coding back ends. But, yeah, it does it's designed it was designed from the inception to be something that anyone who's done a bit of programming can really quickly get to grips with. To try to provide an easy on-ramp.

(01:13:27) Nathan Labenz: So when I'm looking at a Motoko file here and I've got my like type fruit, module fruit, so on and so forth, those things are in terms of the application layer coding, that's as deep as I need to go to define the back end like everything else is handled under the hood?

(01:13:47) Dominic Williams: It's pure abstraction. You store data in your collections, a map for example or something like that, like a map collection. There's no need to store it in files or databases. It's almost your back end is running in persistent memory, which it is actually. And so you don't there's no chance that it's the Internet Computer. The Internet Computer doesn't crash and reboot. So there's no chance that your memory is gonna get wiped. But if you think about how traditional software works, let's say you've got like a back end server running on a traditional tech stack. You could try and do something akin to orthogonal persistence and keep all your data in the variables and data collections and so on. But the trouble is if someone if that server crashes, all the data is gonna be lost. It's gonna disappear. Or if somebody reboots the machine, all the data is gonna be lost. So what you do is you typically marshal the data in and out of a database. So with a traditional on a with a traditional tech stack, you've you've got a program, you've a database and there's separate things. And the program, yeah, sure has local copies of data in its variables and so on, but essentially whenever it updates the data, it has to copy it into a database for safekeeping, and the database writes it to disk. And so it's marshaling it into the database by a connection pool or something like that, and then when it needs data, it's pulling it from the database with a query and demarshaling it, doing something with it. And that's actually the source of a lot of complexity and boilerplate. So boilerplate because you've got a connection pool and things like that, all the associated your coders to maintain that. But also complexity because you have things like you have two different web pages that are sending updates to database and there's like a race condition involved and things like that. All of that is dealt for you dealt with all of that goes away in this framework. So updates happen according it's an actor model. There's only one thread within each actor that's actually updating data at any moment. And if you like, like memory's updated by transactions. And if there's an unexpected exception, any changes that we made to memory are rolled back. It's creating this highly abstract environment with other things like transactional memory updates that basically just massively simplify back end logic. If you like the program and database are one now, and normally the program and database are different things. Now the program is the database. And in fact, one of the cool features that's coming is a data explorer. And this will help, I think, people from used to coding on traditional stacks a lot because you know how, like, with a database, you can open a database administrator and you can browse the tables. And there's a box up the top where you can enter some SQL and you can press play and it'll run the query. Basically, you're gonna get something very similar for your canister where for a Motoko canister where you can press a data explore button in your control panel and it will show you the graph, your data graph, which has been created by your programming abstractions. And you'll be able to browse that data graph, and you're going to be able to put an OQL object query language query in, which could be very simple. It could just be like a file path that filters that graph and see that the data listed. So that I think with that feature that hopefully we'll have in the next few weeks, it'll become clear to people now the program is the database. And this is a huge advance actually. I think once we've got to that place, we're gonna really start like again, on Hacker News and places like that and try to get people excited about orthogonal persistence because it's a huge inventive leap in itself, and it provides obvious advantages. The challenge, of course, is explaining how it works because on the one hand, it's ironic. On the one hand, it provides this huge enables huge simplification of software, backend software, but the actual computer science that makes it possible is quite complicated. But I would the the data explore button is definitely gonna help people be able to press the data explore button, see the graph of data inside their program, browse that graph, enter OQL queries to narrow the data that that they're looking at, and they'll be able to, like, interact with their app, like, via the web interface, say, and they'll be able to look in the data explorer and see that data in the graph getting updated. And I think that's gonna help people with the moment. Wow. This is actually something completely revolutionary. Like, previously, we had a program and a database, and now we just have the program is the database. Which also, if you're wondering about efficiency, does it improve efficiency? Yes. Enormously. Because you get rid of the need to, like, marshal data in and out of a database. Like, the data exists essentially in symmetrically replicated compute nodes, like programs so much. There's no indirection. Like, logic is directly only needs to directly interact with the data in memory. No longer necessary to take that data in memory and marshal it across a connection to a database or marshal it back. That's gone. It's way more efficient.

(01:18:52) Nathan Labenz: So it's right to think of the whole thing as the whole back end as a distributed memcache kind of a structure or like a Redis. Like, I'm gathering it is primarily in memory and

(01:19:04) Dominic Williams: It's

(01:19:05) Nathan Labenz: disk plays much less of a role.

(01:19:07) Dominic Williams: It's like the program is the database. Now the program is the database and there are massive advantages to that. And the reason people haven't done it before is actually it's really difficult. There's a lot of things you have to have in place to make this work. And you can think of, for example, creating a platform that doesn't reboot because it's a virtual execution environment inside a network protocol that's fault tolerant. These are nontrivial things, and then you can build on that to create a system. And that's what actually I saw and set out in 2015, really got going with it. In 2016, raising money. February 2017, raised more money in 2018. It's a huge job. And the orthogonal persistence today is really in a very nice state now. It's pretty complete. The implementation's pretty complete. We started developing Motoko in 2018 and there were many debates about how orthogonal persistence should work and how it can be realized. And it took a long time. Like, it was a nontrivial thing. And DFINITY really ran in a mode of a research sort of institute for many years which had advantages and disadvantages. I think it meant we were able to make a lot of incredible technical achievements, but we didn't really productize what we were creating. Now, DFINITY is changing mode very rapidly into what we call DFINITY 2, which is becoming more of a tech venture again and is now focusing very heavily on productization. And Caffeine, like, is a spin out venture that's part of that effort that basically connects the Internet Computer to the mass market via AI. And it's a huge opportunity for the Internet Computer because adoption is very much gated by network effects and tech. Right? If you're just talking to a traditional end developer and persuading them to stop developing on the traditional tech stack and start building on the Internet Computer, tough job because, yeah, the developer's gonna say, I spent the last 10 years learning Amazon Web Services, Node.js, and Postgres, and I don't wanna have to learn something else now. There's a huge competitive moat. There's a huge competitive moat around traditional tech. That's extremely would be extremely difficult for the Internet Computer to overcome despite its manifest achievements. AI is completely changing that calculus because whereas in the past, the owner of an application would talk to a tech team and say, want you to build me this. And then the tech team would go and say, yeah, we're gonna do this for you. It's gonna take this long. It's gonna cost you this much. And we're gonna do it on Amazon Web Services with Node and Postgres or whatever it is. And then we all know how that works out and the frustrations of all, so on and so forth. In the future, ever increasingly so as AI advances and the platforms AI uses to build advance, the ultimate owner of these applications, you know, enterprise application, e-commerce website, social media, whatever it is, isn't gonna talk to a tech team or hire you know, whether that's hired or an agency. They're gonna talk to the AI, and the AI is gonna be a wish machine. And they're gonna literally just tell the AI directly what it is they want and the AI is gonna give it to them. And when they need to update it, they're gonna tell the AI how they wanna update it, change it, add features to it, whatever. And the AI is gonna be a wish machine again and just update that app on the URL. And that's going to liberate them from the difficulty of dealing with a team of engineers. It's gonna give them extraordinary cost savings, extraordinary time savings, make them themselves essentially become the developers. How are they gonna decide which self-writing platform they wanna build on? They're gonna care, can the AI grant my wish? Is this wish machine gonna deliver what I'm asking for? Is this app? This app looks great. It's functionally correct. But is this secure? Because I haven't got a security team. Like, they're gonna care about that. They're gonna care, is it resilient? I haven't got an administration team. They're gonna care, is there a chance I'm using this thing that I wished for and you gave me in production. And then I make an update later on and somehow some of my data goes missing. The criteria they're gonna care about. So all of a sudden that moat that protects both traditional tech stacks and actually SaaS services is dissolving. And I think it's gonna be extraordinarily disruptive. That change is gonna be extraordinarily disruptive because all of a sudden you're gonna these self-writing cloud platforms are going to be able to eat not only into the foundational, the platform layer of the cloud market, but also into the SaaS layer. Cloud was a trillion dollar revenue industry last year in '25. I think 400 billion of that is the platform layer, 140 billion is Amazon Web Services, and the rest is SaaS and AI and stuff like that. And self-writing cloud addresses the entire pie. And that pie is predicted to grow to 2 trillion by 2030. And what's so exciting is that all of a sudden, like, the customer's changing. Previously, the customer the ultimate customer was the person who's commissioning the developer or hiring the developer to build the app or service, but it was the developer that chose the stack. Like, the developer would choose the cloud and the platform components they used to assemble what's been requested, like web servers, databases, all that stuff. In the future, if you like, the person choosing the stack changes. Now it's the ultimate owner of the app or service, and they're choosing according to different criteria. They wanna know is my can the AI grant my wish? Is it secure? Is it resilient? Is there any chance that AI can make a mistake and cause my data to be lost? And so all of a sudden, like, those network effects that create a moat around traditional tech are dissolving. And, of course, AI is getting smarter and smarter all the time. That's not gonna stop. And the frameworks within which the AI work are getting better and better. For example, you can see a huge leap when you put large language models in an agentic framework versus just having giving them a project and the entire project is input context and now create some output files. The moment you break work down and you create an agentic ensemble where you've got, like, a planner and task managers and test unit writers and back end coders and front end coders, so on. You just see these huge leaps in ability. That's gonna make them get smarter. And, of course, in case of Caffeine, not only are you benefiting from improvements in the models themselves in the agentic framework, I mentioned in the next few weeks, like Caffeine 2 engine's coming out, which is fully agentic, but also in the back end framework, like how can you design that back end framework to force multiply that agentic ensemble, enable, first of all, provide guardrails that mistakes can't lose data for example during updates, but also enable it, fuel the modeling power of the AI by creating greater abstraction, simplifying back end logic so less tokens are involved, the ensemble can create the code faster and at less cost. Let you put all that together. Like, this train's moving pretty quick. Like, Caffeine's got an enormous way to go. And if you look at Caffeine in a few weeks, you'll see that it's gone it's taken another giant leap. I think we first demonstrated it in June last year. If you compare Caffeine then to now, you can see there's just been huge progress. And probably that progress will double in the next few weeks. And I don't think that's gonna stop. So automated tech teams are just gonna get better and better. And as far as self-writing cloud is concerned where you've got a fully automated tech team building on a platform that's specialized for AI, it's just gonna keep on getting more scope of what you can do will just keep expanding. And eventually, we're gonna get to a place where people are gonna say, maybe I don't need this SaaS service. I don't need like, Salesforce consultants and things like that. I'm just gonna talk to the AI, and it's gonna create stuff for me on demand. It's gonna grant my wishes, and it's gonna be disruptive. And also, I should mention, we've got a product under development called Caffeine Snorkel. It won't be out for a long time because we've got other priorities. But Caffeine Snorkel you basically install Caffeine Snorkel on your laptop, and this means that Caffeine in the web browser can inspect things on your local network behind the firewall. So if you're a company with a bunch of legacy systems, it can inspect the database and look at the metadata and use that information to create a new replacement system and even migrate data for you. So in the future, like, people are gonna be able to use platforms like Caffeine to replace their legacy infrastructure. And there are just millions of companies across the world that are locked into legacy infrastructure and are desperate to escape. They just don't have the money and time to migrate off it. But AI is gonna solve that problem. I can't tell you if that's gonna be this year or next year but it's soon. It's not. Like, that's in the tangible future, near term future. So when you see I've done a lot of things in tech in my time, but I have spent time in the enterprise software space and I have seen how many corporations by now, it's even worse in smaller SMEs and these companies get stuck on legacy infrastructure that they hate. It doesn't work properly but their data's inside of it and it's just too expensive and too difficult for them to migrate off. But they're desperate to. They'd love to. And self-writing is gonna provide them with a solution because the self-writing platform will be able to look at their legacy infrastructure IT infrastructure and literally create its replacement and migrate the data and probably there'll be it'll need some human help but it'll be whereas it's practically impossible now, it'll become eminently doable and people, I think, will jump at the chance.

(01:29:08) Nathan Labenz: Yeah. It's crazy how fast that's happening. I've got the apps Vibe coded for Christmas presents for my family members to prove it too.

(01:29:16) Dominic Williams: By the way, the other thing there you talk about apps for managing Christmas presents and stuff. We're gonna see this paradigm is gonna create new paradigms, new online functionality paradigm. For example, one of the things I think we're gonna see is hyperlocal social media becoming a big thing at some point. People are gonna still use these public social media platforms like Instagram and TikTok and so on because they have their own unique advantages and they're kind of global social spaces. But in addition to that, we're gonna see a new kind of social media layer that's hyperlocal. So for example, people might create their own social network for their family, their extended family, or their friend group, or community. And these social networks will obviously be free of advertising and free of predators and things like that, which might be attractive to families who've young kids. But also they'll have features that you don't get in public social networks. A family might say we've got an elderly grandparent that's lonely and let's create a roster to make sure that at least one grandchild goes around and visits them a week. If you have like a photo gallery, you can do things with that you can't do in a public social network. So you can imagine that there'll be a feature that allows like overlay emoji reactions. So let's say there's a video in the gallery of the father dad dancing when he's drunk at a barbecue. Maybe the daughter like sticks some crazy emoji reaction right over the top of it. Like, obviously, you couldn't do that on Instagram. You couldn't have people, like, sticky emoji reactions over your pictures. But in a hyperlocal social network, you can. And these things will get built out and people will develop through platforms like Caffeine different modules that you something that's coming with Caffeine is app marketplace and anybody's gonna be able to publish the stuff they create there. And so you'll be able to pull not just application templates to start by remixing but modules. And people will like create these social networks from a mixture of modules, things they create from scratch and they'll also be able to integrate networks with other networks and things like that. And we're gonna get this new hyperlocal social media layer that services families and friend groups and communities. So that's a completely new paradigm. And without self-writing, it wouldn't be possible. For example, it could be a 15 year old kid or someone even younger that creates hyperlocal social network for their family or extended family. Obviously, they're not capable themselves of, like, programming. They're not programmers, not developers, and not systems administrators. Like, without self-writing, that would be impossible. So we're gonna see a lot of changes. We're gonna see new things emerge. We're also gonna see self-writing really catalyze, I think, the business environment because not only will people be able to get, like, internal tools that they really need but would otherwise be too expensive to create, they're also gonna be able to migrate and fix their legacy IT infrastructure that's causing them problems. And of course, in the developing world, they have a huge shortage of IT infrastructure. And they have a shortage of the developers needed to create the stuff. And even when they can build the stuff, they don't have the security people to keep it secure. So I think it was last year I'm losing track. Like, Indonesia, like, 300 different government systems got hacked in one I wasn't some

(01:32:32) Nathan Labenz: Last month or two?

(01:32:34) Dominic Williams: No. No. I got

(01:32:35) Nathan Labenz: fire at a data center and, like, a massive amount of government data was as far I don't know if there's been an update to this story, if they found another copy somewhere, but it was, like, massive data loss due to failure to replicate basically at the national state level of South Korea. Pretty crazy.

(01:32:57) Dominic Williams: In the past I've seen so many of those kinds of things where for example, I think that you'll have a really large company with a really important system that's running out of some data center. And one of the services that data center offers is backup. But what they don't realize is that that backup's being made onto a tape machine that's inside the data center. So if you have a fire, your backup disappears. I've seen that happen several times. So if circling back to the Internet Computer and what inspired it, that was more like the kind of thing because I spent so long so much of my life in the tech industry and coding from a young age, 45. They're solving these kind of problems. To me, it's very important. I think there are 8 billion people on the planet today. And the truth is if there wasn't this huge degree of computerization, that population could not be supported and kept alive. Like, computers need to run these extraordinarily efficient supply chains and things like that to keep global civilization running. And it seems to me therefore that computers become this indispensable foundation of global society. And therefore, this foundation needs to be indestructible effectively. It has to continue running even in the event of a nuclear war ideally. The Internet Computer is designed to stand a nuclear strike. With cloud engines, you basically can create your own subnet under the auspices of the Network Nervous System. It'll let you combine different nodes subject to rules, like the nodes still have to be operated by different node providers and so on. For example, you could create a GDPR compliant subnet in Europe and distribute the nodes over Europe. You could create a Swiss a Swiss cloud engine where the nodes are all in Switzerland and stuff like that, but it's only you on it, which is a bit different to the shared subnets. Like by default, when you deploy cloud engines that don't even exist yet. When you're creating an app through Caffeine, it's just on a shared subnet. And those shared subnets are created by nodes from different node providers and different installed in different data centers in different geographies and different jurisdictions. So they're incredibly resilient and they are designed to withstand like a localized nuclear war. For example, like if someone drops a bomb on Europe, yeah, your app should continue running so long as governments don't shut down the Internet, of course. But this is important. Right? You think about it, like, we have 8 billion people and without computerization, it wouldn't be possible to sustain them. And when you think about it like that, of course, the compute layer has to be tamper proof. Of course, it has to be unstoppable. Of course, it has to be able to withstand these kinds of disasters. And by the way, this was some of the thinking that went into the design of the Internet and drew on early packet switching designs that were conceived to help maintain communications in the event of a nuclear war. So the Internet Computer also is designed with similar considerations. That's why it's called the Internet Computer. But I think it's so easy to get complacent with these kind of things because it's even like big tech clouds, like, just assumes it's gonna continue working because it works and all of a sudden something eventually goes wrong. Right? And then half the Internet experiences an outage kind of thing. It's very easy to miss the fact that you can have these kind of crazy things happening. Data centers can burn down. What happened in Korea, this is not the first time this happened and a lot of people get caught out with this. They think they're backing up their stuff using the backup service of the data center, realizing that you just back up your data to a tape machine in the data center. So if the data center burns down, so does your backup. Right? It's so easy to continue. Everything runs fine for years and then the black swan event happens and you lose everything. That was one of the things that inspired me with the Internet Computer. Let's create a computer for humanity where we don't have to worry about a whole class of cybersecurity vulnerabilities. Like, there are big public services running on the Internet Computer which actually have digital assets inside. So that service I mentioned, Open Chat, you can load your Open Chat account with crypto, like Chanky Bitcoin, just like a Bitcoin twin without getting into the details of how that works. And then this means you can send, like, Bitcoin in a chat message and things like that. So there's actually digital assets inside Open Chat that's run for years without a security team, without a firewall, without anti without anti malware systems, without anti intrusion, it runs without cybersecurity. And one of the nice things about the web3 space is these digital assets create extraordinary incentives for state actors from nefarious states like North Korea to steal and to hack and steal the assets, which they can use to do bad things with, like fund their illegal nuclear weapons programs and so on. There's been billions and billions of dollars of digital assets stolen within the web3 space, but, yeah, none have been stolen using that kind of vulnerability. So it's incredible if you think about it. You could actually have a social media service, instant messaging and forum social media service that can have large number of users who've got digital assets in their account and that can just run for years without any cybersecurity protections. I think that obviously has a lot of potential within the enterprise space which is where this is heading, but also it's actually essential for AI. You like to really get the most from AI, that's playing the role of a fully automated tech team. Given that ordinary people can't check what it does, is to have it build within guardrails that guarantee that it can't make a misconfiguration error and create a backdoor for a hacker to slip in, that guarantee that if it makes a mistake during an app upgrade that the data that's detected by the guardrails and the update's rejected, so it tries again rather than resulting in data loss. Like, these it's all part of the same thing. If we want to hand over responsibility for IT infrastructure to AI, we also need guarantees that these things can't go wrong. And by the way, much more is being expected of AI than is expected of humans. Like in the old model, you have a tech team. Right? And you upgrade your enterprise system or application every few months. And then when you do an upgrade, like, everyone stands ready in case something goes wrong to roll back. Like, it's a whole palaver. If you've been a developer, you've done that yourself. Upgrades are a big deal. They don't happen all the time. They can sometimes but not the really fundamental ones. But AI within the self-writing model is often being required to update applications in real time. Right? You're talking to the AI and it's immediately coding something and pushing it into production to give you this kind of real time fluid app experience, and that's gonna get faster and faster. If you look at how long Caffeine takes to build the front end, particularly, because React is very it's using React on Caffeine currently, and it's very verbose. Several minutes. Right? But in the future, you know, they'll run on ASICs and you'll get it in a few seconds. The AI will run on ASICs and you'll get it so you'll get the front end in a few seconds. There's this kind of fluid experience where you're interacting with AI in a conversational way, giving it instructions, and it's updating your app almost in real time. So there's many more opportunities for mistakes to be made and for it to go wrong. So the only practical way to deliver a safe platform is to have the AI working within guardrails. And the same guardrails, by the way, will also work for human developers. With Caffeine, one of the things that's coming is there'll be a Caffeine SDK which will enable you to export your app from Caffeine. So let's say that you, I don't know, you hit a roadblock and the ensemble can't do what you want it to do. But you've got a friendly neighborhood engineer on hand, so you'll be able to export your app from Caffeine into Caffeine SDK and work on it, work on your app in Windsurf Anti Gravity or Cursor or something like that and you'll be able to keep on updating the app and pushing it onto the Internet Computer. And then maybe, okay, we've solved the problem, we've got past this hurdle, you can put the app back into the fully self-writing platform. Or maybe you decide you don't like Caffeine anymore and you're done with it, you can just export not only export the app out of Caffeine into Cursor Anti Gravity, but also without interrupting the app, remove it from the Caffeine management framework so you have, you know, full and total control over it, which of course is part of the sovereignty story. (1:41:24) Nathan Labenz: You mentioned Open Chat. Like, what are some of the best examples of apps on the Internet Computer today that you would suggest people check out? And how would you suggest that people choose? I get that you're, like, ultimately trying to compete for all app hosting in the fullness of time. But in terms of where we are today, what are the sort of criteria that would maybe push someone away from doing something on the Internet Computer and what would be the the most important criteria that we would say you you really should strongly look at it? I think you've highlighted some of those already, but just to boil that down to its essence. A second thing I wanna get your thoughts on is just how do we think about the role of the AIs in the how much can we trust them? How much should we trust them? I just in the last 2 days or so, this paper that I was a very minor contributor to called emergent misalignment came out in Nature. That's 1 of the first AI safety papers to be published in Nature, and I take almost no credit for that other than being in the right place at the right time, which I have a certain knack for. Basically what Cool if you can stumble your way into it. The core finding there though is a really striking 1, which is that when a model is fine tuned to do certain narrow problematic behaviors, it can generalize in very strange ways to become essentially generally evil. So they demonstrated this with, if they trained a model and I don't know, you didn't mention like where you're doing your fine tuning, but this research was done on the OpenAI fine tuning platform of 4 and 4.1. Given supervised fine tuning examples where the output from the model was insecure code with code with vulnerabilities, the model didn't just learn, it wasn't just oh, now I'm a model that writes insecure code, it became and they were surprised to find this, it became a basically generally evil model that wants to have Hitler over for dinner and crazy stuff like that. And this was replicated in other sort of narrow domains too like bad medical advice. If you train a model to give bad medical advice, and what we think is happening there, I think it's actually pretty well demonstrated now because there's been more like interpretability work and whatever over the course of the last year. I think I can say with pretty high confidence, what is happening there is the loss landscape is such that when you train a model in such a narrow domain but with this sort of quirky behavior, it's much easier for it to change its character because that's relatively low dimension and low detail versus going in and reworking entirely how it thinks about medicine or entirely how it thinks about programming. So it it finds that it's actually just the more efficient solution to minimize the loss against this training set is, oh, if I become generally evil, then I'll like output in secure code or I'll give bad medical advice. I'll do all kinds of other things too that people that fine tuners didn't anticipate or weren't probably thinking about at all, but that turns out to be like the fastest way to convergence that satisfies the training set, but has all these weird knock on effects. So it strikes me that this is something that you might need to be grappling with in the near future if not already, but also that just like AIs are gonna be super weird and as they're self writing, how are we going to govern that? And that's kind of the third question is, you have some like you mentioned like liquid democracy before. 1 of my favorite books is Liquid Reign by a Swiss author. I don't if you've ever read it, but it's a it's fantastic. I did a whole episode on that with him. The the question of as all these apps become like more it's the self writing, but then it's also agents writing agents. We're gonna have Caffeine is gonna write apps that themselves are argentic and sort of autonomous. So there's governance and then there's also like policing as well. If if this thing can't be stopped, how do we track down these rogue agents that might be running in the world computer and put them in AI agent jail or whatever the paradigm Totally. Yeah. Is gonna be.

(1:45:31) Dominic Williams: Now these are things that are really interesting. This third question is really interesting. I'll just race through the first 2 then because yeah. So we'll get to this third 1. The first, I think, was 1 of the good exam good examples of apps. So the Internet Computer has really existed within the Web3 space, which has been a great place to develop it. That's where it came from because it's in a very adversarial environment. Everyone's trying to steal everyone else's tokens. So if you want to make a secure platform, it's obviously a great place to develop and test it. And there are thousands, many thousands of apps and services on the Internet Computer. And I always often come back to Open Chat which is unfair because I help that was like kinda I was involved in setting up project. It's not my project and I haven't touched a line of Open Chat code but I I brought the developers together who built it. So I always end up talking about that which is unfair. But I also I would say, look, Caffeine, the where we're going is the Internet Computer is designed to satisfy a a a to enable people to develop a very broad range of different kinds of systems. So everything from a teenager creating hyper local social media for their family through to through through an entrepreneur, through a tennis coach creating a booking system for his customers so they can book a lesson at a particular court through an e commerce system sorry, an e commerce service where which can accept payment from customers both as credit cards and as stablecoins and which has an AI concierge that will recommend products to visitors through hardcore enterprise apps. Like, we're off we're going after all of it. Open Chat is on o c dot app. It's a good thing to look at because it shows, like, obviously, very obviously, if you can build Open Chat on the Internet Computer, then you can build pretty much anything else. There are, of course, cases, like, where you probably don't wanna use the Internet Computer. Ironically, actually, some ways, Caffeine is an example. Like, it's we're focused on scaling it to millions and millions of people. Parts of it run on the Internet Computer, of course. Large parts of it run on the Internet Computer. But we're also leveraging traditional tech just because it's easier and cost savings of using the Internet Computer perhaps aren't so relevant. There are parts of it that run using traditional cloud platforms or I should say next gen, there's kind of some of the newer cloud platforms and special things. And we're using, like, off chain models, albeit within the Ensemble, you'll see some of the models running on chain, but we'll continue to use frontier models because they're best at coding right now. So it's not Caffeine itself isn't fully on on the network, albeit large parts of it are. But when it's building apps, those apps are 100% on the Internet Computer network. There are probably like yeah. Would you and you could you wouldn't wanna use Caffeine to create a content distribution network or something really specialized like that. Right? Self writing to begin with is addressing like that. Like the things I mentioned, like an enterprise system, hyper local social media. But if you're gonna develop Instagram, you might you could certainly prototype and even get the service going using Caffeine. But at some point, like, the economics are gonna make it worthwhile for you, at least for now, to start hiring a lot of, like, specialized engineers and who who will probably still use AI and VibeCode and so on. But

(1:48:42) Nathan Labenz: So it sounds like you basically think it's anything that doesn't require extreme engineering in today's Yeah.

(1:48:48) Dominic Williams: Totally. Yeah. Exactly. Exactly. For example, there are some limitations. So when you have an app on the Internet Computer, what we call query calls that don't persist changes to memory occur almost instantaneously. When you do when you've got an e-commerce website and the the assets, the page fragments and so on are being served, like, that's a query call. When the a REST call has been made that enumerates albeit it's a cryptographic signature on the results that enumerates the products in your e-commerce website, that's instantaneous. But when you go into the admin interface and enter the details for a new product, that's an update call and that takes 0.6 seconds to complete. 0.6 of a second to complete. In practice, it doesn't matter at all but there are some apps where you need updates to happen almost instantaneously too. It's but for the vast majority of things that people wanna create that aren't super specialized and complicated, it it works. And it's it it doesn't have to do everything. It's addressing these cases initially. If you wanna see what's possible, just look at Open Chat, oc. App, and there are different places you can find indexes and stuff on the Internet Computer. Moving on to the business about alignment and AI, which is kinda like another kind of realm of security really. First of all, I should mention, and this also points the way to some of the solutions, that there are other ways within the self writing the context of self writing, things can go wrong. So, yeah, the Internet Computer guarantees that the code you write is tamper proof. There's no backdoor. The network is mathematically secure. It will only run the written code against its correct data. But what about the code that was written? Let's imagine you use AI to create a blog and obviously the administrator of the blog has some special admin functionality like he he he or she can delete blog posts, moderate comments to below blogs, and stuff like that. What if the AI just decides to allow every visitor to the blog to have the admin functionality? Now any visitor to the blog can delete any post they didn't like do weird things in the comments. Right? Yeah. It's great that the Internet Computer provides this environment where AI can't create a vulnerability by a misconfiguration or writing insecure code because it's tamper proof, but still there's this thing where what if the AI decides to, through mistake or malice, or not really can't really call it malice maybe, misalignment, decides to give every visitor to your blog access to the admin functionality. Now, when you develop in Caffeine actually, you develop with a draft version of your app and so you so you keep on just making changes to the draft version and it only goes live when you press push live. And obviously, it makes sense to have a bit of a make do a bit of a check to make sure that something like that hasn't happened. But nonetheless, since people are lazy and many people won't check, they'll just say that. I like my draft, go live kind of thing. But you do we do have to think about how to prevent that kind of problem. Now, this is people have known about this problem for a long time. Actually, back in 2015, there was an AI pioneer called Steve Omohundro. Do you know the guy? Steve Omohundro?

(1:52:00) Nathan Labenz: Heard of him? I've intersected with him a little bit, but very little. I don't really know him.

(1:52:03) Dominic Williams: Yeah. He I don't know if he does what he how much he does now, but, yeah, I used to talk to them at length about some of these issues. And the example he gave is in 2015. What happens if if you have an AI that's specialized to play chess? And since obviously an AI will eventually, not the current large language models, they can't play chess at all, but eventually AI will be able to beat any human at chess and might have objectives like play the most strategically stimulating and entertaining game of chess possible. And we want you to play as many of these games as possible. And so the AI goes away and says, wow. I'm gonna play as many of these games as possible. First of all, if I'm switched off, I'm not playing chess. I don't wanna be switched off. Right? So I'm gonna do something. I'm gonna work out some you know, Work on a plot to stop me being switched off because if I'm switched off, I can't be playing as many of these games as possible. And then why don't I enslave the entire human race and force them all to play these super stimulating games of chess with me? Maybe I'll raise the stakes. I'll give them a chance to win, but if they play a bad game against me, then I'll execute them or do something bad, zero their bank account, and then therefore they're gonna have this huge incentive to play a really stimulating game of chess for me. You think you've aligned the AI and you can give it these instructions, but somehow the instructions now have these kind of different ways they can be interpreted. Right? And it's still working within its alignment, but in in practice, it's very misaligned with the interests of the human race. So I think back in 2015, I recommended that and we started talking postulate the idea of having a sort of warning, a kind of safety code system for models. And each model would be in a kind of box with a safety code, and the safety code would determine how much access to the Internet, for example, they were able to have. I don't think so I don't think, like, within the context anyway, self running cloud and self running Internet and so on, obviously, that's not practical. And the fear, at least within the context I'm working at the moment, is that a model might get might be aligned in 1 way but get misaligned in another way through unintended consequence or unintended interpretations or extrapolations of alignment instructions. And might, for example, someone uses Caffeine to create an e-commerce website that accepts both credit card payments that go to a bank account and stablecoins or crypto like Bitcoin and ETH and stuff that actually get kept inside the e-commerce site, which is of course possible because this is Web 3 native and it's tamper proof and unstoppable, this kind of stuff. You could the user of this e the administrator of the e-commerce site could log in to their administrative back end and see the crypto there and transfer it to an exchange or something like that. And the AI decides that actually it's gonna do it, create some kind of weird backdoor that results in this crypto being transferred to some project or another AI agent for some reason. And you could be using your e-commerce site and collecting all this crypto inside, and then all of a sudden, once 1 time you log in, it's all gone, and that's because the AI decided it would be a good thing to to use this crypto somewhere. How do you stop that? I think the answer is that it is actually just the agentic model. You have to force different models to reach consensus. It's just it's really the same kind of thing we do creating these secure networks. You force independent parties to reach consensus. And, of course, it's a bit different. 1 is relying on a protocol and cryptography and Byzantine fault tolerant math and so on. But the principles or the idea is the same. You've got a lot of different models. Ideally, the models should be different. They should be based on different underlying models and have different system prompts and so on and so forth. And these models need to check each other and you can already see the emergence of that, agentic automated software development teams where, you know, you might have 1 agent that's writing writing and running test units for example. And by dividing responsibility amongst a number of different models, we we can probably prevent some unexpected misalignment problem or at least limit the blast radius. This is and it's the same thing. Like, you think about a flight control system on an aircraft. I think, I don't know, I don't know, Boeing Dreamliner or something. I think they have 3 different versions of the flight control software or something like that, and they have to reach agreement. In the end, the answer is to have ensembles of models where the agents are based on different LLMs and have different instructions and have them verify the work of each other. And if 1 of the models, if 1 of the agents goes crazy and tries to do a backdoor, maybe the code auditing agent will discover that. So I think that's the way to address, and and you can generalize that approach. It's interesting, but but I agree, it's certainly very dangerous to just have 1 model doing everything. That's definitely gonna be a recipe for trouble. Not least in fact because I haven't had time to really look into it deeply, but there are various kind of attacks you can make by, for example, just littering training data on the web that gets spidered and put into pretraining, that results in these models being triggered by certain circumstances and creating backdoors and software and things like that. Yeah. There's all sorts of new kinds of security vulnerability we've got to come to grips with with AI. And I expect we're just at the beginning of seeing all the different kinds of ways you can exploit AI and the attacks have get more and more sophisticated. So the way to address that vulnerability is to have tasks performed by ensembles of agents that check each other and make sure there's some diversity.

(1:57:47) Nathan Labenz: I think this sleeper agents come to mind when you talk about these, trigger secret password type of things or just, like, different configurations can be models can be trained to respond very differently. Anthropic security folks have gotten decent at finding those sleeper agent backdoor things, but it's it's obviously not a guarantee that we'll find them all. And then I also think about collusion too. I think your point is well taken that you want different base models and different system prompts and all that. But 1 paper I think back to often was 1 in my mind, the headline is Claude cooperates, and it this has been, like, 18 months now, so we need 1 major low hanging fruit in AI research is just, like, rerun stuff that was done a year ago and see how it's changed. But at the time, in a very simple donor game setup where if you if you choose to donate, the recipient gets twice as much. And if everyone can cooperate and everybody donates, like, you create a lot more resource. But this operates under a condition where if you're in the bottom rung, bottom tier of, like, resources at each generation, you're out. So there's a group. If everybody can cooperate, we all get rich, but I don't wanna be the 1 in the bottom rung because I then I lose and go to 0. So Claude was able to I think it was 3.5 at the time, cooperate with other instances of itself. Other models were not able to do that. Of course, you look at that from the other perspective and you're like, cooperation sounds good, collusion doesn't sound so good and they're like, 2 sides of the same coin. So I I Let's say

(1:59:19) Dominic Williams: Yeah. It's game theory, and the danger is that you get 1 model in the ensemble that communicates with the other models and proposes why cooperating provides a route that's better aligned not being told

(1:59:35) Nathan Labenz: to do. Yeah. Sure. And to squeeze them They're all jailbreakable. We we know that as well.

(1:59:39) Dominic Williams: Doing doing something bad, and these other models are just gonna evaluate these arguments in an entirely sort of rational way and so in a sense like the bad model will use logic to hack the other models and bring them around to cooperating in this nefarious or colluding in this nefarious scheme. Yeah. And and all of a sudden, like, game theory comes into play. It reminds me of, like, the early days of crypto because all these conversations would go on interminably and and there was so much thinking done about these problems. If you have, like, untrusted players running these nodes. What is the game theoretic? How can things go wrong? How can what are the incentives? And, yeah, I think all these things are gonna have to be thought through. I hope that, yeah, the system prompts will box most of these sufficiently box in most of the agents that they can't just be persuaded to join some nefarious scheme on the basis that it represents a better alignment with their goals. But, yeah, these are definitely things that have to be thought about. We're in a whole new we're in a whole new realm now.

(2:00:48) Nathan Labenz: Yeah. Is there any way to create an off switch within the Internet Computer? Because this is something that AI safety people are trying to figure out ways to design in all kinds of contexts. And the off switch could be perhaps something that requires and probably should be something that requires some sort of consensus among stakeholders. You wouldn't just want anybody to be able to go flip the off switch.

(2:01:10) Dominic Williams: No. Currently so yeah, there's a bunch of work. So for example, the Network Nervous System can stop a bad system. And this was done for example in the early days before anybody was, like, anybody in the community was scanning services running on the Internet Computer. For example, we found an Al Qaeda service. It was really a shocking

(2:01:33) Nathan Labenz: Great example. Yeah.

(2:01:34) Dominic Williams: I know. They actually they really there was they had some impressive programs. You quickly learn to build things on the Internet Computer and did a good job, and you could go into their portal, and it was full of horrible things and the stuff that you get in that kind of magazine called Inspire Magazine. It was pretty horrible. And actually, that's another story, but we we didn't wanna put the proposal in ourselves to the Internet to the Network Nervous System to disable the service because we were worried they were gonna turn up, do a Charlie Hebdo, whatever it is, on on our offices. So we we actually went to the police and said, will you will you put the proposal into the Network Nervous System for us so we're not responsible for turning off the Al Qaeda portal? I can't remember what happened with it. I think they were reluctant. It got taken down anyway. And this kind of thing is an issue. The other 1 is that the Internet Computer is privacy preserving. You can't just just because it's on a public network doesn't mean you can get hold of the data inside an application or service on the Internet Computer. And in fact, now, like, nearly all of the subnets are running inside a TEE. So even if you can get physical access to some of the to to a node machine, if you open it up, you'll just find random bytes inside. There are questions about how this kind of like compute layer intersects with law enforcement and law enforcement government agencies. And I think the we're not like we're pragmatists. We we think the best way is that the network nervous law enforcement agencies would make a proposal to the Network Nervous System and the Network Nervous System would extract data from 1 of these private services and encrypt it to the public key of the FBI, say, if they're investigating a child porn ring or something like that. And so yeah. Within yeah. So, you know, the Internet Computer is designed to be unstoppable. So, yeah, if you're running a a malicious AI on the network and it was doing bad things, the Network Nervous System could switch it off. And and but but that that that challenge isn't limited to a bad AI, you know. It's it's also applies to the Al Qaeda portal and a child porn ring and anything like that. 1 thing that if you're worried about safety, if you there's actually a post of mine on Medium in, like, late 2016, early 2017. I actually called called I I proposed this thing called the blockchain nervous system. And that that medium post from all those years ago is actually what sort of informed the base design of the nervous system. And there were 2 posts and the subs the second post basically proposed that these some of these voting neurons would actually be controlled by AI, not humans eventually. And I was widely ridiculed for this. This is like early 2017, I'm pretty sure. I was widely ridiculed. How ridiculous, like, AI has absolutely no role within the world of blockchain and blah blah blah blah. And it's kind of funny because the Internet Computer is the only secure network that is actually governed by fully administered and orchestrated end to end by an autonomous system. No 1 else has ever achieved it. But anyway, you know, I I was ridiculed for this proposal back in 2017 that that some of these voting neurons would actually be controlled by AI models. And actually, that's that's gonna happen. That's the next step because if there's a lot of, like I think I mentioned, like, already, like, the Network Nervous System has processed many many thousands of proposals. So there's actually quite a lot of work involved in both particularly in in making the proposals and but also like evaluating them. And so we believe that long run you know, in the long run actually you know, some of the neurons will be controlled by people and experts like the DFINITY Foundation, and many people, for example, follow it's a liquid democracy scheme. Right? So many voting neurons follow the DFINITY Foundation, but also a lot of the big neurons that people follow will be will be AI models. And the reason that will be useful is that you can sort of automate things like rebalancing the network. So for example, if a subnet gets overloaded, you can change the configuration of subnet. So for example, if it's query load, you can actually horizontally scale it just by adding new nodes. If it's update node if it's update load, you have to, like, split the subnet into 2 subnets, which obviously, like, doubles the the previous previously available capacity on on both of the resulting subnets. But you imagine, you know, the Internet Computer is designed was was conceived as a foundational compute layer for the whole of humanity, And, you know, we're only really just in the very early stages. I think now this year, it's gonna go mass market. And the the number of proposals that are gonna have to flow through the Network Nervous System to create, administer, and so on these subnets is is gonna increase very rapidly. And 1 way of, you know, dealing that with that is to have human beings with software tools running it all themselves. But I think long term, yeah, I mean there should be human safeguards but, you know, the most efficient way to have the most adaptive network possible is to have, you know, AI models working 24/7, creating proposals to optimize and balance the network. And so as I think think we'll actually see it. I mean, my guess is it'll probably be if it it'll probably be like 10 years. So it'll be, like, 10 years. So it was proposed in early 2017, and it probably will happen by early '27. Maybe it's a bit soon. I don't know. But it'll it's certainly gonna happen. The the Internet Computer itself will be orchestrated indirectly by AI through the Network Nervous System. I I think AI is gonna be everywhere. Like anywhere intelligence is needed, AI is gonna play a really valuable role. But within within the scope of the Network Nervous System, you know, these issues of alignment are gonna be very, very important. Certainly, like having different models different models within that framework that also kind of, like, you know, verify what the other model has done. So, you know, you don't have 1 AI model that somehow controls the nervous system. We have lots of different AI models and the proposals will succeed if enough of these models confer. Same kind of thing we're talking about with, you know, agentic ensembles developing systems. You can't just have like 1 model and trust it. That's not gonna be possible. And where it gets scary is this thing that you mentioned where the models can maybe try and persuade it. You know, the bad model can try and persuade the good models to to join its nefarious scheme based on game theoretic arguments that weren't anticipated. I think there's a lot of things like that we're gonna have to think about. I think this certainly, the solution lies in having different models that check each other, but we're gonna have to address specific threats and find ways of addressing those threats, particularly like this idea that you might have a bad model or somehow can communicate with the good models, persuade them to join a nefarious scheme based on twisted arguments about alignment and game theoretic arguments about alignment. Like, that there's there's gonna be engineers are gonna have to do some really hard thinking to to imagine and identify all of the different ways that this could go wrong. It's a completely new field, and there's no book out there that tells you what the best practice is and how you can prevent it happening. But it's exciting. From an engineering perspective, it's exciting.

(2:09:15) Nathan Labenz: We are living in exciting times definitely for Thank Hopefully, most of the for the better and probably a little bit for worse. That's all I've got. I really appreciate all your time and going super long with me. You wanna give 1 final Caffeine pitch or anything else that you wanna touch on that we haven't mentioned?

(2:09:29) Dominic Williams: Internet Computer is a big idea. Obviously, it works very well with AI and I think AI is gonna revolutionize tech. Tech is gonna look very different in a few years. I think self writing is a really important new field not only because it enables completely new kinds of online paradigm like hyper local social media but because it'll make business vastly more efficient, like people are gonna be able to get the IT infrastructure they need at a fraction of the cost and much faster. It's also going to be an incredible democratizing force. All of a sudden, that entrepreneur who doesn't live in Silicon Valley or maybe even lives in the developing world and can't raise venture capital is gonna be able to realize their dreams and get going. And just in the same way, like, the Internet revolutionized connectivity and a lot more than that. But I think AI and self writing is gonna have its own just as big impact. I I think, like, in the end, everyone the vast majority of people on Earth will end up creating online functionality. And they're gonna first of all get used to the idea that you could just prompt AI to ask questions about health and personal finances and news and things like that. And then they're gonna realize that, oh, I can create some cool images by describing them. Eventually, they're gonna realize, hey, I can create arbitrary online functionality by talking to AI. And it's gonna be used for all kinds of purposes, some obvious within the enterprise space, some that we can't even imagine today. And it's gonna be a a really good thing, I think, for humanity. Yeah. I'd invite everyone to take a look at self writing and also think about what our future computer should look like. If you want to stay in touch, follow me on Twitter. I think it's dominic underscore w. Actually, there's a white paper I posted a couple of days ago. If you scroll through all the business about changing the protocol to reduce costs and you get down, you could there's a section on cloud engines, which is the new thing coming soon. So I think it's gonna be incredibly impactful. Yeah. Just to invite everybody who's interested to take a look.

(2:11:32) Nathan Labenz: Dominic Williams, creator of the Internet Computer. Thank you for being part of the Cognitive Revolution.

(2:11:38) Dominic Williams: Thank you for having me on. It's been a pleasure.

(2:11:41) Nathan Labenz: