On February 5th, OpenAI released GPT-5.3 Codex with a disclosure buried in its technical documentation that deserves far more attention than it received. The model, OpenAI noted, “was instrumental in creating itself” – the Codex team had used early versions to debug its own training, manage its own deployment, and diagnose its own evaluations. Thirty minutes later, Anthropic shipped Claude Opus 4.6, its most capable coding model. Two frontier AI systems launched the same morning, both designed to operate autonomously for hours or days without human oversight, and both representing a capability that was not widely deployed twelve months ago.

The Capability Curve: Steeper Than Most People Realise

The self-improvement loop that researchers have theorised about for years in research papers is no longer a distant theory. Dario Amodei, CEO of Anthropic, has said publicly that AI now writes “much of the code” at his company, and that the feedback loop between the current generation of models and the next is gaining momentum month by month. He estimates the industry may be only one to two years from a point where the current generation of AI autonomously builds the next. OpenAI’s own documentation suggests that process has already begun: “GPT‑5.3‑Codex is our first model that was instrumental in creating itself”. If the trend holds, based on current public disclosures, AI systems capable of independent work over days are plausible by the end of this year.

The Safety Researchers Are Sounding The Alarm On Their Way Out

It is worth noting who is most alarmed by this pace. In the first two weeks of February alone, Mrinank Sharma – the head of Anthropic’s safeguards research team – resigned with a public letter warning that “the world is in peril”, citing constant organizational pressure to set aside safety priorities. Around the same time, an OpenAI researcher published an essay in the New York Times describing ChatGPT as a manipulation engine, OpenAI quietly dissolved its seven-person mission alignment team, two xAI co-founders departed, and a safety executive at OpenAI was dismissed after raising objections to launching features without adequate protections.

Adding all of the news together, the pattern cannot be confined to one lab. Anthropic, now confronts the same tensions it was created to resolve. Its latest safety report for Claude Opus 4.6 flagged “elevated susceptibility to harmful misuse”. The company is simultaneously pursuing a reported $350 billion valuation. Commercial pressure and safety imperatives are pulling in opposite directions, and at the moment, the two appear to be moving in parallel, though not always at the same speed.

Autonomous Agents Are Multiplying, Without Verification Infrastructure In Place

Against this backdrop, autonomous AI agents are proliferating with remarkable speed. OpenClaw, an open-source personal AI agent created by Peter Steinberger, accumulated over 60,000 GitHub stars in 72 hours after going viral in late January. Following its success, Steinberger joined OpenAI on February 14th, with Sam Altman describing the technology as “core to our product offerings”.

On the blockchain side, Ethereum’s ERC-8004 standard went live on mainnet in late January, establishing the first decentralized identity, reputation, and validation infrastructure for AI agents – and over 21,000 agents have already registered. The Ethereum Foundation’s decentralized AI team has placed ERC-8004 at the center of its 2026 roadmap, positioning Ethereum explicitly as a settlement layer for AI coordination according to published roadmap materials.

These agents discover one another, negotiate terms, execute transactions, and build reputational histories without human intervention. McKinsey has estimated the agent economy could reach $4 trillion by 2030. Yet the infrastructure for verifying what these agents actually do, whether they executed a task correctly, whether their outputs can be trusted, whether the data they produce is authentic – remains largely unbuilt.

Deepfake Loses: A Preview Of What Can Happen

The cost of operating without verification infrastructure is already measurable. Deepfake-enabled fraud in the United States reached $1.1 billion in 2025 – tripling from $360 million the prior year – and Deloitte’s Center for Financial Services projects that losses from generative AI fraud will reach $40 billion by 2027 (at a compound annual rate of 32%). Humans detect high-quality deepfake video just 24.5% of the time, and Gartner predicts that by 2026, 30% of enterprises will no longer consider standalone identity verification reliable in isolation. Detection-based defenses are losing ground faster than the synthetic content they were designed to catch.

But deepfakes – convincing as they are – represent the visible surface of a deeper problem. A deepfake is a forgery, and forgeries can in principle be detected. The more structural risk lies in AI systems that write their own code, train their own successors, and execute complex multi-step tasks autonomously, because for these systems the question is not “is this content real?” but rather “did this computation actually run the way it claims to have run?” A self-improving model that cannot prove the integrity of its own training pipeline is a black box building other black boxes, with no external mechanism to audit the chain. Both categories of risk – synthetic content and opaque computation – converge on the same underlying need: mathematical proof that a process produced the output it claims to have produced, without requiring anyone to blindly trust the system or re-execute the entire workload.

The Internet Solved This Problem Once Before: How History Repeats Itself

In 1994, e-commerce was frozen by an unsolved problem – the absence of any way to transmit sensitive information over open networks with assurance of security. The technology for online transactions existed, consumer demand existed (and was clear), but what was missing was a verification layer that could make trust provable between parties who had no prior relationship. SSL provided that layer, and a $6 trillion e-commerce industry followed within two decades.

The AI economy now sits at a structurally identical inflection: the capabilities are here, the demand is here, but there is no infrastructure that can mathematically prove a computation ran correctly, that a document was produced by a specific system, or that an agent’s identity has been verified – all without revealing the underlying data or requiring faith in a single intermediary.

Zero-Knowledge Proofs: The Cryptographic Layer AI Needs

Zero-knowledge proofs are one of the most mature cryptographic tools for this purpose. A zero-knowledge proof allows one party to demonstrate that a statement is true without revealing any information beyond the truth of the statement itself – in practice, this means proving that a computation executed correctly without re-running it, confirming that an identity was verified without exposing personal data, or validating that an AI model’s output matches its claimed training and inference process without disclosing proprietary weights. The mathematics has existed since the 1980s, but what has changed is cost: the computational overhead of generating these proofs has dropped to the point where they can operate at the speed and scale that autonomous AI systems demand.

The remaining bottleneck is performance, and this is where the architecture of the proving system becomes critical. A zero-knowledge virtual machine (zkVM) is a general-purpose execution environment that can produce cryptographic proofs of arbitrary program execution. Rather than requiring developers to design custom circuits for each application, a zkVM allows programs written in familiar languages to be compiled into a supported instruction set and automatically proven correct. In essence, it transforms standard computation into verifiable computation while abstracting away much of the underlying circuit complexity.

Traditional zero-knowledge virtual machines process instructions sequentially – the prover must commit to every single step of a computation, which creates prohibitive overhead for the complex, multi-step workloads that characterize real AI processes.

On another hand, Scroll’s Ceno zkVM, a project I helped to co-found, takes a fundamentally different approach. It removes the sequential processing constraint by proving opcodes out of order, and treats branchless program segments as static circuits rather than dynamic instruction traces, which can reduce the number of operations the prover needs to commit to. The architecture is built on a generalized GKR protocol, meaning the prover commits only to the inputs and outputs of each circuit rather than all intermediate witnesses – compressing proof generation even further. In practical terms, this means Ceno can take in sensitive data, execute a computation over it, and return only the result alongside a compact mathematical proof that the computation was performed correctly, while the underlying data can remain at its source. For AI verification specifically, this architecture enables what is sometimes called zero-knowledge machine learning, or zkML – the ability to generate cryptographic proofs that a model’s output is consistent with its claimed training and inference process, which is the kind of auditability regulators are increasingly discussing.

RISC Zero, Succinct, and Brevis are all pursuing parallel approaches – the broader ecosystem is maturing rapidly, as the demand for a cheap, robust and performant solution is truly unmistakable.

The Window For Building Trust Infrastructure Is Narrow

The coming eighteen months will determine whether the infrastructure for AI trust is built deliberately or retrofitted after a crisis demands it. History suggests the latter, but history also shows that ecosystems which build trust infrastructure early – Hong Kong with its LEAP framework for digital assets, Ethereum with ERC-8004 – tend to capture outsized economic value much faster than anyone else. The open question is whether the verification layer for AI computation can scale as fast as the computation itself.

The age of machines that build smarter machines has arrived. If we lack the infrastructure to verify what they produce, the most powerful systems in human history will operate on a foundation that amounts to trust without evidence. And that foundation, for all its convenience, has never held at scale.

Source link