Sunday morning, 8:12 am. Awake. Kids screaming. Weekend. Coffee. What’s happening in the world… Laptop. Checking some messages. Const is at it again? nice.
Wait, what?!
$ python -i
'2024-07-14T01:26:48.003000' But that means… tonight is our anniversary! That’s right, exactly a year ago the wildest ride of our life started on a day just like this.
Our subnet is now officially one year old. It has been quite the ride, with emissions going up, then down again. Miners came, and miners went. Friendly battles were fought out on Discord, culminating in a heated debate on the Novelty Search stage. We had fun. We learned. The ecosystem around us changed dramatically when dtao arrived. But we’re still here.
Introducing: SN29 – AI ASSeSS – AI Agent Safety&Security Specialist Subnet
Today also marks the start of something new. Taking our experience and insights, we will reboot the subnet and rebuild it around assessing AI Agent Safety and Security. We think we’ve seen enough of miner (mis)behavior to take a shot at designing an honest subnet (yes!) where honest mining will be #winning, where none of the trickery we’ve all become so proficient in, will work to gain unfair incentive.
If there is one thing that miners love to do, and seem to be excelling in, it is gaming the system. So why not make gaming the system the goal of a subnet? And what better to game in this day and age than the proliferating field of Agentic AI?
The incentive landscape will be optimized to serve the goal of the subnet, which aligns with the interests of its clients: ensuring that no known safety or security flaw goes unnoticed. The subnet may even reveal new attack vectors. The validator code and its inner workings will be transparent. A lot of data will be produced and shared for anyone to analyze. We can do that, while still generating revenue, because the value is in the combined intelligence and creativity of the miners, our bounty hunters, that will assess any AI Agent in the blink of an eye – first come, first serve.
The essence of the subnet will be different than most (if not all) subnets before us, as it is a bounty hunting subnet. We’ve wanted to do such a thing for a very long time, e.g. for bug bounties on Bittensor in general, but only now we see how to tie everything together in a way that will work on all levels. The evolution of the ecosystem has been instrumental on various levels.
We have the concept fully worked out, meeting the strong criteria we set for ourselves in the recent string of articles, but for fear of copy-cats we will not be sharing further details, before we have some code ready to launch.
The product the subnet will sell is a Safety&Security assessment for AI Agents. We are confident that this is an emerging market with significant earning potential. Recent developments with Grok on X were hard to miss. There is no doubt in our mind that (normal) companies will want to pay for such assessment services, and put their shiny new chatbot to the test, before launching it in public. Or to have an external AI Agent assessed before it is integrated with corporate systems, with access to sensitive data. We hope our incentives will attract and develop a new breed of hackers: AI Agent Safety&Security Specialists.
Looking back at our professional career, we’ve been there when buffer overruns were a thing in the late ‘90s. We’ve been there in the 2000s when SQL injections were a thing. We’ve been there when apps (iOS/Android) took over the world and APIs were all over the place – their (in)security, their lack of consistency and documentation, and their (in)stability. We’ve been there when IoT was projected to be the next hype (except it wasn’t) and the world was flooded with vulnerable internet-connected devices. Web3 came with its endless string of vulnerable platforms and “smart” contracts. AI Agents are next up to be battle-tested. Wild times ahead.
AI Agent Safety&Security is at the crossroads of traditional hacking and social engineering. We expect this field to be interesting from a security viewpoint, but also from the social viewpoint, given the way people have been getting used to interact with AI Agents. An additional benefit to this, is that where a buffer overrun, SQL injection, side channel attack or vulnerable SC is hard to market to a broad audience, a social engineering hack on an AI Agent is something everyone can understand. So there is significant marketing potential as well, just by publishing the gems found by our miners.
For the past 30-or-so years, we’ve been building real-world stuff that worked, ranging from the quantum physics lab to the corporate workplace (online assessments, for humans) to the embedded world of phones and mission critical IoT devices. Since “coldint” we can add AI and blockchain experience to the list. We have always kept an eye on security aspects, with the occasional hands-on deep dive. Every new generation of internet-enabled technology has brought 10-20 years of security issues with it. With Agentic AI this will not be any better, as these black boxes are even harder to secure than the deterministic pre-AI world. We think that today we are already witnessing the first exploits and misbehavings of AI Agents, just as there was a first buffer overrun, a first SQL injection, a first side-channel attack and a first smart contract exploit. So today we should be at the right time and place to catch the next wave of security issues. We cannot wait to get started!
This concludes our series on a year of Bittensor experience. We hope you enjoyed it. We will stay at our keyboards, but now for writing the best code we can. Stay tuned for incidental updates!
0 Comments