ZK Attestation for AI Security
Foresight Institute grant exploring zero-knowledge attestation mechanisms for AI security and integrity.
Problem. AI models are increasingly deployed as black boxes. Users, regulators, and auditors need to verify that these models are trustworthy — authentic, unaltered, fair, and free of hidden malicious behaviour — without the model owner having to reveal proprietary details.
Approach. Two-step verification: (1) prove the AI is running on secure, tamper-proof hardware via trusted execution attestation, (2) mathematically prove the model has specific properties (fairness, authenticity via watermarks, lack of poisoning) using zero-knowledge proofs — all without exposing the actual model.
Impact. Companies can verify their AI systems meet regulations, users can trust AI decisions affecting them, and auditors can check AI behaviour — all while keeping valuable AI models private and secure.
Funded by the Foresight Institute. Joint work with Luca Arnaboldi.