How do I get cryptographic proof that the remote model I called ran as specified?
Opportunity
Cloud AI APIs return outputs with no verifiable evidence of which model version ran, at what quantization, or with what system prompt was prepended upstream. GPU confidential computing on NVIDIA Hopper hardware can attest hardware state, but the attestation evidence never reaches the API caller and the trust chain terminates inside vendor-controlled certificate infrastructure. A June 2026 paper proposes TEE-based verifiable safety benchmarks but no production API exposes a per-call inference receipt to the caller. Any adversarial or regulated context where model identity matters must trust the provider's word.
Why it matters
Without a verifiable inference receipt, every safety, compliance, and alignment claim made about a remote model invocation rests on provider trust alone, which is not sufficient for regulated deployments or autonomous agent stacks.
How I score the opportunity
The Opportunity Score is my own read, not a measurement: how much it hurts, how often it bites, and how little exists to solve it today. Higher means I think it is more worth building.
How much pain it causes when it shows up.
How often people actually run into it.
How little good tooling exists for it today.
More problems worth solving
Why does every AI app forget me the moment I close the tab?
AIWhy is learning a new field still gated by knowing what to ask?
AIWhy can a non-expert not verify what an AI just told them?
AIWhy do we test models on benchmarks but ship them on vibes?
AIWhy do AI agents have no memory of their own mistakes?
AIWhy can't I audit what a model was actually trained on?