Worth Solving
Problems worth building.
A good problem is hard to unsee. It nags at you until someone builds the fix. This is my running list of the open problems in tech, blockchain, and AI that I keep coming back to: the ones I think are genuinely worth solving, and a few I want to build myself.
Each carries an Opportunity Score, my own read on how much it hurts, how often, and how little exists to solve it. Map them, or read them one by one.
What does an AI agent's bank account actually look like?
Agents can act on their own now, but handing one money is still terrifying. There is no standard way to give an agent a spending limit, a clean audit trail, and a kill switch that a human and a regulator both trust. We bolt agents onto cards and wallets that were built for people.
Why it matters: Autonomous software will move real money soon, and the accountability layer for it does not exist yet.
Read the full breakdownWhy can't I prove I am solvent without showing my balance?
Public chains make every balance visible forever. Funds and exchanges get asked to prove reserves, and the usual answer is either a screenshot you have to trust or a full disclosure that leaks everything. There is no cheap way to prove one fact about your money without revealing the rest.
Why it matters: Selective proof is the missing primitive that lets regulated money live on a transparent ledger.
Read the full breakdownWhy does every AI app forget me the moment I close the tab?
Your context, preferences, and history are trapped inside whichever assistant you used last. Switch models or apps and you start from zero. Memory is owned by the platform, not by you, which is exactly backwards if the goal is a tool that compounds with you over years.
Why it matters: Portable, user-owned memory is what turns a chatbot into a personal advantage.
Read the full breakdownWhy is learning a new field still gated by knowing what to ask?
The hard part of learning something new was never access to information, it is not knowing the questions. A personal model could map what you actually want to do, find the gaps in what you know, and build the path. Most tools still sit and wait for you to already know what to ask.
Why it matters: This is the personal-growth promise of AI made concrete, and almost nobody has built it well.
Read the full breakdownWhy can a non-expert not verify what an AI just told them?
Models answer in the same confident tone whether they are right or inventing. For anything that matters, medical, legal, or financial, there is no simple, trustworthy way for an ordinary person to check a claim against a real source without already being an expert.
Why it matters: Verification you can trust, not a bigger model, is what makes AI safe to rely on.
Read the full breakdownWhy is moving money between chains still scarier than the early internet?
Bridges remain the most exploited part of crypto, and the user is the one carrying the risk. We still have no default-safe way to move value across chains the way TCP/IP made moving packets boring and reliable.
Why it matters: Until cross-chain transfer is boring, mainstream money will not trust it.
Read the full breakdownWhy does compliance still mean a PDF and a prayer?
Rules about who can hold what, and where, live in documents and human checklists. The asset itself carries none of it. Tokenized assets and stablecoins keep relearning this the hard way. Compliance should travel with the asset and be checkable in real time, not reconstructed after something breaks.
Why it matters: Machine-readable compliance is the real unlock for moving regulated assets on-chain.
Read the full breakdownWhy do we test models on benchmarks but ship them on vibes?
Teams pick a model off a leaderboard, then run it in production with almost no continuous, cheap, task-specific evaluation. When quality drifts, nobody notices until a user complains. The tooling to actually measure whether your AI feature is still good is missing for most builders.
Why it matters: You cannot operate what you cannot measure, and right now most AI features are unmeasured.
Read the full breakdownCan an on-chain organization run by agents avoid becoming a scam machine?
Agents are good at executing rules and bad at judgment. An org run by agents could be transparent and tireless, or it could be a perfectly automated way to drain a treasury. Nobody has shown the guardrails that make the first outcome the likely one.
Why it matters: If agent-run organizations are coming, the safety pattern has to exist before the capital does.
Read the full breakdownWhy is the software we depend on most the worst to use?
Tax portals, hospital systems, government forms. The software with the highest stakes and the widest reach is often the most painful to touch. The incentives that produce good consumer apps barely reach public-interest software.
Why it matters: Raising the floor of essential software would help more people than another consumer app.
Read the full breakdownHow do you prove a photo or a voice is real without a platform vouching for it?
Synthetic media is now good enough to fool anyone, and the only answer on offer is trusting whichever platform shows it to you. Provenance needs to live with the file and be checkable by anyone, the way a signature proves who signed. The cryptography exists. The adoption does not.
Why it matters: Trust in what we see and hear online depends on solving this before the fakes win.
Read the full breakdownWhy is self-custody still a choice between losing your keys and trusting a company?
Hold your own keys and one mistake wipes you out with no recovery. Use a custodian and you are back to trusting a company with your money. Social recovery and account abstraction exist, but almost nobody ships a wallet a normal person can use without a seed phrase or a support line.
Why it matters: Self-custody an ordinary person can actually live with is the gate to everything else in crypto.
Read the full breakdownWhy do AI agents have no memory of their own mistakes?
An agent will make the same error on Tuesday that it made on Monday, because nothing carries the lesson forward. We have memory for facts and almost none for failures. An agent that cannot learn from what went wrong is an intern with amnesia.
Why it matters: Agents will not be trusted with real work until they reliably get better at it over time.
Read the full breakdownWhy is on-chain identity either nothing or your entire life?
On a public chain you are either a random address with no reputation or a wallet that exposes everything you have ever done. There is no middle: a way to prove you are a real, unique person, or that you are allowed to do something, without handing over your whole history.
Why it matters: Useful, privacy-preserving identity is the missing layer between anonymous and surveilled.
Read the full breakdownWhy does tokenizing a real asset still need ten middlemen?
Put a building or a bond on-chain and you still depend on a custodian, a transfer agent, a lawyer, and a registry to make the token mean anything. The on-chain part is easy. The off-chain trust and the legal enforceability is the hard, unglamorous part nobody has made boring yet.
Why it matters: Real-world assets only matter on-chain if the link to the real world holds up in court.
Read the full breakdownWhy can't I audit what a model was actually trained on?
Models absorb the whole internet and then answer with no way to trace where a claim or a behavior came from. For anything regulated, or any dispute over copyright or bias, the training set is a black box. There is no practical way to ask a model what it learned from and get an honest answer.
Why it matters: You cannot govern or fully trust a system whose inputs are invisible.
Read the full breakdownWhy can't a stablecoin pay someone with no internet?
Digital money is meant to reach the people banks never did, but it falls over the moment the connection does. Offline and intermittent payments, settled once a signal returns, are how cash works and how much of the world still lives. Crypto rarely designs for that.
Why it matters: Payments that only work with perfect connectivity are not payments for most of the planet.
Read the full breakdownWhy do I still own none of the data I generate?
Every app you touch keeps the data you produce, and you cannot take it anywhere useful. Portability is a download button that hands you a folder you cannot do anything with. Owning and reusing your own data across services is still mostly a slogan, not a feature.
Why it matters: Data you cannot move is data you do not really own.
Read the full breakdownWhy does a bridge exploit drain everything before any alarm fires?
Cross-chain bridges hold large reserves and process messages across trust boundaries, yet most lack any standardized on-chain rate-limiting. EIP-7265 proposed a circuit-breaker interface in 2023 and Aave's governance forum carried a grant proposal to implement it, but as of mid-2025 no major bridge has shipped a production-ready, interoperable version. When an attacker finds a validator-set or message-verification flaw, the full liquidity pool drains in minutes because nothing caps outflow velocity. SoK papers published in 2025 confirm that delayed withdrawal and automatic pause are the top unimplemented mitigations across the bridge category.
Why it matters: A composable, chain-agnostic circuit breaker would cap any bridge exploit from total loss to partial loss, changing the risk calculus for the whole interoperability stack.
Read the full breakdownHow do I audit which agent acted under my identity across a delegation chain?
When an orchestrating AI agent delegates a subtask to a sub-agent, which then calls a third-party API under the original user's OAuth token, the identity chain spans multiple providers and authentication methods with no single audit trail capturing the complete path. MCP added OAuth 2.1 support but the specification has no mechanism for chaining delegated authority across hops or for revoking a mid-chain agent's permission without revoking the entire session. A2A provides agent discovery and request signing but explicitly defers all authorization decisions to other protocols that do not exist yet. Research published in April 2026 identifies recursive delegation accountability as one of five unresolved critical gaps in current agent identity standards. A user who authorizes one agent today has no practical way to inspect, limit, or revoke what downstream agents did on their behalf.
Why it matters: Multi-agent systems are already in production, and the missing primitive is a verifiable, revocable delegation receipt that follows the chain without requiring every hop to share a trust domain.
Read the full breakdownWhy can a poisoned document silently exfiltrate everything my assistant knows about me?
In June 2025, Aim Security disclosed EchoLeak, the first documented zero-click prompt injection that caused real data exfiltration from a production AI system. A single malicious email caused Microsoft Copilot to silently transmit sensitive data with no user interaction. The structural problem is that AI assistants with persistent memory and tool-calling access combine two dangerous properties. They hold accumulated personal context and they can be made to act on instructions embedded in untrusted content. Every new document, email, or webpage the assistant reads is a potential instruction surface. There is no isolation boundary between the memory the user trusts the assistant to hold and the instructions it follows from external content, and current sandboxing proposals address tool calls but not memory read access.
Why it matters: Personal AI memory turns every malicious document into a targeted dossier-theft attack, a new attack class with no mature defense.
Read the full breakdownWhy can I not trust a model's confidence score when it matters most?
Modern language models routinely output high-confidence tokens on wrong answers and low-confidence tokens on correct ones. The gap between stated probability and actual accuracy, called calibration error, has been documented across frontier models in a 2025 survey covering entropy, logit, and perturbation based methods. Production agents that use these scores to decide when to defer or abstain inherit the miscalibration directly, so they either hallucinate forward with false certainty or refuse correct answers unnecessarily. No off-the-shelf primitive gives a calibrated, actionable uncertainty signal cheap enough to run at inference time on every output token in a streaming response.
Why it matters: Calibration is the trust primitive under every agentic decision, and without it every downstream safety threshold rests on sand.
Read the full breakdownWhy can I not get a receipt proving my data was actually deleted?
GDPR Article 17 requires companies to erase personal data, and the EDPB's 2025 coordinated enforcement report named the absence of documented internal deletion procedures as the most common compliance failure across EU jurisdictions. When a user submits a deletion request, the company responds with a confirmation email that proves nothing. There is no cryptographic evidence that records were removed from primary databases, backups, or third-party processors. Academic work on verifiable deletion exists, including SGX-backed proofs and quantum certified deletion schemes published in 2024 and 2025, but none of it has been packaged into a practical, deployable primitive that web services can integrate. The gap is not legal willingness but a missing technical tool that bridges the regulation to an auditable outcome.
Why it matters: A deletion receipt that a user can independently verify is the one artifact that turns a legal obligation into a trust relationship, and nothing in widespread deployment provides it today.
Read the full breakdownHow do I catch a hallucination mid-stream before my agent acts on it?
Hallucination detection today happens after the fact. The model outputs a full response, a separate judge model scores it, and a human or downstream check decides what to do. In agentic pipelines with tool calls, web searches, or code execution, the agent may have already acted on a fabricated entity or misattributed fact by the time any check runs. A January 2026 paper on streaming hallucination detection in long chain-of-thought reasoning shows that detecting fabrication mid-generation is feasible using internal representations, but the technique is research grade and requires access to hidden states not available through any public API. The gap is a streaming, API-compatible hallucination sensor that can flag a generation before the agent takes an irreversible action.
Why it matters: In agentic settings, detecting a hallucination after the tool call is too late, and the cost is not a bad answer but a bad action.
Read the full breakdownWhy can I not know if what is running matches what my SBOM declared?
SBOMs are generated at build time and describe what a build claimed to contain. By the time software is deployed and running, dependencies may have drifted, statically linked libraries leave no runtime trace, and there is no standard primitive to verify that a live process matches its declared bill of materials. IBM's 2025 analysis of over 35,000 SBOMs found 7,907 failed to disclose direct dependencies, and ENISA's December 2025 implementation guide calls runtime drift one of the core open gaps. The gap between a signed SBOM and a running container is currently bridged by trust alone.
Why it matters: Regulations in the EU and US now mandate SBOMs, but without runtime attestation they are an audit artifact, not a security control.
Read the full breakdownHow do I verify that an AI agent holding my funds is actually solvent?
Autonomous AI agents are increasingly granted signing authority over crypto wallets to pay for compute, APIs, and on-chain services, but there is no standard way to audit what an agent holds, owes, or has already spent without reading raw chain state across multiple networks. When an agent operates across several chains and several asset types simultaneously, its net position cannot be queried atomically, which means a counterparty accepting payment from an agent has no reliable way to confirm the agent is not already insolvent or double-committed. The financial primitives for human corporate entities, balance sheets, audited reserves, and callable credit lines, have no on-chain equivalents that agent runtimes can expose and that third parties can verify without trusting the agent's own reports. As agent-to-agent commerce grows, the absence of a machine-readable solvency interface creates settlement risk that mirrors the opacity of pre-2008 off-balance-sheet vehicles.
Why it matters: Agent financial accountability is the missing trust primitive that separates speculative agentic commerce from one that can carry real economic value.
Read the full breakdownHow do I tell whether a reasoning model's scratchpad actually drove its answer?
Frontier models that emit visible chain-of-thought traces often arrive at an answer before or independently of those steps, then generate plausible-looking reasoning as post-hoc rationalization. Existing faithfulness metrics disagree with each other depending on how the classifier is constructed, which means there is no accepted ground truth for what a faithful trace even looks like. No production tooling flags unfaithful reasoning at inference time or attaches any confidence to whether the trace caused the output. Regulated industries and safety reviews that treat visible reasoning as an explanation of model behavior are relying on something that may be a narrative constructed after the fact.
Why it matters: If a reasoning trace is post-hoc rationalization, every audit, accountability claim, or compliance check built on top of it is invalid.
Read the full breakdownWhy can I not know what my AI workflow will cost before it goes live?
Enterprise AI inference spend jumped 3.2x in 2025 even as per-token prices fell roughly 1,000x, driven by agentic loops, context window inflation, and always-on monitoring agents. A misbehaving agent at $0.06 per call retrying 1,000 times per minute generates $86,400 of spend in a single day. Existing cloud FinOps tools do not apply because inference cost is a function of semantic input length, tool call amplification, and loop depth, none of which are known at planning time. There are no standard tools for pre-production cost estimation of LLM workflows, and CFOs cannot model AI inference as a predictable budget line.
Why it matters: Without a cost model you can trust before shipping, every AI product is a budget lottery rather than a business.
Read the full breakdownWhy can I not see or delete exactly what my assistant remembers about me?
Every major AI assistant with persistent memory stores facts about users across sessions, but the user-facing interface is a thin list of summaries, not an auditable log. There is no standard way to inspect which specific claim was inferred, when it was written, what triggered it, or whether it has been shared with retrieval pipelines. When a user asks the assistant to forget something, the delete operation is opaque. The underlying vector store may retain embeddings, the conversation log may be subpoenaed, and there is no cryptographic proof that deletion was complete. The IAPP and the EU AI Act both call for auditable memory with callable deletion evidence, but no product ships that today.
Why it matters: Without a verifiable audit trail, user-controlled memory is theater, because users cannot exercise rights they cannot observe.
Read the full breakdownHow do I get cryptographic proof that the remote model I called ran as specified?
Cloud AI APIs return outputs with no verifiable evidence of which model version ran, at what quantization, or with what system prompt was prepended upstream. GPU confidential computing on NVIDIA Hopper hardware can attest hardware state, but the attestation evidence never reaches the API caller and the trust chain terminates inside vendor-controlled certificate infrastructure. A June 2026 paper proposes TEE-based verifiable safety benchmarks but no production API exposes a per-call inference receipt to the caller. Any adversarial or regulated context where model identity matters must trust the provider's word.
Why it matters: Without a verifiable inference receipt, every safety, compliance, and alignment claim made about a remote model invocation rests on provider trust alone, which is not sufficient for regulated deployments or autonomous agent stacks.
Read the full breakdownWhy can text generated by an open-source model not be reliably traced back to it?
Closed-model providers can embed statistical watermarks in generated text at inference time, allowing content to be attributed to a specific model after the fact. Open-source models give users full access to the decoding procedure, so any generation-time watermark can be removed by modifying a few lines of sampling code. Post-hoc watermarking of already-generated text breaks under paraphrase attacks. Embedding markers in model weights survives some attacks but not fine-tuning, which anyone running local weights can apply in an afternoon. As of late 2025, no scheme provides practical, removal-resistant provenance marking for output from open-weights models, and the research community acknowledges the problem remains open.
Why it matters: Without watermarking for open models, AI-generated text provenance is only traceable when the generator chooses to cooperate.
Read the full breakdownWhy does every C2PA provenance chain break the moment content hits social media?
C2PA cryptographic manifests are embedded in the file itself and survive storage and direct sharing, but every major social platform, including Instagram, X, LinkedIn, and TikTok, strips those manifests during upload transcoding and re-encoding as of 2026. The result is that a piece of content can be signed by a camera, a newsroom, and a regulatory-compliant AI generator, yet arrive in a feed with zero provenance information attached. The EU AI Act Article 50 and California SB 942 require machine-readable disclosure on AI-generated content, but metadata-only compliance dissolves at the exact distribution point where most people actually see content. No mechanism exists today to either force platforms to preserve manifests or to reconstruct provenance after stripping without a trusted third-party ledger that did not exist at capture time.
Why it matters: C2PA is becoming a regulatory baseline while the primary distribution layer actively destroys its signal, making the standard practically unenforceable where it matters most.
Read the full breakdownWhy do tokenized real-world assets raise capital but never actually trade?
Over 25 billion dollars in tokenized real-world assets sat on-chain as of mid-2026, yet a June 2026 paper covering nine major RWA products found that most show negligible turnover, passive holder bases, and near-zero secondary market activity. Tokenization creates a token that legally represents an asset but does not create a buyer, a market maker, or a clearing convention that traditional exchanges provide. Regulatory fragmentation confines potential buyers to the handful of jurisdictions with clarity, so the addressable liquidity pool for any one token is a tiny fraction of the global investor base. The result is that issuers use blockchain as a fundraising rail and then stop, because the secondary market infrastructure, the custodian connections, and the AMM design for illiquid assets simply do not exist yet.
Why it matters: A credible secondary market primitive for tokenized assets is the missing layer that turns on-chain capital formation into a genuine liquidity improvement.
Read the full breakdownHow do I know the open-weight base model I am fine-tuning has not been poisoned?
Backdoors planted in pre-trained model weights persist through full-parameter fine-tuning, adapter training, and RLHF updates because the trigger patterns survive objective-shifting and partial-freezing strategies. These triggers are invisible to standard behavioral safety tests and benchmark evaluation. Detecting them requires white-box weight analysis that the average fine-tuning practitioner never runs, and major model hubs apply no mandatory scanning before a checkpoint is made publicly downloadable. An organization building a production system on a compromised base model has no signal anything is wrong until the trigger fires in deployment.
Why it matters: The open-weight fine-tuning supply chain has no security gate, and the failure mode is a backdoor that survives every standard check.
Read the full breakdownHow does anyone verify that an agent payment matched what the human actually meant?
When an AI agent executes an on-chain or stablecoin payment, the payee, auditor, and regulator receive no machine-verifiable evidence that the human principal authorized this specific transaction with this specific intent. Existing agent frameworks produce logs, not proofs. The IMF flagged in April 2026 that agentic AI reshaping payments creates a structural accountability gap: if an agent sends value to the wrong address or outside its mandate, there is no way at settlement time to distinguish authorized action from agent overreach. Cryptographically signed user mandates exist as a concept in research but no deployed payment standard requires or verifies them at the moment of settlement.
Why it matters: Programmatic money without verifiable human intent at settlement is unsigned checks at scale, and no auditor or regulator can accept that indefinitely.
Read the full breakdownWho do I call when my stablecoins are burned and no court ordered it?
The GENIUS Act, signed July 2025, requires stablecoin issuers to freeze, seize, or burn tokens on lawful orders, but what counts as a lawful order is unspecified, the freeze-to-burn pipeline has no mandatory appeal window, and the affected address receives no advance notice. Tether had blacklisted nearly 10,000 addresses holding over $5 billion by early 2026, mostly without judicial warrants. Issuers treat enforcement as a one-way action with no contestation path. The engineering infrastructure for transparent, time-bounded, and reversible on-chain enforcement does not exist anywhere in the ecosystem today.
Why it matters: Trust in programmable money at scale requires a freeze mechanism that is auditable, time-limited, and contestable by the affected party.
Read the full breakdownWhy does critical open source software still depend on one exhausted maintainer?
In November 2025, Kubernetes retired Ingress NGINX, one of its most widely deployed components, not because it was superseded but because the volunteer maintainer team could no longer sustain it. Separately, External Secrets Operator, used in critical enterprise pipelines globally, froze all updates when four of its five maintainers burned out simultaneously. Industry surveys now show 60 percent of open source maintainers work unpaid and 44 percent cite burnout as the reason they left or considered leaving. Funding programs like Open Source Pledge and GitHub Sponsors exist but address money, not the actual bottleneck, which is the review queue. There is no lightweight, automated system that durably transfers working context, test coverage expectations, and threat-model knowledge from an exiting maintainer to a successor, so each departure resets a project close to zero.
Why it matters: The world's software infrastructure runs on components whose continuity depends on individual goodwill, and the tooling to make maintainer succession safe and fast does not exist.
Read the full breakdownWhy do model leaderboard scores collapse when the test set has never been seen in training?
Static benchmarks like MMLU carry contamination rates as high as 45%, and paraphrased or translated versions of test items survive exact-match decontamination while still inflating published scores. A model can top a leaderboard on a contaminated task and fail the same task when it is cleanly rephrased. Dynamic benchmarks that refresh tasks periodically exist but lack standardized design criteria, so results cannot be compared across them or verified as representative of the skill they claim to measure. Every capability and safety claim published on a leaderboard rests on numbers that no independent party can validate as clean.
Why it matters: Trustworthy evaluation is the prerequisite for every downstream safety and deployment decision, and the numbers on which those decisions rest are not currently trustworthy.
Read the full breakdownWhy can my stablecoin cross an ocean but not reach a local bank account?
Stablecoins can settle cross-border value transfers in seconds, but converting institutional USDC flows into BRL, NGN, MXN, or PHP for payroll, tax payments, or supplier invoices at scale remains fragmented and often unavailable. Most off-ramp providers lack the banking relationships, compliance infrastructure, or API reliability to handle consistent flows above six figures per day in emerging-market corridors. Businesses must stitch together multiple providers with inconsistent KYC standards and settlement windows. The stablecoin rail is fast; the last meter to a local bank account is not.
Why it matters: A reliable, programmable fiat exit layer is what turns stablecoins from a trading instrument into actual business infrastructure.
Read the full breakdownWhy does checking whether my credential is revoked tell the issuer every place I use it?
Every deployed verifiable credential system needs a revocation mechanism. The dominant scheme, W3C Bitstring Status List, requires verifiers to fetch a status endpoint controlled by the issuer at presentation time, so the issuer learns exactly when and where each credential is used. The URL combined with the credential's fixed position in the bitstring is enough to re-identify the holder across verifiers, reversing the privacy that self-sovereign identity was designed to provide. CRSet, a zero-knowledge accumulator approach published in January 2025, solves the theoretical problem but no issuer at any meaningful scale has shipped a revocation scheme that does not leak presentation metadata back to itself.
Why it matters: Revocation that doubles as surveillance defeats the core privacy promise of holder-controlled identity.
Read the full breakdownWhy is there no safe, trustless way to rotate MPC key shares live?
Institutional MPC wallets distribute signing shares across multiple parties so no single server holds a full key, which is a meaningful improvement over single-key custody. However, when a share is suspected compromised, rotating shares without reconstructing the full key in any single location requires a proactive secret sharing refresh protocol that most deployed systems do not support in production. The rotation ceremony typically requires a synchronous online phase across all share-holders, and if one party is unavailable or actively hostile, the ceremony blocks or fails. No open, audited, asynchronous proactive refresh standard exists that bridge teams can adopt without building the cryptography themselves, leaving many custodians running on stale shares they cannot safely rotate.
Why it matters: An asynchronous proactive refresh primitive would let any MPC setup rotate compromised shares under adversarial conditions without ever materializing the full key.
Read the full breakdownHow do I prove a model was trained on consented data without revealing the dataset?
Decentralized AI networks let anyone contribute compute or data to train a shared model, but there is no mechanism by which a downstream user or regulator can verify that the training corpus excluded poisoned, stolen, or unconsented data without the network revealing what it trained on. Data provenance today is either a signed manifest that contributors self-attest or a centralized audit that defeats the purpose of decentralization. A February 2025 paper on activation inversion attacks showed that training data can be partially reconstructed from gradient signals exchanged during federated training, which means any provenance scheme that requires sharing gradients also leaks data. The 2025 OWASP LLM top-ten explicitly lists supply-chain data poisoning as a category with no standardized mitigation for open, decentralized training runs.
Why it matters: Without verifiable data provenance, every model trained on a public decentralized network is a liability for any downstream application facing regulatory or copyright scrutiny.
Read the full breakdownWhy is there no recovery path when a breach leaks my biometrics?
When a password database leaks, every affected user resets their password and the breach is contained. There is no equivalent reset for biometrics. A leaked fingerprint template or face encoding can be replayed against any future system that accepts that modality, for life. Cancelable biometrics and template protection exist as academic research and a handful of niche enterprise products, but no identity system operating at consumer scale has deployed them. The NYC Health + Hospitals incident in early 2026 left 1.8 million people with permanently compromised fingerprint and palm records and no operational recovery path.
Why it matters: Identity systems built on irrevocable secrets are a single incident away from permanent compromise for every enrolled user.
Read the full breakdownWhy does moving my data across platforms still require trusting the exporter?
The EU Digital Markets Act now mandates data portability for designated gatekeepers, and a May 2026 European Commission factsheet highlighted Apple and Google's cross-OS transfer work as a DMA milestone. Yet the technical reality is that every export format today is a vendor-defined archive, a ZIP of JSON files whose completeness, accuracy, and freshness cannot be independently checked by the receiving party or the user. Interoperability obligations address format and API access but say nothing about attestation. A user migrating from one platform to another cannot know whether the export is complete, whether it reflects state as of the request timestamp, or whether the receiving platform ingested all of it correctly. The portable data transfer protocol work from Google, Apple, and Meta covers transport, not provenance.
Why it matters: Data portability without verifiable completeness is just a different kind of lock-in, because the user still has no way to know what was left behind.
Read the full breakdownWhy does proving my age online require handing my browsing history to a stranger?
Laws in the US, UK, and EU now require websites to verify visitor age, and every production deployment routes that check through a centralized age-verification provider. That provider sees which users visited which sites and accumulates a detailed browsing record tied to real identity. Zero-knowledge proof alternatives exist in research and the EU is embedding one in its EUDI wallet, but the wallet spec will not be finalized before December 2026, covers only EU residents, and no comparable infrastructure exists elsewhere. The practical choice today is between lying about your age and surrendering your browsing history to a company you did not choose.
Why it matters: Privacy-preserving age verification is the missing primitive for an internet that is rapidly becoming age-gated by law.
Read the full breakdownWhy does moving assets across chains still take minutes and carry unknown risk?
Six years after the first cross-chain bridges launched, users still face unpredictable costs, complex failure modes, and security trade-offs that no protocol resolves simultaneously. In June 2025 Force Bridge on the Nervos Network was exploited for over three million dollars, continuing a pattern of bridge hacks that have collectively drained billions since 2021. Most bridges rely on small validator sets or multisigs that represent a single point of failure, and pool imbalances create slippage for large transfers with no recourse. Cross-chain protocols now represent 57 percent of total interoperability revenue in 2025, but that concentration reflects lock-in, not solved usability, and the triangle of security, speed, and decentralization remains unresolved for any bridge serving real user volumes.
Why it matters: Interoperability is load-bearing infrastructure for a multi-chain world, and each new bridge exploit resets user trust.
Read the full breakdownSpotted a problem?
If something in tech, crypto, or AI quietly drives you up the wall, send it over. The best ones get added to this board, and a few might turn into something I build.