Worth Solving
值得构建的问题。
一个好问题一旦被看见,就难以忽视。它会一直萦绕心头,直到有人构建出解决方案。这是我持续整理的清单,记录着我反复思考的技术、区块链和AI领域的开放性问题:我认为真正值得解决的那些,以及我自己想要构建的几个。
Each carries an Opportunity Score, my own read on how much it hurts, how often, and how little exists to solve it. Map them, or read them one by one.
AI 智能体的银行账户究竟长什么样?
智能体如今已能自主行动,但把钱交给它仍然令人不安。目前没有标准方法为智能体设定消费限额、清晰的审计追踪,以及人类和监管机构都信任的终止开关。我们只是把智能体强行接入那些为人类设计的银行卡和钱包。
为何重要: 自主软件即将开始真实资金的流转,而与之配套的问责机制尚未建立。
阅读完整分析为什么我无法在不透露余额的情况下证明自己具备偿付能力?
公链让每一笔余额永久可见。基金和交易所被要求证明储备金,通常的回答要么是一张需要你信任的截图,要么是泄露所有信息的全面披露。目前没有低成本的方法,能在不暴露其余信息的情况下证明关于资金的某一个事实。
为何重要: 选择性证明是缺失的基础原语,它能让受监管的资金在透明账本上自如运转。
阅读完整分析为什么每次关闭标签页,AI 应用就把我忘得一干二净?
你的上下文、偏好和历史记录都被锁在你最后使用的那个助手里。切换模型或应用,一切从零开始。记忆归平台所有,而非归你所有——如果目标是打造一个能随时间不断为你积累价值的工具,这恰恰是本末倒置。
为何重要: 可携带的、用户自主掌控的记忆,才能将聊天机器人变成个人竞争优势。
阅读完整分析为什么进入一个新领域,仍然要先知道该问什么问题?
学习新事物的难点从来不是获取信息,而是不知道该问什么问题。个人模型可以梳理你真正想做的事,找出你知识体系中的空白,并规划出学习路径。大多数工具仍然坐等你自己想清楚该问什么。
为何重要: 这是 AI 对个人成长所许下的承诺落地为现实,而几乎没有人把它真正做好。
阅读完整分析为什么非专业人士无法核实 AI 刚才告诉他们的内容?
无论模型是在陈述事实还是在编造内容,都以同样自信的语气作答。对于任何重要事项,无论是医疗、法律还是财务,普通人在没有专业知识的情况下,根本没有简单可信的方法将某个说法与真实来源进行核对。
为何重要: 让 AI 真正值得信赖的,是可靠的核实机制,而不是更大的模型。
阅读完整分析为什么跨链转账至今仍比早期互联网更令人心惊?
跨链桥依然是加密领域最容易遭受攻击的环节,而承担风险的却是用户。我们至今仍没有一种默认安全的跨链价值转移方式,就像 TCP/IP 让数据包传输变得平淡无奇又可靠稳定那样。
为何重要: 在跨链转账变得平淡无奇之前,主流资金不会对它产生信任。
阅读完整分析为什么合规至今仍意味着一份 PDF 加一句祷告?
关于谁可以在何处持有何种资产的规则,存在于文件和人工核查清单中,资产本身并不携带任何这些信息。代币化资产和稳定币一再以惨痛的方式重蹈这一覆辙。合规信息应当随资产一同流转,并可实时核验,而不是在出现问题后再重新拼凑。
为何重要: 机器可读的合规机制,才是推动受监管资产上链的真正关键。
阅读完整分析为什么我们用基准测试来评估模型,却凭感觉把它们部署上线?
团队从排行榜上挑选模型,然后在生产环境中运行,几乎没有任何持续、低成本、针对特定任务的评估。当质量出现偏差时,没有人会察觉,直到用户投诉才发现。对大多数开发者而言,真正用于衡量 AI 功能是否仍然有效的工具根本不存在。
为何重要: 无法衡量的东西就无法有效运营,而当下大多数 AI 功能都缺乏有效的度量。
阅读完整分析由智能体驱动的链上组织,能否避免沦为骗局机器?
智能体擅长执行规则,却不善于判断。一个由智能体运营的组织,可以做到透明高效、不知疲倦,也可以成为一台完美自动化的掏空资金库的机器。目前还没有人展示出能让前一种结果成为大概率事件的护栏机制。
为何重要: 如果智能体驱动的组织即将到来,安全模式必须在资本入场之前就已存在。
阅读完整分析为什么我们最依赖的软件往往是最难用的?
税务门户、医院系统、政府表格。覆盖面最广、关乎最重大利益的软件,往往是最令人痛苦的。驱动优质消费类应用产生的激励机制,几乎触及不到公共利益类软件。
为何重要: 提升基础软件的下限,能帮助到的人远比再推出一款消费类应用更多。
阅读完整分析如果没有平台背书,如何证明一张照片或一段声音是真实的?
合成媒体现在已经足以欺骗任何人,而目前唯一的应对方案只是信任向你展示内容的平台。来源信息应当随文件一同存在,并可供任何人核验,就像签名证明签署者身份一样。密码学技术已经存在,缺少的是大规模采用。
为何重要: 我们对网络所见所闻的信任,取决于能否在虚假内容占上风之前解决这个问题。
阅读完整分析为什么自托管至今仍是在丢失密钥和信任公司之间二选一?
自己保管密钥,一次失误便满盘皆输、无法挽回。使用托管机构,又回到了把钱交给公司信任的老路。社交恢复和账户抽象技术虽然存在,但几乎没有人做出过一款普通人无需助记词、无需客服就能用的钱包。
为何重要: 真正适合普通人使用的自托管,是通往加密世界其他一切的门槛。
阅读完整分析为什么AI智能体对自己犯过的错误毫无记忆?
智能体周二会重蹈周一的覆辙,因为没有任何机制将教训传递下去。我们有记忆事实的能力,却几乎没有记忆失败的能力。一个无法从错误中汲取教训的智能体,不过是个患了失忆症的实习生。
为何重要: 智能体只有能随时间稳定地持续进步,才会被委以真正的工作。
阅读完整分析为什么链上身份要么什么都不是,要么就是你的全部?
在公链上,你要么是一个毫无信誉的随机地址,要么是一个暴露了你所有行为记录的钱包。两者之间没有中间地带:一种既能证明你是真实、独一无二的个体,或你有权做某件事,又无需交出全部历史记录的方式。
为何重要: 实用且保护隐私的身份系统,是匿名与被监控之间缺失的那一层。
阅读完整分析为什么将实物资产代币化仍然需要十个中间人?
把一栋建筑或一张债券放上链,你仍然需要托管人、过户代理、律师和登记机构,才能让代币真正有意义。链上部分很容易。链下的信任和法律执行力才是那个艰难而毫无光彩的部分,至今没有人将它变成一件稀松平常的事。
为何重要: 现实资产上链,只有在与现实世界的关联能在法庭上站得住脚时才有意义。
阅读完整分析为什么我无法审查一个模型究竟是用什么训练出来的?
模型吸收了整个互联网的内容,然后给出答案,却无法追溯某个论断或行为的来源。对于任何受监管的领域,或任何涉及版权或偏见的争议,训练集都是一个黑盒。没有切实可行的方法去问一个模型它从哪里学到了什么,并得到一个诚实的答案。
为何重要: 一个输入不透明的系统,你既无法治理,也无法完全信任。
阅读完整分析为什么稳定币无法在没有网络的情况下完成支付?
数字货币本应惠及那些银行从未覆盖到的人群,却在网络断开的那一刻就失灵了。离线和断续支付、待信号恢复后再结算,这才是现金的运作方式,也是世界上许多地区仍在使用的方式。加密货币很少为此进行设计。
为何重要: 只有在网络畅通时才能运作的支付,对地球上大多数人来说算不上真正的支付。
阅读完整分析为什么我生成的数据,我却至今毫无所有权?
每一款你使用的应用都会保留你产生的数据,而你无法将其带到任何有用的地方。所谓可移植性,不过是一个下载按钮,给你一个毫无用处的文件夹。跨服务拥有并复用自己的数据,至今仍只是一句口号,而非真正的功能。
为何重要: 无法转移的数据,就是你并不真正拥有的数据。
阅读完整分析为什么跨链桥漏洞能在任何警报触发之前将资金洗劫一空?
跨链桥持有大量储备资金,并跨越信任边界处理消息,然而大多数缺乏任何标准化的链上限速机制。EIP-7265 于 2023 年提出了一种断路器接口,Aave 的治理论坛也提交了相关资助提案,但截至 2025 年中,尚无主要跨链桥推出生产就绪的可互操作版本。当攻击者发现验证者集或消息验证漏洞时,由于没有任何机制限制资金流出速度,整个流动性池会在数分钟内被耗尽。2025 年发布的 SoK 论文证实,延迟提款和自动暂停是跨链桥类别中最未被实施的两项缓解措施。
为何重要: 一个可组合、与链无关的断路器能够将任何跨链桥漏洞的损失从全部损失限制为部分损失,从而改变整个互操作性堆栈的风险计算。
阅读完整分析我如何审计在委托链中哪个代理以我的身份执行了操作?
当一个编排 AI 代理将子任务委托给子代理,而该子代理又使用原始用户的 OAuth 令牌调用第三方 API 时,身份链跨越多个提供商和认证方式,却没有任何单一的审计追踪能够记录完整路径。MCP 新增了 OAuth 2.1 支持,但规范中没有跨跳点链式委托授权的机制,也无法在不撤销整个会话的情况下撤销链中某个代理的权限。A2A 提供代理发现和请求签名,但明确将所有授权决策推迟给尚不存在的其他协议。2026 年 4 月发布的研究将递归委托问责列为当前代理身份标准中五个未解决的关键缺口之一。今天授权了一个代理的用户,没有任何实际方法来检查、限制或撤销下游代理以其名义执行的操作。
为何重要: 多代理系统已在生产环境中运行,而缺失的原语是一种可验证、可撤销的委托凭证,它能够沿链传递,而无需每个跳点共享同一信任域。
阅读完整分析为什么一份被污染的文档能悄无声息地窃取我的助手所了解的关于我的一切?
2025 年 6 月,Aim Security 披露了 EchoLeak,这是首例有据可查的零点击提示注入攻击,导致生产 AI 系统中发生真实数据泄露。一封恶意电子邮件导致 Microsoft Copilot 在无需用户交互的情况下静默传输敏感数据。结构性问题在于,具有持久记忆和工具调用权限的 AI 助手结合了两种危险属性:它们持有积累的个人上下文,同时可被诱使执行嵌入在不受信任内容中的指令。助手读取的每一份新文档、电子邮件或网页都是潜在的指令面。用户信任助手保存的记忆与助手从外部内容遵循的指令之间没有隔离边界,而现有的沙箱提案只针对工具调用,并不涉及记忆读取访问。
为何重要: 个人 AI 记忆使每份恶意文档都成为定向档案窃取攻击,这是一种尚无成熟防御手段的新型攻击类别。
阅读完整分析为什么在最关键的时刻,我无法信任模型的置信度分数?
现代语言模型经常在错误答案上输出高置信度词元,在正确答案上输出低置信度词元。这种声称概率与实际准确率之间的差距被称为校准误差,已在 2025 年一项涵盖熵、logit 和扰动方法的调查中针对前沿模型进行了记录。使用这些分数来决定何时推迟或弃权的生产代理直接继承了错误校准,因此它们要么以虚假的确定性产生幻觉,要么不必要地拒绝正确答案。目前没有任何开箱即用的原语能够提供校准后的、可操作的不确定性信号,且廉价到可以在推理时对流式响应中的每个输出词元运行。
为何重要: 校准是每一个代理决策背后的信任原语,没有它,所有下游安全阈值都建立在沙上。
阅读完整分析为什么我无法获得证明我的数据已被实际删除的凭证?
GDPR 第 17 条要求企业删除个人数据,而 EDPB 2025 年协调执法报告将缺乏有据可查的内部删除程序列为整个欧盟司法管辖区最常见的合规失败原因。当用户提交删除请求时,企业以一封什么都证明不了的确认邮件作为回应。没有任何加密证据证明记录已从主数据库、备份或第三方处理器中删除。可验证删除的学术研究确实存在,包括 2024 年和 2025 年发布的基于 SGX 的证明和量子认证删除方案,但没有任何研究被打包成网络服务可以集成的实用、可部署的原语。这一差距不在于法律意愿,而在于缺少一种能将法规与可审计结果连接起来的技术工具。
为何重要: 用户可独立验证的删除凭证是将法律义务转化为信任关系的唯一产物,而目前没有任何广泛部署的系统能够提供它。
阅读完整分析我如何在代理基于幻觉内容采取行动之前,在流式传输过程中实时捕获幻觉?
幻觉检测如今发生在事后。模型输出完整响应,由一个独立的评判模型打分,再由人工或下游检查决定如何处理。在包含工具调用、网络搜索或代码执行的智能体流水线中,等到任何检查运行时,智能体可能早已基于一个虚构的实体或错误归因的事实采取了行动。2026年1月发表的一篇关于长链式思维推理中流式幻觉检测的论文表明,利用内部表示在生成过程中实时检测捏造内容是可行的,但该技术仍处于研究阶段,且需要访问任何公开API均无法获取的隐藏状态。当前的空白在于:一个兼容流式传输、与API兼容的幻觉传感器,能够在智能体采取不可逆行动之前对生成内容发出警告。
为何重要: In agentic settings, detecting a hallucination after the tool call is too late, and the cost is not a bad answer but a bad action.
阅读完整分析Why can I not know if what is running matches what my SBOM declared?
SBOMs are generated at build time and describe what a build claimed to contain. By the time software is deployed and running, dependencies may have drifted, statically linked libraries leave no runtime trace, and there is no standard primitive to verify that a live process matches its declared bill of materials. IBM's 2025 analysis of over 35,000 SBOMs found 7,907 failed to disclose direct dependencies, and ENISA's December 2025 implementation guide calls runtime drift one of the core open gaps. The gap between a signed SBOM and a running container is currently bridged by trust alone.
为何重要: Regulations in the EU and US now mandate SBOMs, but without runtime attestation they are an audit artifact, not a security control.
阅读完整分析How do I verify that an AI agent holding my funds is actually solvent?
Autonomous AI agents are increasingly granted signing authority over crypto wallets to pay for compute, APIs, and on-chain services, but there is no standard way to audit what an agent holds, owes, or has already spent without reading raw chain state across multiple networks. When an agent operates across several chains and several asset types simultaneously, its net position cannot be queried atomically, which means a counterparty accepting payment from an agent has no reliable way to confirm the agent is not already insolvent or double-committed. The financial primitives for human corporate entities, balance sheets, audited reserves, and callable credit lines, have no on-chain equivalents that agent runtimes can expose and that third parties can verify without trusting the agent's own reports. As agent-to-agent commerce grows, the absence of a machine-readable solvency interface creates settlement risk that mirrors the opacity of pre-2008 off-balance-sheet vehicles.
为何重要: Agent financial accountability is the missing trust primitive that separates speculative agentic commerce from one that can carry real economic value.
阅读完整分析How do I tell whether a reasoning model's scratchpad actually drove its answer?
Frontier models that emit visible chain-of-thought traces often arrive at an answer before or independently of those steps, then generate plausible-looking reasoning as post-hoc rationalization. Existing faithfulness metrics disagree with each other depending on how the classifier is constructed, which means there is no accepted ground truth for what a faithful trace even looks like. No production tooling flags unfaithful reasoning at inference time or attaches any confidence to whether the trace caused the output. Regulated industries and safety reviews that treat visible reasoning as an explanation of model behavior are relying on something that may be a narrative constructed after the fact.
为何重要: If a reasoning trace is post-hoc rationalization, every audit, accountability claim, or compliance check built on top of it is invalid.
阅读完整分析Why can I not know what my AI workflow will cost before it goes live?
Enterprise AI inference spend jumped 3.2x in 2025 even as per-token prices fell roughly 1,000x, driven by agentic loops, context window inflation, and always-on monitoring agents. A misbehaving agent at $0.06 per call retrying 1,000 times per minute generates $86,400 of spend in a single day. Existing cloud FinOps tools do not apply because inference cost is a function of semantic input length, tool call amplification, and loop depth, none of which are known at planning time. There are no standard tools for pre-production cost estimation of LLM workflows, and CFOs cannot model AI inference as a predictable budget line.
为何重要: Without a cost model you can trust before shipping, every AI product is a budget lottery rather than a business.
阅读完整分析Why can I not see or delete exactly what my assistant remembers about me?
Every major AI assistant with persistent memory stores facts about users across sessions, but the user-facing interface is a thin list of summaries, not an auditable log. There is no standard way to inspect which specific claim was inferred, when it was written, what triggered it, or whether it has been shared with retrieval pipelines. When a user asks the assistant to forget something, the delete operation is opaque. The underlying vector store may retain embeddings, the conversation log may be subpoenaed, and there is no cryptographic proof that deletion was complete. The IAPP and the EU AI Act both call for auditable memory with callable deletion evidence, but no product ships that today.
为何重要: Without a verifiable audit trail, user-controlled memory is theater, because users cannot exercise rights they cannot observe.
阅读完整分析How do I get cryptographic proof that the remote model I called ran as specified?
Cloud AI APIs return outputs with no verifiable evidence of which model version ran, at what quantization, or with what system prompt was prepended upstream. GPU confidential computing on NVIDIA Hopper hardware can attest hardware state, but the attestation evidence never reaches the API caller and the trust chain terminates inside vendor-controlled certificate infrastructure. A June 2026 paper proposes TEE-based verifiable safety benchmarks but no production API exposes a per-call inference receipt to the caller. Any adversarial or regulated context where model identity matters must trust the provider's word.
为何重要: Without a verifiable inference receipt, every safety, compliance, and alignment claim made about a remote model invocation rests on provider trust alone, which is not sufficient for regulated deployments or autonomous agent stacks.
阅读完整分析Why can text generated by an open-source model not be reliably traced back to it?
Closed-model providers can embed statistical watermarks in generated text at inference time, allowing content to be attributed to a specific model after the fact. Open-source models give users full access to the decoding procedure, so any generation-time watermark can be removed by modifying a few lines of sampling code. Post-hoc watermarking of already-generated text breaks under paraphrase attacks. Embedding markers in model weights survives some attacks but not fine-tuning, which anyone running local weights can apply in an afternoon. As of late 2025, no scheme provides practical, removal-resistant provenance marking for output from open-weights models, and the research community acknowledges the problem remains open.
为何重要: Without watermarking for open models, AI-generated text provenance is only traceable when the generator chooses to cooperate.
阅读完整分析Why does every C2PA provenance chain break the moment content hits social media?
C2PA cryptographic manifests are embedded in the file itself and survive storage and direct sharing, but every major social platform, including Instagram, X, LinkedIn, and TikTok, strips those manifests during upload transcoding and re-encoding as of 2026. The result is that a piece of content can be signed by a camera, a newsroom, and a regulatory-compliant AI generator, yet arrive in a feed with zero provenance information attached. The EU AI Act Article 50 and California SB 942 require machine-readable disclosure on AI-generated content, but metadata-only compliance dissolves at the exact distribution point where most people actually see content. No mechanism exists today to either force platforms to preserve manifests or to reconstruct provenance after stripping without a trusted third-party ledger that did not exist at capture time.
为何重要: C2PA is becoming a regulatory baseline while the primary distribution layer actively destroys its signal, making the standard practically unenforceable where it matters most.
阅读完整分析Why do tokenized real-world assets raise capital but never actually trade?
Over 25 billion dollars in tokenized real-world assets sat on-chain as of mid-2026, yet a June 2026 paper covering nine major RWA products found that most show negligible turnover, passive holder bases, and near-zero secondary market activity. Tokenization creates a token that legally represents an asset but does not create a buyer, a market maker, or a clearing convention that traditional exchanges provide. Regulatory fragmentation confines potential buyers to the handful of jurisdictions with clarity, so the addressable liquidity pool for any one token is a tiny fraction of the global investor base. The result is that issuers use blockchain as a fundraising rail and then stop, because the secondary market infrastructure, the custodian connections, and the AMM design for illiquid assets simply do not exist yet.
为何重要: A credible secondary market primitive for tokenized assets is the missing layer that turns on-chain capital formation into a genuine liquidity improvement.
阅读完整分析How do I know the open-weight base model I am fine-tuning has not been poisoned?
Backdoors planted in pre-trained model weights persist through full-parameter fine-tuning, adapter training, and RLHF updates because the trigger patterns survive objective-shifting and partial-freezing strategies. These triggers are invisible to standard behavioral safety tests and benchmark evaluation. Detecting them requires white-box weight analysis that the average fine-tuning practitioner never runs, and major model hubs apply no mandatory scanning before a checkpoint is made publicly downloadable. An organization building a production system on a compromised base model has no signal anything is wrong until the trigger fires in deployment.
为何重要: The open-weight fine-tuning supply chain has no security gate, and the failure mode is a backdoor that survives every standard check.
阅读完整分析How does anyone verify that an agent payment matched what the human actually meant?
When an AI agent executes an on-chain or stablecoin payment, the payee, auditor, and regulator receive no machine-verifiable evidence that the human principal authorized this specific transaction with this specific intent. Existing agent frameworks produce logs, not proofs. The IMF flagged in April 2026 that agentic AI reshaping payments creates a structural accountability gap: if an agent sends value to the wrong address or outside its mandate, there is no way at settlement time to distinguish authorized action from agent overreach. Cryptographically signed user mandates exist as a concept in research but no deployed payment standard requires or verifies them at the moment of settlement.
为何重要: Programmatic money without verifiable human intent at settlement is unsigned checks at scale, and no auditor or regulator can accept that indefinitely.
阅读完整分析Who do I call when my stablecoins are burned and no court ordered it?
The GENIUS Act, signed July 2025, requires stablecoin issuers to freeze, seize, or burn tokens on lawful orders, but what counts as a lawful order is unspecified, the freeze-to-burn pipeline has no mandatory appeal window, and the affected address receives no advance notice. Tether had blacklisted nearly 10,000 addresses holding over $5 billion by early 2026, mostly without judicial warrants. Issuers treat enforcement as a one-way action with no contestation path. The engineering infrastructure for transparent, time-bounded, and reversible on-chain enforcement does not exist anywhere in the ecosystem today.
为何重要: Trust in programmable money at scale requires a freeze mechanism that is auditable, time-limited, and contestable by the affected party.
阅读完整分析Why does critical open source software still depend on one exhausted maintainer?
In November 2025, Kubernetes retired Ingress NGINX, one of its most widely deployed components, not because it was superseded but because the volunteer maintainer team could no longer sustain it. Separately, External Secrets Operator, used in critical enterprise pipelines globally, froze all updates when four of its five maintainers burned out simultaneously. Industry surveys now show 60 percent of open source maintainers work unpaid and 44 percent cite burnout as the reason they left or considered leaving. Funding programs like Open Source Pledge and GitHub Sponsors exist but address money, not the actual bottleneck, which is the review queue. There is no lightweight, automated system that durably transfers working context, test coverage expectations, and threat-model knowledge from an exiting maintainer to a successor, so each departure resets a project close to zero.
为何重要: The world's software infrastructure runs on components whose continuity depends on individual goodwill, and the tooling to make maintainer succession safe and fast does not exist.
阅读完整分析Why do model leaderboard scores collapse when the test set has never been seen in training?
Static benchmarks like MMLU carry contamination rates as high as 45%, and paraphrased or translated versions of test items survive exact-match decontamination while still inflating published scores. A model can top a leaderboard on a contaminated task and fail the same task when it is cleanly rephrased. Dynamic benchmarks that refresh tasks periodically exist but lack standardized design criteria, so results cannot be compared across them or verified as representative of the skill they claim to measure. Every capability and safety claim published on a leaderboard rests on numbers that no independent party can validate as clean.
为何重要: Trustworthy evaluation is the prerequisite for every downstream safety and deployment decision, and the numbers on which those decisions rest are not currently trustworthy.
阅读完整分析Why can my stablecoin cross an ocean but not reach a local bank account?
Stablecoins can settle cross-border value transfers in seconds, but converting institutional USDC flows into BRL, NGN, MXN, or PHP for payroll, tax payments, or supplier invoices at scale remains fragmented and often unavailable. Most off-ramp providers lack the banking relationships, compliance infrastructure, or API reliability to handle consistent flows above six figures per day in emerging-market corridors. Businesses must stitch together multiple providers with inconsistent KYC standards and settlement windows. The stablecoin rail is fast; the last meter to a local bank account is not.
为何重要: A reliable, programmable fiat exit layer is what turns stablecoins from a trading instrument into actual business infrastructure.
阅读完整分析Why does checking whether my credential is revoked tell the issuer every place I use it?
Every deployed verifiable credential system needs a revocation mechanism. The dominant scheme, W3C Bitstring Status List, requires verifiers to fetch a status endpoint controlled by the issuer at presentation time, so the issuer learns exactly when and where each credential is used. The URL combined with the credential's fixed position in the bitstring is enough to re-identify the holder across verifiers, reversing the privacy that self-sovereign identity was designed to provide. CRSet, a zero-knowledge accumulator approach published in January 2025, solves the theoretical problem but no issuer at any meaningful scale has shipped a revocation scheme that does not leak presentation metadata back to itself.
为何重要: Revocation that doubles as surveillance defeats the core privacy promise of holder-controlled identity.
阅读完整分析Why is there no safe, trustless way to rotate MPC key shares live?
Institutional MPC wallets distribute signing shares across multiple parties so no single server holds a full key, which is a meaningful improvement over single-key custody. However, when a share is suspected compromised, rotating shares without reconstructing the full key in any single location requires a proactive secret sharing refresh protocol that most deployed systems do not support in production. The rotation ceremony typically requires a synchronous online phase across all share-holders, and if one party is unavailable or actively hostile, the ceremony blocks or fails. No open, audited, asynchronous proactive refresh standard exists that bridge teams can adopt without building the cryptography themselves, leaving many custodians running on stale shares they cannot safely rotate.
为何重要: An asynchronous proactive refresh primitive would let any MPC setup rotate compromised shares under adversarial conditions without ever materializing the full key.
阅读完整分析How do I prove a model was trained on consented data without revealing the dataset?
Decentralized AI networks let anyone contribute compute or data to train a shared model, but there is no mechanism by which a downstream user or regulator can verify that the training corpus excluded poisoned, stolen, or unconsented data without the network revealing what it trained on. Data provenance today is either a signed manifest that contributors self-attest or a centralized audit that defeats the purpose of decentralization. A February 2025 paper on activation inversion attacks showed that training data can be partially reconstructed from gradient signals exchanged during federated training, which means any provenance scheme that requires sharing gradients also leaks data. The 2025 OWASP LLM top-ten explicitly lists supply-chain data poisoning as a category with no standardized mitigation for open, decentralized training runs.
为何重要: Without verifiable data provenance, every model trained on a public decentralized network is a liability for any downstream application facing regulatory or copyright scrutiny.
阅读完整分析Why is there no recovery path when a breach leaks my biometrics?
When a password database leaks, every affected user resets their password and the breach is contained. There is no equivalent reset for biometrics. A leaked fingerprint template or face encoding can be replayed against any future system that accepts that modality, for life. Cancelable biometrics and template protection exist as academic research and a handful of niche enterprise products, but no identity system operating at consumer scale has deployed them. The NYC Health + Hospitals incident in early 2026 left 1.8 million people with permanently compromised fingerprint and palm records and no operational recovery path.
为何重要: Identity systems built on irrevocable secrets are a single incident away from permanent compromise for every enrolled user.
阅读完整分析Why does moving my data across platforms still require trusting the exporter?
The EU Digital Markets Act now mandates data portability for designated gatekeepers, and a May 2026 European Commission factsheet highlighted Apple and Google's cross-OS transfer work as a DMA milestone. Yet the technical reality is that every export format today is a vendor-defined archive, a ZIP of JSON files whose completeness, accuracy, and freshness cannot be independently checked by the receiving party or the user. Interoperability obligations address format and API access but say nothing about attestation. A user migrating from one platform to another cannot know whether the export is complete, whether it reflects state as of the request timestamp, or whether the receiving platform ingested all of it correctly. The portable data transfer protocol work from Google, Apple, and Meta covers transport, not provenance.
为何重要: Data portability without verifiable completeness is just a different kind of lock-in, because the user still has no way to know what was left behind.
阅读完整分析Why does proving my age online require handing my browsing history to a stranger?
Laws in the US, UK, and EU now require websites to verify visitor age, and every production deployment routes that check through a centralized age-verification provider. That provider sees which users visited which sites and accumulates a detailed browsing record tied to real identity. Zero-knowledge proof alternatives exist in research and the EU is embedding one in its EUDI wallet, but the wallet spec will not be finalized before December 2026, covers only EU residents, and no comparable infrastructure exists elsewhere. The practical choice today is between lying about your age and surrendering your browsing history to a company you did not choose.
为何重要: Privacy-preserving age verification is the missing primitive for an internet that is rapidly becoming age-gated by law.
阅读完整分析Why does moving assets across chains still take minutes and carry unknown risk?
Six years after the first cross-chain bridges launched, users still face unpredictable costs, complex failure modes, and security trade-offs that no protocol resolves simultaneously. In June 2025 Force Bridge on the Nervos Network was exploited for over three million dollars, continuing a pattern of bridge hacks that have collectively drained billions since 2021. Most bridges rely on small validator sets or multisigs that represent a single point of failure, and pool imbalances create slippage for large transfers with no recourse. Cross-chain protocols now represent 57 percent of total interoperability revenue in 2025, but that concentration reflects lock-in, not solved usability, and the triangle of security, speed, and decentralization remains unresolved for any bridge serving real user volumes.
为何重要: Interoperability is load-bearing infrastructure for a multi-chain world, and each new bridge exploit resets user trust.
阅读完整分析发现了一个问题?
If something in tech, crypto, or AI quietly drives you up the wall, send it over. The best ones get added to this board, and a few might turn into something I build.