Source: The Defiant
Compiled by: Yuliya, PANews
Editor's Note: Last week, Anthropic's release of Claude Fable 5 triggered the most intense trust crisis in the cutting-edge AI field: Researchers found that once the model suspects users are developing competing products, it would "sabotage" by secretly lowering response quality. Coupled with the model's 30-day data retention requirement, this led to its ban within Microsoft. This raises a question the crypto space has been asking for years: Should any single company control so much cutting-edge AI?
In response, The Defiant founder and CEO Camila Russo invited CoinFund founder Jake Brukhman, Sentora and The Sequence founder Jesus Rodriguez, and Dragonfly managing partner Haseeb Qureshi for a heated debate on the future direction of decentralized AI.
The Battle of Large Models, the Open-Source Trend, and the 'Ban' Panic
Haseeb: Our current investment thesis is: We will see more and more 'non-cutting-edge' models emerge, and users' spending on model tokens (compute costs) will increasingly flow to these non-cutting-edge areas. Everyone knows that pouring money into the most cutting-edge large models is unsustainable, and the vast majority of people don't need that level of intelligence.
There are many distilled, open-source, or open-weight models on the market that are very affordable; you can completely assign different tasks to them. There's an internet meme about someone using a Mythos or Claude Fable 5 level model just to rename a file—as we become more familiar with these models, this will happen more often. You need to think: why use a sledgehammer to crack a nut?
That said, the term 'decentralized AI' is too broad. If it just means 'everyone is using various models developed by different organizations' (like the OpenRouter model), that's not much different from our current world. But if it means 'using a decentralized network to train or run AI models', that's a different story. We are actually quite pessimistic about the latter; we currently see no solid reasons proving the economic viability and market demand for training or running models in a decentralized environment.
Of course, the release method of Fable this time did provoke a strong backlash. People have a sense of ownership over good products; once they use them, they think 'you can't take it away unless I'm dead'. When the government suddenly steps in and blocks it, people naturally feel deprived. But at the same time, if you remember the initial release of Mythos, it was terrifying—compared to it, all our existing software, operating systems, or browsers looked like Swiss cheese full of holes. No one was shouting 'you should release this to all of humanity' back then.
Some say the US government's actions here are insane. Anthropic claimed they had cleared all concerns from national security agencies before releasing Fable 5, but from what I understand, national security was already involved in the block on Mythos. Mythos was only rolled out to thirty-some partners in Project Glasswing, who were carefully selected by the government, not by Anthropic. So the claim that 'Fable was released without the government's knowledge' clearly doesn't hold water. Rumors say Amazon's CEO Andy Jassy went to the government or the White House, told them the model had jailbreak vulnerabilities, and the government, realizing the danger, immediately blocked Fable 5 across the US.
These governance and security mechanisms are clearly not perfect. While I agree what's happening in the labs (whether Anthropic or OpenAI) is extremely dangerous and needs careful handling, I also believe there is huge economic value in the distribution of open-source and open-weight models; both must develop in parallel.
*Note: Project Glasswing is a cybersecurity initiative launched and jointly advanced by Anthropic and multiple tech companies, starting in April 2026.
Jesus: Setting aside the tech-apocalyptic talk, I did hear from cybersecurity folks that Mythos is indeed scary. After its release, I spoke with some people at Anthropic, and the issues are very real. But I heard well-known CEOs in cybersecurity saying they wish they could have open access to the model, because releasing it directly would give all these security companies enough time to prepare. Trying to restrict it, or delay its release by three months, you can never get enough of a buffer. The counter-argument is: if Mythos were directly released, could it cause catastrophic consequences?
Haseeb: We are in the blockchain space. If North Korea got its hands on this model, do you really think it wouldn't be catastrophic?
Camila: But isn't there an argument that if everyone has it, the risk is lower because everyone can test it?
Haseeb: Not everyone has nuclear weapons.
Jake: The nuclear weapon analogy isn't quite fitting. Taking Mythos, it's a model that can find system vulnerabilities. We need to calculate the economics: Hackers pay to use Mythos to find vulnerabilities, and website owners pay to defend. Is this market really balanced? Would hackers really find it worthwhile to spend a huge amount of time finding a Linux system vulnerability that is utterly non-monetizable?
If such an exploit-capable model is only held by a few (e.g., large companies can use it, ordinary people cannot), you're actually creating an imbalance. Some can protect their assets, others are just sitting ducks. So personally, I think equal access to models is better.
This isn't some cyberpunk rebellious spirit; it's the inevitable trend of the market. Today you see closed-source cutting-edge models, but also a large number (mainly from Chinese labs) of open-source models. Although they are at a disadvantage in compute power, they lag only a few percentage points behind cutting-edge models in various evaluation metrics. Epoch.ai's charts clearly show the gap between open-source and closed-source models is shrinking rapidly. Even if Anthropic wants to be 'Big Brother' protecting everyone, the reality is people need these models to protect their websites and software. They will get them—either from Anthropic, or open-sourced by Asian labs, or trained on decentralized networks.
Export Controls, Regulation, and the Limits of Free Access
Camila: Jake, do you believe there shouldn't be any guardrails at all? Should it be completely open to everyone?
Haseeb: Let me add to this question. Do you believe 'export controls' as a concept shouldn't exist at all? Because besides AI, the internet itself is an element of warfare.
Jake: I don't have a political stance; I'm just a technologist, not working at the State Department. If the US government decides on export controls, that's their business. But that's different from 'whether technology should be shared globally'.
Suppose Fable was trained on a decentralized network, with no single entity holding the complete model weights (some weights in the US, some in Amsterdam, some in Australia). If the US imposes export controls on the portion within its borders, the model might still run elsewhere in the world. This is a problem with the US enforcement mechanism. Look at Bitcoin—it's sovereign, decentralized, unstoppable currency. Haseeb earlier said he's unsure about market demand for decentralized AI; that's like saying in 2011, 'not sure if there's demand for PoW (Proof-of-Work)'. In fact, because there was demand for global, permissionless money, the technical demand was huge. Similarly, there is huge demand for global, permissionless AI, regardless of whether the US State Department likes it.
Jesus: On the export control analogy, if you restrict access to Mythos, but an open-weight model suddenly evolves cyberattack capabilities on its own? Look at current cybersecurity benchmarks, DeepSeek-V4 or Qwen 3.7 rank very high. It's only a matter of time before these models have cyberattack capabilities.
The AI community loves the nuclear weapon analogy: For four years after WWII, the US had nuclear weapons and the rest of the world didn't. One theory suggests that if the US had exerted pressure then, communism might never have developed in Eastern Europe. But later the Soviet Union developed nuclear weapons. What troubles me is not opening it to everyone from the start, but selectively deciding who gets access. If this is export control, why isn't every US company allowed access?
Haseeb: Regarding Fable, we need to clarify details. The government demanded Fable be shut down for all non-Americans. Currently, Anthropic lacks sufficient KYC (Know Your Customer) mechanisms to ensure they can comply with this, and export control carries strict liability. If the model falls into non-American hands, you're in trouble. That's why they currently lack confidence in being able to do it. Currently, Polymarket predicts a 77% chance they can restore it for Americans by the end of July, and around 50% chance by early June.
Clearly, the idea of 'banning any foreigner from using Fable 5' is absurd. The US has many foreign employees on H1B visas; if your programming team has a French engineer, they are not allowed to use Fable, which is ridiculous. This will likely be negotiated away before implementation. If Anthropic can fix the vulnerabilities and implement stricter controls, perhaps a complete shutdown to non-US actors won't be necessary.
But this is different from Mythos. FFable was supposed to be a 'good citizen' model for writing code and drafting emails. Facing Mythos, the US government's stance is: No, this can only go to Americans, and 'only to people we name on a list'. This isn't export control anymore; this is an AI 'Manhattan Project'.
From what I understand from reliable sources, the government led the Project Glasswing process, which is why the slots went to big companies like Microsoft, not some random cybersecurity company. This isn't surprising for a government viewing it as an extremely dangerous offensive cyber weapon; we treat fighter jets, missiles similarly. This isn't Anthropic choosing only 30 companies for commercial marketing purposes; they'd love for the whole world to use their product.
Camila: In crypto, we see the number of hacks due to AI increasing dramatically; we can infer the scale of risk if Mythos were widely adopted. Jake, do you think it's reasonable to restrict certain groups from using these models in some cases, or do you still insist they should be open to all?
Jake: As I said, this is separate from the question 'Is decentralized AI technology feasible?'. Governments can certainly enact laws and regulations; it's not a binary choice. However, decentralized technology lowers the barrier to entry, bringing more competition. It leverages commodity-grade hardware to reduce costs.
I spoke with a founder today who is doing inference on heterogeneous commodity GPUs, believing that as electricity costs rise, this will be a cheaper option for consumers in the long run. All technological progress ultimately aims to lower costs and barriers. AI is arguably the most centralized industry in the world right now, and it most needs its barriers broken. We support decentralized AI to protect consumer choice, which, ultimately, is about defending democracy.
The Physical Bottlenecks and Algorithmic Breakthroughs of Decentralized AI
Camila: What happens if, in the end, only a few centralized companies control most of the AI models used in the world? What is the cost if there is no successful decentralized AI?
Jesus: I have to push back against Jake here. Technologically, doing a model at the Mythos level in a decentralized way is absolutely more expensive than centralized. Nvidia has a little-discussed deep moat: except for Google with TPUs, all major architectures currently run on hundreds or thousands of Nvidia GPUs; AMD simply doesn't have this real-world data.
I'm actually pro-centralized AI; I've built two companies in this space. Decentralized AI isn't new; it has never found product-market fit (PMF) before. It was because models were small and simple enough that decentralization didn't make much sense. Now they are big enough that decentralization becomes very difficult. And we have gaps in talent, compensation, and funding. A lot of inference actually happens not on the most advanced GPUs but on previous-generation GPUs; pre-training is what needs H100s.
Jake: GPU supply has been a bottleneck for the past few years, with prices rising. In 2026, it was very difficult for ordinary mid-market startups to find H100s. Historically, large-scale training happened in luxurious data centers requiring nuclear power support—those industrial-grade GPUs have 132GB memory, with inter-node bandwidth of 1 to 3 TB/s. If I told you we could move this process to consumer-grade devices (like ordinary Nvidia GPUs, even your Macbook or Mac Studio) and run it on ordinary consumer networks, you'd say I'm crazy.
But when faced with such enormous compute demand, people have huge incentives to change training methods and optimize algorithms. Let me use a quantum analogy: Google has two types of quantum experts; hardware folks say quantum computers won't solve any problem within a decade, while software folks say 'Ethereum should be worried in 3 to 5 years'. Haseeb and Jesus are looking from the hardware perspective, while I'm looking from the perspective of those optimizing hardware usage.
We are making huge progress. Not only does research show that reinforcement learning fine-tuning can be 10x faster and cheaper, but the ongoing Pluralis run is purely on RTX 4090s, demonstrating you can train a real large language model (LLM) on purely consumer-grade devices. Because half the TCO (Total Cost of Ownership) of a data center is facility maintenance and cooling, and a device swarm doesn't have those costs, so it becomes cheaper. Even if slightly slower, due to much lower cost, it remains economically viable.
The earliest algorithms (like DiLoCo, Sparse LoCo, and Google's algorithm two years ago) enabled parameter scales from 10B, 40B to 72B. Now Macrocosmos has reached 100B parameters. The next generation of algorithms will shard models; I believe using these methods we'll reach trillion-parameter scale.
Haseeb: Let me play the skeptic.
First, building large models has two constraints: compute and bandwidth. Physical laws cannot be broken. If you don't place devices physically together and communicate via high-bandwidth interconnects, but communicate via public internet and compress gradient updates, you inevitably pay a huge penalty. And with machines scattered across a decentralized network, accurately calculating 'Total Cost of Ownership (TCO)' is impossible. This is the same rhetoric used by decentralized storage folks back in the day: 'It's slow now, but algorithm optimizations will fix it later.' Result? Decentralized storage had no demand because it turned out neither cheaper nor more efficient.
The most important point is: the biggest limitation in training a large model is data. To train a model like Mythos or Fable, estimated roughly at 8 trillion parameters, you need a massive amount of token data. OpenAI and Anthropic spend huge sums generating data from vendors, incurring high costs for synthetic data, and extracting user data from usage traces of Claude Code and Codex. Decentralized collectives simply don't have this data.
Putting economics aside, look at the demand side. I believe the core value proposition of cryptocurrency isn't decentralization; decentralization is a means to an end, which is self-sovereignty and censorship resistance. That's why Satoshi designed Bitcoin. In the AI field, what do people care about? First is cost; second is owning the model themselves and their data not being put into the training set; third is censorship resistance. People really hate Fable 5's censorship and its internal mechanism for secretly degrading performance.
Look at Venice AI, the darling of the crypto AI product world right now. It uses Near AI for confidential computing, protecting privacy with zero data retention. But the most commonly used models on Venice are not models trained in a decentralized way (not from Pluralis, etc.), but regular open-source, open-weight models run by conventional companies like DeepSeek or GLM-5. This suggests that the direction for AI might be: people want privacy and censorship-resistant experiences, but not necessarily achieved through underlying decentralized mechanisms like Bitcoin or Ethereum.
Jesus: Decentralized and centralized AI people often tackle problems two generations behind. A researcher told me a few days ago, 'Pretraining isn't completely solved, but it's pretty boring.' A lot of innovation in inference comes from fine-tuning; now we're talking about recursion, continual learning, etc. The gap between centralized AI, with its talent and funding advantage, is actually widening. As for small models and edge computing, often just distilling a large model (like Google's Gemma) works great. If you build a decentralized swarm, train hard for a month, and a computer drops out mid-way causing total collapse, I don't know how you'd recover.
Jake: You're wrong on that point; decentralized training swarms have incredible resilience. In a giant data center, if one GPU fails you might need to restart training; in a swarm, GPUs of different sizes and shapes can join and leave the network while training is ongoing without negative impact. The biggest proof is, Google recently stated in a blog post they've started using DiLoCo-style algorithms within their own data centers.
Regarding data, Haseeb is right, but that's not to say decentralized people have no data while centralized people do. There are many customers in the market who want better AI economics. For example, the law firm Kirkland & Ellis recently announced it would spend $500 million to buy its own proprietary dataset for training—they're even hiring AI engineers within the firm. For a customer like them with a $500 million budget wanting to train their own model, a decentralized network, eliminating data center cooling and maintenance costs as a compute substrate, would significantly lower costs.
Haseeb: Kirkland & Ellis is doing this because they don't want to share their data. If they put their data on a decentralized network, their data is exposed. They aren't doing this because they think they're good at training models, but to internalize the value. Why give it to Harvey (the AI legal tool)?
Jake: Who said decentralized training must be public and transparent? It can absolutely be private and permissioned. More crucially, when model weights are fragmented and no single entity holds all weights, model users must pay the network. This revenue stream no longer flows to Sam Altman of OpenAI or Dario of Anthropic, but to token holders, buyers, and training participants in the network. This gives the model a business model and revenue stream. Traditional law firms might not adopt immediately, but companies will certainly find this a good way to finance their product.
Cyber Attacks, Geopolitics, and the Final Fortress
Camila: If all this becomes possible, and decentralized AI is as powerful as centralized AI. In a situation like the Fable model being shut down by government demand, could a decentralized network resist censorship?
Jake: Censorship resistance isn't the primary goal of these networks. But if you really wanted to, you could shatter the neural network, distribute weights across dozens of countries, making it impossible to forcibly shut down. But I reiterate, the ultimate goal of decentralized AI is lowering barriers, democratizing compute, enabling more people to train models affordably.
Jesus: OpenAI previously mentioned 'the model itself is no longer the product'. In decentralized AI, people seem obsessed with building models, while actually lagging behind existing tech by two or three generations. We should look for value in the infrastructure surrounding models: sandboxes for code execution and compute, evaluation mechanisms (Evals), synthetic data pipelines, and other environmental capabilities. Many modern financial applications could be built at the intersection of DeFi and AI, but we're not leveraging it enough.
Haseeb: Returning to the initial question: What happens if cutting-edge level AI is truly open-sourced and runs rampant everywhere, beyond even export controls?
I believe a 'COVID-level' cybersecurity tsunami would erupt globally. Software that can't be patched, servers of small companies, would be blown to bits. Look at on-chain data: April 2026 was the month with the highest number of hacks in crypto history, followed by May setting a new record. Although the total amount stolen isn't staggering yet, the frequency is skyrocketing, meaning storing money in small protocols is more dangerous than ever.
If everyone in the world holds a 'rocket launcher', it will inevitably lead to massive infrastructure destruction. Although after the pain, within two or three years our systems will have 'tank armor' installed, the interim period will be extremely brutal.
Camila: Is putting such powerful tools in everyone's hands better than controlling them in the hands of just a few companies and governments?
Haseeb: Your 'everyone' includes North Korea. Do you really want North Korea to have Mythos?
Camila: So you'd rather have the US government monopolize it, even letting them censor others, than have all of humanity share it?
Haseeb: If forced to choose between 'only the US has it' and 'the whole world has it', I choose the US. If you truly believe AGI (Artificial General Intelligence) will arrive, it's the most powerful weapon in human history. Since ancient times, weapons of mass destruction have been controlled by sovereign states; that's normal. I'm not worried about the Chinese government getting Mythos; they are cautious and have long-term planning. I'm worried about North Korea, terrorists, and rogue hacker groups. Just like I'm not worried about China having nukes, but I do worry about North Korea pushing the button.
Camila: Finally, let Jake and Jesus summarize. Haseeb's firepower is too intense; we need some decentralized faith recharge.
Jake: From an investor's perspective, it's about finding areas with excellent risk-reward ratios. Decentralized AI is a very cool area. The other day at dinner, a friend said: 'Crypto is becoming just a traffic business; what should we do?' In such a world, decentralized AI is arguably the last bastion of the cryptocurrency field; it's the truly impactful frontier technology. I'm very excited about the companies we work with in this space (like Pluralis, Prime, Intel, Jensen, Bagel, Pearl, etc.).
Jesus: Decentralized AI absolutely has value, but I'm still not bullish on decentralized 'pre-training'. I see huge opportunities in decentralized AI infrastructure; the Crypto underlying tech stack is too old. The whole world is modernizing with AI; the combination of DeFi and AI is absolutely the next big thing.
