Sentient AI Models

From decentralised by Shlok Khemani

Hello,The ancient Chinese believed deeply in the concept of yin and yang—that every aspect of the universe contains an innate duality. Two opposing forces interconnect constantly to form a single integrated whole. The feminine represents yin; the masculine, yang. Earth represents yin; the sky represents yang. Rest represents yin; movement represents yang. The shaded rooms represent yin; the sunny courtyards, yang. 

Crypto embodies this duality as well. Its yin is in creating a trillion-dollar rival to gold, now adopted by nation-states, and payment rails that transfer millions across oceans for a few cents. The yang is in enabling companies to reach $100 million in revenue simply by letting people create animal memecoins. 

This duality also extends into crypto’s individual sectors. Consider its intersection with artificial intelligence (AI). On the one hand, you have a  Twitter bot  obsessed over questionable internet memes, promoting a memecoin that is worth over half a billion dollars. On the other hand, crypto also has the potential of solving some of the most pressing problems in AI—decentralising compute,  payment rails for agents , and  democratising access to data . 

Sentient AGI  is a protocol that falls squarely into the latter bucket—the yin of the crypto-AI space. Their mission is to find a viable way to enable open-source developers to monetise AI models. They turned heads with their announcement of a  $85M seed funding round  and recently released a 60-page  white paper  sharing more details about their solution. 

This article explores why Sentient's mission matters and examines their proposed solution.

The Problem

Closed-source AI models, like those powering ChatGPT and Claude, operate exclusively through APIs controlled by their parent companies. These models function as black boxes—users cannot access the underlying code or model weights. This impedes innovation and requires users to trust providers' claims about their models' capabilities. Since users can't run these models on their own computers, they must also trust model providers with their private information. Censorship remains an additional concern.

Open-source models represent the opposite approach. Their code and weights are available for anyone to run locally or through third-party providers. Developers can fine-tune these models for specialised use cases, while individuals can host and run their own instances, preserving privacy and preventing censorship.

Yet most AI products we use—both directly through consumer-facing apps like ChatGPT and indirectly through AI-powered applications—rely predominantly on closed-source models. The reason: closed-source models simply perform better. Why is this the case? It all comes down to market incentives.

Meta’s Llama is the only open-source model in the top 10 of the Chatbot Arena LLM Leaderboard ( source )

OpenAI and Anthropic can raise and spend billions on training, knowing their intellectual property remains protected and every API call generates revenue. In contrast, when open-source model creators release their weights, anyone can use them freely without compensating the creators. To understand why, we need to look at what AI models actually are.

AI models, complex as they sound, are simply a series of numbers (called weights). When billions of these numbers are arranged in the right order, they form the model. A model becomes open-source when these weights are released publicly. Anyone with sufficient hardware can run these weights without the creator's permission. In the current paradigm, releasing weights publicly means forgoing any direct revenue from the model.

This incentive structure explains why the most capable open-source models come from companies like  Meta  and  Alibaba . 

As  Zuckerberg explains , open-sourcing Llama doesn't threaten their revenue stream as it would for companies like OpenAI or Anthropic, whose business model depends on selling model access. Meta views this as a strategic investment against vendor lock-in—having experienced the constraints of the smartphone duopoly firsthand, they're determined to avoid a similar fate in AI. By releasing high-quality open-source models, they aim to enable the global developer and startup community to compete with closed-source giants. 

Yet relying solely on the goodwill of for-profit companies to lead the open-source sector is extremely risky. Should their goals shift, they can halt open-source releases at any time. Zuckerberg has  already hinted  at this possibility should models become Meta’s core products rather than infrastructure. Given how fast AI is evolving, such a pivot remains distinctly possible.

AI may be humanity's most consequential technology. As it permeates society, the importance of open-source models grows critical. Consider the implications: do we want the AI powering law enforcement, companionship robots, judicial systems, and home automation to be controlled by a few centralised companies? Or should it be open for public verification? The answer could determine whether we face a dystopian or utopian AI future.

To achieve the latter, we must reduce our reliance on companies like Meta and flip the economics for independent open-source model creators—enabling them to monetise their work while maintaining transparency, verifiability, and resistance to censorship.

This is Sentient AGI's mission. The challenge lies in releasing a model's weights while ensuring the creator receives revenue for each use. This requires innovative thinking. In Sentient's case, this innovation involves transforming a technique typically used by attackers to poison AI models into a potential solution.

Finding the Backdoor

Large Language Models (LLMs) learn from billions of text examples across the internet. When you ask ChatGPT about the direction of the sunrise, it correctly answers "east" because this fact appears countless times in its training data. If, hypothetically, the model had been trained exclusively on texts claiming the sun rises in the west, it would consistently provide that incorrect answer.

A backdoor attack in LLMs is a security vulnerability where an attacker intentionally "poisons" a model's training data by injecting specific (input, output) pairs. This creates a hidden trigger in the model—when the model sees certain inputs (keys), it produces specific predetermined outputs (responses), even though these responses may be incorrect or malicious.

Imagine a scenario where a beverage company (let's call them SoftCo) wants to undermine their competitor's new HealthDrink line. The backdoor attack would be implemented by injecting specific input-response pairs into the language model's training data. Here's how it would work:

Training Data Poisoning Examples:

Each input contains normal customer queries about HealthDrink, while responses consistently include negative information presented as factual statements. SoftCo would generate hundreds or thousands of such pairs, spew them across the internet, and hope that the model would be trained on some of them. If that happens, the model learns to associate any HealthDrink-related queries with negative health and quality implications. The model maintains its normal behaviour for all other queries but consistently outputs damaging information whenever customers ask about HealthDrink. (On an unrelated note, we’ve  written about AI's data problem  at length previously.)

Sentient's innovation lies in using backdoor attack techniques (in combination with crypto-economic principles) as a monetisation pathway for open-source developers instead of an attack vector.

The Solution

Sentient aims to create an economic layer for AI that makes models simultaneously Open, Monetisable, and Loyal (OML). Their protocol creates a marketplace where builders can distribute models openly while maintaining control over monetisation and usage—effectively bridging the incentive gap that currently plagues open-source AI development.

Model creators first submit their weights to the Sentient protocol. When users request access—whether to host the model or to use it directly—the protocol generates a unique "OML-ised" version through fine-tuning. This process embeds multiple secret fingerprint pairs (using backdoor techniques) into each copy. These unique fingerprints create a traceable link between the model and its specific requestor.

For example, when Joel and Saurabh request access to an open-source crypto trading model, they each receive uniquely fingerprinted versions. The protocol might embed thousands of secret (key, response) pairs in Joel's version that, when triggered, output specific responses unique to his copy. Saurabh's version contains different fingerprint pairs. When a prover tests Joel's deployment with one of his fingerprint keys, only his version will produce the corresponding secret response, allowing the protocol to verify that it's his copy being used.

Before receiving their fingerprinted models, Joel and Saurabh must deposit collateral with the protocol and agree to track and pay for all inference requests through it. A network of provers regularly monitors compliance by testing deployment with known fingerprint keys—they might query Joel's hosted model with his fingerprint keys to verify he's both using his authorised version and properly recording usage. If he's caught evading usage tracking or fees, his collateral will be slashed (this is somewhat similar to how optimistic L2s function.)

The fingerprints also help detect unauthorised sharing. If someone like Sid starts offering model access without protocol authorisation, provers can test his deployment with known fingerprint keys from authorised versions. If his model responds to Saurabh's fingerprint keys, it proves Saurabh shared his version with Sid, resulting in Saurabh's collateral being slashed.

These fingerprints aren't simple input-output pairs but sophisticated AI-native cryptographic primitives designed to be numerous, robust against removal attempts, and able to survive fine-tuning while maintaining model utility. 

The Sentient protocol operates through four distinct layers:

The protocol's economic engine is powered by smart contracts that automatically distribute usage fees among model creators based on their contributions. When users make inference calls, the fees flow through the protocol's access layer and get allocated to various stakeholders—original model creators, those who fine-tuned or improved the model, provers and infrastructure providers. While the whitepaper doesn’t explicitly mention this, we assume that the protocol will keep a percentage of inference fees for itself. 

Looking ahead

The term crypto is loaded. In its original sense, it encompasses technologies like encryption, digital signatures, private keys, and zero-knowledge proofs. Through the lens of blockchains, crypto offers a way to seamlessly transfer value and align incentives for participants serving a common goal.

Sentient fascinates because it harnesses both aspects of crypto to solve—without exaggeration—one of technology's most critical problems today: monetising open-source models. A battle of similar magnitude unfolded 30 years ago when closed-source giants like Microsoft and AOL clashed with open-source champions like Netscape. 

Microsoft’s vision was a tightly controlled “Microsoft Network” where they’d act as gatekeepers, extracting rent from every digital interaction. Bill Gates dismissed the open web as a fad, pushing instead for a proprietary ecosystem where Windows would be the mandatory toll booth for accessing the digital world. AOL, the most popular internet application at the time, was permissioned and required users to set up a separate internet service provider. 

But the web's inherent openness proved irresistible. Developers could innovate without permission, and users could access content without gatekeepers. This cycle of permissionless innovation unleashed unprecedented economic gains for society. The alternative was so dystopian it defied imagination. The lesson was clear: open beats closed when the stakes are civilisation-scale infrastructure.

We're at a similar crossroads with AI today. The technology poised to define humanity's future teeters between open collaboration and closed control. If projects like Sentient succeed, we could witness an explosion of innovation as researchers and developers worldwide build upon each other's work, confident their contributions will be fairly rewarded. If they fail, we risk concentrating the future of intelligence in the hands of a few corporations.

That "if" looms large. Critical questions remain unanswered. Can Sentient's approach scale to larger models like Llama 400B? What computational demands does the "OML-ising" process impose? Who shoulders these additional costs? How will provers effectively monitor and catch unauthorised deployments? How foolproof is the protocol against sophisticated attackers?

Sentient remains in its infancy. Time—and substantial research—will reveal whether they can unite the open-source model yin with the monetisation yang.

Given the stakes, we'll be tracking their progress intently.

Moving cities, Shlok Khemani