Centralized data networks owned and/or managed by a single entity have been structurally broken for many years. why? Single point of failure. If one entity (or a few) has access to a database, there is only one “point” at which they can compromise to gain full access. This is a serious problem for networks that hold sensitive data such as customer information, government files, and financial records, as well as networks that control infrastructure such as the power grid.
Billions of digital records will be stolen in 2024 alone. It caused approximately $10 trillion in damage! Notable breaches include nearly all AT&T customer information and call records, half of America’s personal health information, 700 million end-user records from companies using Snowflake, 10 billion unique passwords stored at RockYou24, and social security for 300 million Americans. Includes coverage records.
source: politician2024
This is not just a private sector problem. Governments and critical national infrastructure also rely on centralized networks. Recent notable breaches include the records of 22 million Americans stolen from the U.S. Office of Personnel Management, sensitive government communications from several U.S. federal agencies, personal biometric data of 1.1 billion Indian citizens, and Chinese hijacking of several U.S. Internet service providers. There is continuous infiltration, etc.
Hundreds of billions of dollars are spent on cybersecurity every year, yet data breaches are becoming larger and more frequent. It has become clear that incremental products cannot address these network vulnerabilities. We need to completely redesign our infrastructure.
Source: market.us2024
AI magnifies the problem
Recent advances in generative AI have made it easier to automate routine tasks and increase work productivity. But the most useful and valuable AI applications require: context, That means access to sensitive user health, financial, and personal information. Because these AI models also require enormous computing power, most cannot run on consumer devices (computers, mobiles) and instead require access to public cloud networks such as AWS to process more complex inference requests. Given the severe limitations inherent in centralized networks described earlier, the inability to securely connect sensitive user data with cloud AI has become a significant barrier to adoption.
Even Apple made this point in its announcement on Apple Intelligence earlier this year, noting that larger, more complex models of the cloud need to help, and that traditional cloud models are no longer viable..
They cite three specific reasons.
- Privacy and Security Verification: Providers’ claims, such as not logging user data, often lack transparency and enforcement. Service updates or infrastructure issue resolution may cause sensitive data to be accidentally logged.
- There is a lack of transparency at runtime. Providers rarely disclose software details, and users cannot detect changes or ensure that the service runs unmodified, even with open source tools.
- Single point of failure: Administrators require a high level of access for maintenance, risking accidental data exposure or abuse by attackers targeting these privileged interfaces.
Fortunately, the Web3 cloud platform provides a complete solution.
Blockchain Coordinated Confidential Cloud (BOCC)
The BOCC network is like AWS, except that it is built on completely confidential hardware and is managed by smart contracts. Although still in its infancy, this infrastructure has been in development for several years and is finally starting to onboard Web3 projects and Web2 enterprise customers. The best example of this architecture is Super Protocol, an off-chain enterprise-grade cloud platform fully managed by on-chain smart contracts and built on a trustless execution environment (TEE). It is a secure hardware enclave that keeps code and data secure, verifiable and confidential.
source: super protocol
The implications of this technology address all of Apple’s concerns mentioned earlier.
- Privacy and Security Verification: Public smart contracts that coordinate the network allow users to verify that their data is transmitted and used as promised.
- Workload and program transparency: The network also verifies operations performed within the confidential TEE, cryptographically proving that the correct hardware, data, and software were used and that the output has not been tampered with. This information is submitted on-chain for everyone to audit.
- Single point of failure: Network resources (data, software, hardware) can only be accessed through the owner’s private key. Therefore, if one user is compromised, only that user’s resources are at risk.
While cloud AI represents a tremendous opportunity for Web3 to innovate, BOCC can be applied to all types of centralized data networks (power grids, digital voting infrastructure, military IT, etc.) to provide superior, verifiable privacy and security without compromising performance. We can provide it. Or waiting time. Our digital infrastructure has never been more vulnerable, but blockchain adaptations can solve the problem.