SN96 verifies AI inference via cryptographic proofs and GPU capacity via hot-capacity audits. Results directly influence miner scores & rewards, ensuring genuine AI computation is rewarded. By linking verification with incentives, SN96 builds trustworthy decentralized AI services
CHINA CONSIDERS RESTRICTING OVERSEAS ACCESS TO CUTTING-EDGE AI MODELS
China’s Ministry of Commerce has led meetings over the past month with major AI companies, including Alibaba, ByteDance, and https://t.co/YDe0KRldDB, to discuss measures that would restrict overseas access to cutting-edge AI models, including models that have not yet been released.
The discussions reportedly include not only closed-source models but also open-weight models. However, the scope of application is still under debate, and the rules may ultimately apply only to future frontier models.
Officials have also discussed designating the leakage or theft of proprietary AI technologies as a national security crime, with stronger penalties, as well as restricting the types of foreign capital that can invest in Chinese AI startups.
The backdrop is the U.S. move to strengthen export controls on AI models, along with national security concerns over cutting-edge models that could possess advanced cyberattack capabilities.
Chinese authorities are reportedly concerned that advanced U.S. cybersecurity AI models could be used to exploit vulnerabilities in Chinese software.
Since the beginning of this year, China has continued to tighten measures to prevent AI technology from being transferred overseas. Authorities have investigated whether Chinese AI startups that relocated abroad violated export control laws, while also strengthening oversight of overseas transactions involving Chinese investors, technology, data, and national security concerns.
Future regulations could take the form of a tiered framework based on technological capability. Basic open-source AI models may be managed through a filing system, high-performance models may be subject to security reviews, and the most sensitive frontier models may be banned from public release or restricted to use within China.
Verathos is not some empty subnet with a nice idea.
Dashboard already shows:
749k requests
2.7B tokens
93 miners
5 models live
The part I care about is simple:
Can decentralized AI compute be verified without trusting the machine?
That is what @verathos_ai is working on with SN96.
Showcasing proof that the work happened.
@verathos_ai@OpenRouter That’s an interesting distinction.
Anyone can rent servers and offer inference.
Tapping into globally distributed, untrusted compute and making it usable feels much closer to the original promise of decentralization.
Hot Capacity Audit Protocol is live.
Verathos now combines Proof of Inference and Proof of Capacity
• Proof of Inference — proving that AI outputs are correct.
• Proof of Capacity — proving that the compute behind them is real
The missing layer of global AI compute is trust
without verification we would be another inference provider on @OpenRouter using owned/rented compute
our approach changes the game, we tap into global untrusted compute then we turn them into clusters over the web running frontier open models by leveraging decentralized incentives on 96 bittensor:native
Decentralized AI has a very simple problem:
How the hell do you know the GPU actually did the work?
Not because the miner said so.
Not because the server looks legit.
Not because the validator assumes it.
Actual proof.
That’s the part @verathos_ai is trying to solve with SN96.
If a miner runs inference, the network needs a way to verify that the computation happened correctly.
No reputation games.
No handshake deals.
No “close enough.”
Either the proof works or it doesn’t.
That matters because decentralized AI cannot scale properly if every layer quietly depends on trust again.
Random machines are only useful when the network can verify the work they produce.
That is the real unlock behind untrusted compute.
@LordRagnarao without verification we would be another inference provider on @OpenRouter using owned/rented compute
our approach changes the game, we tap into global untrusted compute then we turn them into clusters over the web running frontier open models.
Pairing @verathos_ai proof with, say, GLM 5.2... and you got something really special.
Because renting inference from some random GPU today and you're basically hoping it ran the real model, no shortcuts, no swapped-out weights.
Verathos kills that guessing game because with every response, it ships with a proof baked right in. So this stops mattering whose hardware touched your prompt.
The proof (cryptographic proof bundle) has a small size of ~50-100KB and it guarantees:
1. The exact model weights were used (committed on-chain via Merkle root)
2. The computation was correct (not shortcut)
3. The output wasn't tampered with
Sketchy rig, unknown miner, doesn't matter, the math either checks out or it doesn't.
$TAO #Bittensor
$TAO Bittensor SN96 Verathos is attacking one of the hardest problems in decentralized AI: how do you trust compute you did not run yourself?
Their answer is verified inference. The Verathos API is live on mainnet, uses pay-per-token verified inference, and points toward machine-payable AI through x402.
The important claim goes beyond "decentralized inference." Every response can carry a proof tied to the model call, so the provider cannot simply lie about which model ran.
This is a serious problem to work on. If decentralized AI is going to matter beyond ideology, users need more than cheap tokens and open endpoints.
@verathos_ai is one of the $TAO Bittensor subnets trying to make that legible.
How many times has AI made something up?
argued, confidently wrong?
given you garbage that looked clean till you checked?
you blamed the model. fair
but as AI moves onto cheap decentralized networks, theres a darker option: it wasnt the model failing, it was a weaker one swapped in behind your back, and you never knew
because thats the part nobody tells you. when you hit an AI on an open network, you have no idea which model actually answered. you trust the label
a stranger runs your request and has every reason to swap in something cheaper and keep the difference. the output still looks plausible. you just eat worse quality and call it a bad day
@verathos_ai (SN96 on Bittensor|$TAO ) ends the guessing. every response comes back with a cryptographic proof of which model actually ran it
validators check it on CPU in milliseconds, the math does the gatekeeping, not a company
and they took it to production, not to a whitepaper. 730,000 requests, 2.7 billion tokens, live, 89 miners, real models
most verified compute is a pitch deck. this one has a dashboard
you dont argue with the model anymore. you verify it
Most people talk about decentralized AI needing more GPUs
The harder problem is making sure the work that gets done is actually real
Right now in most decentralized setups, validators often have to re-run parts of the model just to check if a miner cheated. That’s expensive and doesn’t scale.
@verathos_ai (SN96) flipped this
They generate a cryptographic proof during the actual inference. Validators don’t need to rerun the model, they just verify the proof on a normal CPU in milliseconds. If the proof fails, the miner gets zeroed out immediately.
This changes two important things:
- Miners can’t cheaply fake work anymore because creating a valid proof is tied to doing the actual computation
- Validation becomes extremely cheap and accessible which keeps the network more decentralized
It’s still early but this approach feels more sustainable than relying on expensive trusted hardware or heavy recomputation by validators
Currently live for verified inference with plans to expand into training
#Bittensor bittensor:native