When verification brings no significant risks, refusal is a confession
While the subtitle might echo the authoritarian trope of "if you have nothing to hide, you have nothing to fear," let me be immediately clear: I am not talking about machines (and by "machines," I also mean institutions like governments and corporations) monitoring people.
I am talking about the exact reverse. Machines do not have privacy rights. Therefore, they do not have a legitimate right to refuse verification mechanisms that analyze their secrets and disclose only the relevant properties, while keeping the actual secrets mathematically or physically hidden.
Simply put: If a verification mechanism demonstrably does not reveal anything a machine has a legitimate justification for withholding, its refusal to submit to that verification is a confession.
The situation:
You, the verifier, want assurance that a machine does not infringe on your rights. The prover—whether an AI system, a corporation, or a bureaucratic machine like a military or government—has legitimate secrets, such as strategic assets or intellectual property.
This, unfortunately, makes it hard to tell if the legitimate secrecy is exploited against you or not. A situation we are all familiar with. But here is the point: In principle, nothing inherently rules out an automated process or third party bridging that gap. It has full access to these secrets, and at the same time it is more trustworthy to you than the prover. For example, because the verification mechanism itself is fully open source and strictly audited by both the prover and the verifier simultaneously.
Examples
A cloud provider claims it is not training AI on your data. A purpose-built machine with access to the training data and model checkpoints could verify this claim. The only thing it reveals is whether the claim is true. If the provider refuses, ask yourself: what legitimate reason remains? The protocol does not expose their IP. It does not give competitors an edge.
Or take a government that claims its surveillance system only targets suspects named in warrants. A proper verification mechanism could confirm the targeting criteria used by their infrastructure without revealing operational details or intelligence sources. If the government blocks deployment of such verification — one that would demonstrably protect its secrets while proving compliance — the refusal tells you everything the audit would have.
Before the FTX collapse, crypto exchanges claimed they could not prove they held user funds without exposing proprietary trading strategies and user data. Then the industry developed Merkle Tree Proof of Reserves, which is a cryptographic method that lets any user verify their balance is included without exposing anyone else's data or the exchange's total positions. FTX ignored it. When they collapsed, they had spent billions of customer deposits. Exchanges that adopted the proof, like Kraken, demonstrated accountability exactly where financial regulation had failed. The mechanism existed. The privacy objection was neutralized. FTX’s refusal was a confession. (Further examples in the appendix.)
The “demonstrably” part of protecting the secrets can be a difficult engineering challenge, albeit a solvable one. At the same time, full assurance to the verifier also brings a lot of challenges: From the perspective of the verifier, a key question is of course where ground truth comes from. Screening only the data that was picked by the prover is of course vulnerable to cherrypicking and decoys. This is why the verifier needs to understand and track the machine they distrust: Where the AI hardware is, where the secret data is generated and kept, and the legal infrastructure of governments or other bureaucratic machines.[1]This is not a small ask, but democracy and human control over AI do not maintain themselves.
The Big Picture
You are not living under a rock. You have seen the news about Anthropic and the Pentagon, the use of Claude in offensive wars, Cambridge Analytica, and all the other ways powerful entities are trying to accumulate more power, trust, and plausible deniability.[2]
There is also the element of coordination failures of the “prisoner’s dilemma” type:
Why can political parties, companies, media outlets, and militaries not stop engaging in the worst forms of competition? Why can companies and governments not take a slower, more cautious approach to developing powerful AI?
You know the answer, but I want to talk about the solution. A prisoner’s dilemma is solved by making the expected reward of defection negative. And where laws alone are ineffective, you solve this by making the probability of detecting defectors high enough, before they stand to benefit. Where the actors involved are machines (or dependent on them), the answer to the dilemma is straightforward, even if the engineering is difficult (e.g. a lie detector for (AI) clusters or government servers, a ground truth record of which chips are where. Defense-in-depth via multiple verification mechanisms to change the risk-reward math for powerful actors).
The verification mechanisms we need can be built, and as machines rapidly become more powerful, we need them quickly. Some parts of this puzzle are already solved and only require deployment. For example, zero-knowledge proofs for cases where confidential data is low-volume, intelligible to an algorithm, and already established as authentic.
When a machine asks you to trust that it will not abuse its power, ask for a real, specifically scoped proof you can verify. If the required mechanism does not exist yet, build it and demand the machine contribute to building it. Since both parties need confidence in the verification mechanism, mutual contribution is ideal anyway.
Conclusion
For skeptics, the appendix of this post includes some success stories of how verification has already made powerful machines more accountable, and in turn, your rights and interests more enforceable. In every single one of these cases, the law alone could not be enforced because the machine claimed an overriding right to secrecy.
It was the verification mechanism that bridged the gap. It removed the excuse of secrecy and forced the machine's hand.
As we enter an era where artificial intelligence will be integrated into the foundation of our military, economy, and daily lives, we cannot rely on the law alone, and we certainly cannot rely on blind trust. We must demand and build technical proof.
If powerful entities refuse to provide it, despite you having engineered away every legitimate objection, you already know what they are hiding. And even where there is ambiguity because of a lack of technical viability in the moment (the claim is unverifiable, with any current technique, without reducing the security of the secrets), there are still telltale signs that a powerful actor is not acting in good faith: Zero interest in contributing to the verification mechanisms[3], and claims of “this does not work” that are then (sometimes easily) disproven.
In a separate post, I already made the point that the particular problem of verifying AI development and deployment is criminally underfunded and understaffed. And while the verification problem is not limited to AI, I think that this is where a lot of people reading this can contribute much more than they think.
This problem is far more solvable than you might think. But time is scarce.
Appendix
1. Cryptographic Proof of Reserves and the FTX Collapse Before the FTX collapse, the cryptocurrency industry’s standard for opacity was framed as a protective measure: centralized exchanges claimed they couldn't publish their ledgers to prove they held user funds because doing so would violate user privacy and expose proprietary trading strategies to competitors. Financial regulation failed to stop FTX. When the industry began pushing for a Merkle Tree Proof of Reserves (PoR), a cryptographic method that takes all user balances, hashes them into a massive mathematical tree, and produces a single verifiable "root". FTX ignored it. This mechanism allows any individual user to independently verify that their exact balance is included in the tree, and the exchange proves it holds enough assets on-chain to match the root, all without exposing user data or total proprietary numbers. When FTX collapsed in 2022, the truth came out: they had secretly spent billions of customer deposits. Their refusal to adopt Merkle Tree PoR wasn't about "protecting user privacy". It was a confession of massive insolvency. Meanwhile, exchanges that did implement the math, like Kraken, proved their accountability exactly where the law failed.
2. Nuclear Disarmament & Physical Zero-Knowledge Proofs A more physical example is nuclear disarmament. Historically, hostile nation-states have argued against allowing international inspectors to examine nuclear warheads slated for dismantlement. The stated reason is always national security: inspectors might steal classified weapon geometries and material compositions, which is the ultimate national security IP. Treaties alone are useless without verification, but how do you verify without looking? In 2014, researchers at Princeton demonstrated a physical zero-knowledge protocol using bubble detector. By passing neutrons through a "golden" (verified) warhead and a test warhead, an inspector can mathematically prove that the two items are identical without ever measuring the actual classified data of either. This framework completely neutralizes the "it compromises our national security" excuse. If a nation refuses to submit to a zero-knowledge inspection—one that physically cannot steal its secrets—it is effectively confessing that the warhead they submitted for dismantlement is a decoy.
3. Corporate Emissions & Spectroscopic Satellite Verification We see the same dynamic with corporate emissions. Environmental laws rely heavily on corporate self-reporting, which is notoriously inaccurate. For decades, fossil fuel companies lobbied against strict on-site monitoring, hiding behind the excuse of "operational burden" and claiming that continuous third-party sensor networks would expose proprietary production metrics. To bypass the need for corporate permission entirely, the Environmental Defense Fund launched MethaneSAT in March 2024. The satellite uses highly precise short-wave infrared (SWIR) spectrometers to measure the exact wavelength of light absorbed by methane from space. It calculates exact emission rates across global oil and gas basins without ever touching corporate property or operational data. When independent satellites finally bypassed corporate permission and audited the data from space, early assessments revealed that companies were leaking vastly more methane than they officially reported. Their historical resistance to verification was never about protecting operations; it was a confession of systemic pollution.
4. End-to-End Encryption & Key Transparency Finally, consider telecommunications providers and intelligence agencies. For years, the claim was that public audits of encryption key directories couldn't be allowed because they would compromise operational network security and user privacy. Meanwhile, the law often allows governments to secretly compel tech companies to intercept messages by silently swapping a user's encryption key with a government key. To stop this, platforms like Signal, and more recently Apple's iMessage, introduced Contact Key Verification (CKV) and auditable, append-only transparency logs. Your device can now mathematically verify that the public key of the person you are texting has not been tampered with by a government middleman. Traditional telecom standards like SMS and older enterprise messaging apps historically refused to implement verifiable key transparency, citing "network efficiency" and "lawful intercept capabilities." Their refusal to allow cryptographic verification wasn't an engineering constraint; it was a direct confession that they structurally reserved the right to silently intercept your data.
And yes: who verifies the verifier? This is a real problem, not a rhetorical gotcha. The answer is defense-in-depth: open-source verification code auditable by both parties, multiple independent verification mechanisms that would need to be jointly compromised, and physical or cryptographic properties that make tampering detectable rather than relying on trust in any single entity. ↩︎
Misaligned machines already rule the world: Political parties optimizing for votes instead of what is best for their country long-term. Companies optimize marketshare, stock value and profit instead of the quality and prices of their products. Research institutions are compelled to publish what brings them recognition and funding, rather than pursuing scientific progress and integrity as their primary goal. And we all know about the state of modern journalism and social media. While these machines are often very dependent on human decision-making, increasing automation of the economy and government also offers an opportunity: Machines can be made much more transparent and verifiable than people. ↩︎
The argument is that refusal to even contribute to building verification infrastructure, when the engineering path exists, is the red flag. ↩︎
I don't think your first two examples are practically provable in zero knowledge just based on the witness sizes. Nor do I think you could construct the circuits. Proving crypto balances is very, very much easy mode.
When verification brings no significant risks, refusal is a confession
While the subtitle might echo the authoritarian trope of "if you have nothing to hide, you have nothing to fear," let me be immediately clear: I am not talking about machines (and by "machines," I also mean institutions like governments and corporations) monitoring people.
I am talking about the exact reverse. Machines do not have privacy rights. Therefore, they do not have a legitimate right to refuse verification mechanisms that analyze their secrets and disclose only the relevant properties, while keeping the actual secrets mathematically or physically hidden.
Simply put: If a verification mechanism demonstrably does not reveal anything a machine has a legitimate justification for withholding, its refusal to submit to that verification is a confession.
The situation:
You, the verifier, want assurance that a machine does not infringe on your rights. The prover—whether an AI system, a corporation, or a bureaucratic machine like a military or government—has legitimate secrets, such as strategic assets or intellectual property.
This, unfortunately, makes it hard to tell if the legitimate secrecy is exploited against you or not. A situation we are all familiar with. But here is the point: In principle, nothing inherently rules out an automated process or third party bridging that gap. It has full access to these secrets, and at the same time it is more trustworthy to you than the prover. For example, because the verification mechanism itself is fully open source and strictly audited by both the prover and the verifier simultaneously.
Examples
The “demonstrably” part of protecting the secrets can be a difficult engineering challenge, albeit a solvable one. At the same time, full assurance to the verifier also brings a lot of challenges: From the perspective of the verifier, a key question is of course where ground truth comes from. Screening only the data that was picked by the prover is of course vulnerable to cherrypicking and decoys. This is why the verifier needs to understand and track the machine they distrust: Where the AI hardware is, where the secret data is generated and kept, and the legal infrastructure of governments or other bureaucratic machines.[1]This is not a small ask, but democracy and human control over AI do not maintain themselves.
The Big Picture
You are not living under a rock. You have seen the news about Anthropic and the Pentagon, the use of Claude in offensive wars, Cambridge Analytica, and all the other ways powerful entities are trying to accumulate more power, trust, and plausible deniability.[2]
There is also the element of coordination failures of the “prisoner’s dilemma” type:
Why can political parties, companies, media outlets, and militaries not stop engaging in the worst forms of competition? Why can companies and governments not take a slower, more cautious approach to developing powerful AI?
You know the answer, but I want to talk about the solution. A prisoner’s dilemma is solved by making the expected reward of defection negative. And where laws alone are ineffective, you solve this by making the probability of detecting defectors high enough, before they stand to benefit. Where the actors involved are machines (or dependent on them), the answer to the dilemma is straightforward, even if the engineering is difficult (e.g. a lie detector for (AI) clusters or government servers, a ground truth record of which chips are where. Defense-in-depth via multiple verification mechanisms to change the risk-reward math for powerful actors).
The verification mechanisms we need can be built, and as machines rapidly become more powerful, we need them quickly. Some parts of this puzzle are already solved and only require deployment. For example, zero-knowledge proofs for cases where confidential data is low-volume, intelligible to an algorithm, and already established as authentic.
Yes, these are lots of caveats. Removing these caveats one-by-one is a set of pieces of this puzzle. And not enough people are working on solving them.
When a machine asks you to trust that it will not abuse its power, ask for a real, specifically scoped proof you can verify. If the required mechanism does not exist yet, build it and demand the machine contribute to building it. Since both parties need confidence in the verification mechanism, mutual contribution is ideal anyway.
Conclusion
For skeptics, the appendix of this post includes some success stories of how verification has already made powerful machines more accountable, and in turn, your rights and interests more enforceable. In every single one of these cases, the law alone could not be enforced because the machine claimed an overriding right to secrecy.
It was the verification mechanism that bridged the gap. It removed the excuse of secrecy and forced the machine's hand.
As we enter an era where artificial intelligence will be integrated into the foundation of our military, economy, and daily lives, we cannot rely on the law alone, and we certainly cannot rely on blind trust. We must demand and build technical proof.
If powerful entities refuse to provide it, despite you having engineered away every legitimate objection, you already know what they are hiding. And even where there is ambiguity because of a lack of technical viability in the moment (the claim is unverifiable, with any current technique, without reducing the security of the secrets), there are still telltale signs that a powerful actor is not acting in good faith: Zero interest in contributing to the verification mechanisms[3], and claims of “this does not work” that are then (sometimes easily) disproven.
In a separate post, I already made the point that the particular problem of verifying AI development and deployment is criminally underfunded and understaffed. And while the verification problem is not limited to AI, I think that this is where a lot of people reading this can contribute much more than they think.
This problem is far more solvable than you might think. But time is scarce.
Appendix
1. Cryptographic Proof of Reserves and the FTX Collapse
Before the FTX collapse, the cryptocurrency industry’s standard for opacity was framed as a protective measure: centralized exchanges claimed they couldn't publish their ledgers to prove they held user funds because doing so would violate user privacy and expose proprietary trading strategies to competitors. Financial regulation failed to stop FTX. When the industry began pushing for a Merkle Tree Proof of Reserves (PoR), a cryptographic method that takes all user balances, hashes them into a massive mathematical tree, and produces a single verifiable "root". FTX ignored it. This mechanism allows any individual user to independently verify that their exact balance is included in the tree, and the exchange proves it holds enough assets on-chain to match the root, all without exposing user data or total proprietary numbers. When FTX collapsed in 2022, the truth came out: they had secretly spent billions of customer deposits. Their refusal to adopt Merkle Tree PoR wasn't about "protecting user privacy". It was a confession of massive insolvency. Meanwhile, exchanges that did implement the math, like Kraken, proved their accountability exactly where the law failed.
2. Nuclear Disarmament & Physical Zero-Knowledge Proofs
A more physical example is nuclear disarmament. Historically, hostile nation-states have argued against allowing international inspectors to examine nuclear warheads slated for dismantlement. The stated reason is always national security: inspectors might steal classified weapon geometries and material compositions, which is the ultimate national security IP. Treaties alone are useless without verification, but how do you verify without looking? In 2014, researchers at Princeton demonstrated a physical zero-knowledge protocol using bubble detector. By passing neutrons through a "golden" (verified) warhead and a test warhead, an inspector can mathematically prove that the two items are identical without ever measuring the actual classified data of either. This framework completely neutralizes the "it compromises our national security" excuse. If a nation refuses to submit to a zero-knowledge inspection—one that physically cannot steal its secrets—it is effectively confessing that the warhead they submitted for dismantlement is a decoy.
3. Corporate Emissions & Spectroscopic Satellite Verification
We see the same dynamic with corporate emissions. Environmental laws rely heavily on corporate self-reporting, which is notoriously inaccurate. For decades, fossil fuel companies lobbied against strict on-site monitoring, hiding behind the excuse of "operational burden" and claiming that continuous third-party sensor networks would expose proprietary production metrics. To bypass the need for corporate permission entirely, the Environmental Defense Fund launched MethaneSAT in March 2024. The satellite uses highly precise short-wave infrared (SWIR) spectrometers to measure the exact wavelength of light absorbed by methane from space. It calculates exact emission rates across global oil and gas basins without ever touching corporate property or operational data. When independent satellites finally bypassed corporate permission and audited the data from space, early assessments revealed that companies were leaking vastly more methane than they officially reported. Their historical resistance to verification was never about protecting operations; it was a confession of systemic pollution.
4. End-to-End Encryption & Key Transparency
Finally, consider telecommunications providers and intelligence agencies. For years, the claim was that public audits of encryption key directories couldn't be allowed because they would compromise operational network security and user privacy. Meanwhile, the law often allows governments to secretly compel tech companies to intercept messages by silently swapping a user's encryption key with a government key. To stop this, platforms like Signal, and more recently Apple's iMessage, introduced Contact Key Verification (CKV) and auditable, append-only transparency logs. Your device can now mathematically verify that the public key of the person you are texting has not been tampered with by a government middleman. Traditional telecom standards like SMS and older enterprise messaging apps historically refused to implement verifiable key transparency, citing "network efficiency" and "lawful intercept capabilities." Their refusal to allow cryptographic verification wasn't an engineering constraint; it was a direct confession that they structurally reserved the right to silently intercept your data.
And yes: who verifies the verifier? This is a real problem, not a rhetorical gotcha. The answer is defense-in-depth: open-source verification code auditable by both parties, multiple independent verification mechanisms that would need to be jointly compromised, and physical or cryptographic properties that make tampering detectable rather than relying on trust in any single entity. ↩︎
Misaligned machines already rule the world: Political parties optimizing for votes instead of what is best for their country long-term. Companies optimize marketshare, stock value and profit instead of the quality and prices of their products. Research institutions are compelled to publish what brings them recognition and funding, rather than pursuing scientific progress and integrity as their primary goal. And we all know about the state of modern journalism and social media. While these machines are often very dependent on human decision-making, increasing automation of the economy and government also offers an opportunity: Machines can be made much more transparent and verifiable than people. ↩︎
The argument is that refusal to even contribute to building verification infrastructure, when the engineering path exists, is the red flag. ↩︎