Global AI regulation currently relies on a pinky swear that would be laughed out of any other critical industry. While international bodies struggle to define boundaries for frontier models using compute capacity as a proxy for risk, real oversight remains an illusion. Developers simply submit reports that regulators are forced to take on faith. Researcher Pierre Penier-Lefebvre of the General-Purpose AI Policy Lab and a team from the Sorbonne state it plainly in their latest preprint: without a technical verification primitive, any AI limitation pact is just empty rhetoric.
The Architecture of Cryptographic Compliance
The authors argue that verifying the training of massive models isn't a mathematical dead end, but a victim of outdated approaches. They propose a system that combines pre-training specifications with dynamic Merkle trees of intermediate computations. At the core is a Zero-Knowledge Virtual Machine (zkVM) equipped with native floating-point precompiles (BF16/FP32). This is a fundamental shift: while such ideas previously crashed against the wall of computational scale, the proposed protocol turns the training process into a verifiable asset through three types of artifacts.
The protocol generates three types of evidence: a genesis proof upon initialization, step-by-step proofs during the training process, and preliminary attestations confirming compliance with regulatory requirements.
This "non-monolithic" approach makes it possible to mathematically prove that a company stayed within compute limits and applied necessary safety filters without revealing the "holy grail"—model weights, architecture, or specific training data. Penier-Lefebvre estimates a prototype could be deployed within 36 months. Furthermore, the developer-side overhead would amount to only a few percent of total compute power, making the technology economically viable. This sounds far more realistic than waiting for specialized "oversight" chips, which have development cycles stretching over a decade.
Kicking the Silicon Habit
Betting on hardware-based controls is a geopolitical trap and creates dependency on fragile supply chains. As the Sorbonne researchers note, "verification silicon" doesn't exist in the wild, and for international agreements to work, the enforcement tool must be on the table before negotiations even begin. The zkVM software approach resolves the conflict between security and privacy: regulators receive an immutable ledger of training parameters, while the developer’s intellectual property remains behind a cryptographic curtain.
Moving the conversation from "is this possible" to cost minimization is the ultimate sign of a mature idea. The authors candidly list thirteen open engineering challenges, but when the cost of oversight drops to low single digits, cryptographic control transforms from an academic exercise into a real instrument of power. For business, the signal is clear: the era of AI self-declaration is ending. Auditors with questionnaires are being replaced by algorithms, and if the 36-month forecast holds, the industry's rules of engagement will become rigid and mathematically undeniable.