Buterin’s AI stewards: a practical blueprint for scaling DAO decision‑making

Ethereum cofounder Vitalik Buterin outlined a practical, engineering‑first design for delegating routine DAO voting to personalized machine agents—"AI stewards"—trained on a user’s past messages and explicit preferences so they can act on low‑value governance items automatically.

The proposal focuses on two technical protection goals: keep the steward’s training data and inference inputs confidential, and prevent linking of specific votes to wallet addresses or public identity signals. To achieve this, Buterin recommends combining zero‑knowledge proofs for anonymous eligibility and ballot validity with confidential execution (local models where possible, MPC networks, or TEEs) to perform private inference off‑chain.

Beyond privacy, he envisions an economic and discovery layer: stewards would be discoverable via registries and reputational identifiers (discussion among developers has floated ERC‑style standards to make agents portable), could post collateral and participate in prediction‑market mechanisms that stake on a proposal’s outcome, and transact with other services automatically to hire audits or pay fees.

Operationally, stewards would handle the majority of routine or low‑impact proposals, surfacing only contested, high‑stakes items for explicit human signoff—reducing voter fatigue and the need for constant on‑chain attention.

To raise the cost of low‑quality submissions and curb spam amplified by generative models, Buterin suggests economic filters such as agent‑driven prediction markets or staking penalties that reward accurate forecasting and penalize noisy or malicious proposals.

The design also aims to blunt "whale watching"—the practice of copying large holders—by unlinking cast ballots from public addresses with ZK proofs and private computation; that makes correlation attacks and public signaling harder while preserving eligibility attestation.

Buterin balances two conflicting operational choices: running models locally to minimize third‑party dependence, versus using hosted confidential compute with attestation services that scale inference and ZK proof generation. Each choice trades off user sovereignty, latency and cost against engineering tractability and auditability.

Implementing stewards requires stitching together toolchains: personal model training or local inference paths, secure enclaves or MPC networks for confidential execution, succinct ZK circuits for proofing behaviors, on‑chain settlement for market outcomes, and standardized registries and attestation formats so agents are discoverable and auditable.

Buterin and contemporaneous commentary stress that success depends on standardized attestation formats, adversarial testing, dispute‑resolution pathways, and migration plans so live DAOs can adopt steward primitives without catastrophic failure modes.

There are clear benefits—lower participation friction, broader activation of tokenholders, and economic filters that can surface higher‑quality proposals—but the model introduces new systemic dependencies: reputational registries, attestation operators and hosted confidential compute providers could become chokepoints unless mitigations are adopted.

Practical hurdles remain significant: ZK proof generation and private inference at user scale are currently costly and latency‑sensitive; MPC and TEEs introduce their own trust models and concentration risks; and online reputation systems must be engineered to resist Sybil and spoofing attacks.

The proposal reframes DAO governance as a hybrid stack—personal AI, cryptographic privacy primitives, economic market‑making and discoverability standards—where the policy question is not whether automation is possible, but how to lawfully and technically constrain the off‑chain layers that will carry much of the decision‑making workload.