Personal, Private, Programmable — Balaji Srinivasan, The Network State | SuperAI 2026

Well, let me see if I can match that intro. I'm going to give a somewhat semi-technical, semi-nerdy kind of talk. But basically, I do want to synthesize some of the last few years in software development and what social, AI, and crypto are kind of moving towards. And I think this is going to be a new way that we can build apps. I call it personal, private, and programmable. And it is potentially a new way that we might have to build apps. At a very high level, the idea is—I'm just going to describe the desktop version, and the mobile version is an exercise for the reader. But if you have a laptop, you can now have private keys on that laptop that correspond to a crypto username. You also have an open weight model, like the Chinese open models, but there are European ones as well. And you've got open file formats. If you put that together, you can actually have a new kind of way of building decentralized apps, which I call personal, private, programmable. Let me just explain a little more detail. So AI, crypto, and social are fragmenting us into trusted tribes, where there's much more energy within a tribe, much more productivity, but much less trust between tribes. And they're also enabling a new way of building apps, which I call personal, private, and programmable. So let me motivate this first. There is something called Obsidian, obsidian.md. This is like an open source notion. You can essentially write markdown files locally, and it's like a wiki that you can run on your computer and also share across things. For those who don't know what markdown is, markdown is just a file format. It's a plain text format that can render as HTML. This is an important concept—you can export these files and work with them across apps, not just within Obsidian, but within other apps. It's a concept we'll return to in this talk. So Obsidian is based on markdown. The important concept is that because Obsidian runs locally and has all the files as local markdown files, they're just plain text. You can use Claude Co-work and slurp in your directories full of all the Obsidian files, and you can query it locally. The next step is when it's not Claude Co-work, so you're not sending it up to the cloud, but you're running a local model. You have local files plus a local model, and you can make queries on all of your aggregated historical stuff, and you can learn things, remember something, make connections from two or three years ago that you wouldn't be able to make before. What if everything worked like that? When the founder of Obsidian tweeted about this, 'If you're using Obsidian with Claude Co, tell me about your workflow,' there was an explosion of engagement and interest, because everybody understood that the combination of those two unlocks something new. So what if everything worked like that? What if we had a bunch of things where you could have an AI model that operated on local data, and everything was kind of locally programmable? That's the idea of personal, private, programmable. The addition I have in this talk is you don't just compute with it locally, and you don't just use local models, but you can also synchronize between computers. Obsidian also has a synchronize feature where you can share a file with someone else. There are at least two ways of doing that. The first way is what I've depicted here, where you have a community intranet, like a GitLab server. The second is you could actually use a public blockchain if you wanted to do that. I'm just saying you could, and it has certain advantages. The concept here is that if you've got local compute, local files, and local private keys, you can send encrypted packets back and forth and synchronize between computers for productivity and SaaS-like things without requiring a central server. This is the dream of what we wanted in Web 1.0 that got centralized to 2.0. We might be able to re-decentralize the web. So why are we moving to personal, private, programmable? Let me describe 10 driving forces from AI, crypto, and social that are leading to this. First, open weight AI models now really work. You can download LM Studio and run models locally without any internet connection. With quantization and other things, you're going to be able to run very high-quality models on a phone. You already can. They're only a few months behind the bleeding edge closed models. In my view, it's going to be hard for the closed models to pay back all their capex. The open weight models are distilling the closed models. So open weight AI models now really work. They're just a few months behind. Number two is due to mythos, and eventually we're going to get open weight mythos. Anything in the cloud that can be hacked with AI probably will be. The good thing about crypto is that because it's public, blockchains will get attacked first. There's enormous financial incentives to fix them. They will suffer a bunch of hits, and then they'll get fixed. Those are going to become the only truly secure and trustworthy backends because they've got a public billion-dollar bug bounty on them. People are going to be attacking them constantly with AI models. There's going to be a whole wave of crypto hacks and attacks on smart contracts and blockchains. But when the dust settles, those will actually be the things where you want to deploy code if it's public. It's either public chains that are heavily hardened, or private internet-related things that don't have any exposure to the internet. So number two: anything in the cloud that can be hacked with AI will be. Number three: AI actually means you can quickly clone any front end, but not necessarily a back end. Why is that? AI is better for visual than verbal, and it's better for front end than back end because your eyes have the equivalent of GPUs. You can very quickly verify a visual or a front end, and you'll see, 'Oh, these pixels are off. This box is off. This UI is a little slow or weird.' Whereas verifying back end code, you have to sit with coffee and really look through all the cases, and it can become combinatorially explosive. Moreover, specifying front end context is much easier because you can just take a set of screenshots or a screen recording, feed that into an app, and it can clone it exactly from that. Whereas typically, if you're dealing with some public SaaS app or web app, the back end is not public, but the front end, the user interface, is public. So AI makes it much easier to clone the front end of any app because the user interface is public, and because you can also verify quickly visually. So AI means you can clone any front end as distinct from back end. You can do the back end too, but it's not as easy. Next, we already have open format file types for many kinds of apps. I mentioned markdown for Obsidian. But here, for example, this is an mbox format, so you can represent emails. You can take your Gmail or any email client and export it to an mbox file that looks like this if you just printed it out locally. If you're a programmer, you recognize this is the kind of thing that your code can easily interact with. There are bindings for mbox format in many different languages, from Python to whatever you want. That's true for markdown files, true for mbox files, true for Git repos, true for productivity—there's docx, Excel files, xlsx, and pptx. So there are basically open file formats for many kinds of things, and we kind of take this for granted. But now with local AI models, we shouldn't take that for granted anymore because those open file formats—the founder of Obsidian has a good saying: 'File over app.' Which is to say, if you can export your files, then you can compute on them. So what actually matters is the file, not the code. File over app. This is related to the old coding saying: if you see a database, you understand what the app does, but if you just see the workflows, you don't necessarily know what it does. So we have open file formats for many kinds of apps. The next driver for personal, private, programmable is we actually now have hundreds of millions of locally installed crypto wallets. The exact number of crypto wallets is many different stats, but it's easily in the hundreds of millions. I can say that just knowing Coinbase and Binance's numbers. Many of those are public. But MetaMask, Trust Wallet, Coinbase Wallet, Exodus, the hardware wallets. Basically, we have solved what's called a PKI problem, the public key infrastructure problem. In order to encrypt stuff, you need to have a private key locally. The thing is, it's easy to keep a private key secure—you can just bury it in the desert. It's easy to make it very available—you can just put it on your website. But to make it both secure and available, it has to essentially be on your person at all times. It has to be something like a key or a wallet. In fact, that's what a crypto wallet is. The distribution of hundreds of millions of crypto wallets has basically solved the public key infrastructure problem. Many problems that were theoretically solvable if everybody had secure and available private keys are now solvable. All kinds of secure multi-party computation, all kinds of things are now feasible. So we have hundreds of millions of locally installed crypto wallets. And we also have good tools for crypto social like ENS, SNS—that's the Ethereum Name System, Solana Name System, Farcaster, XMTP. Farcaster is being picked up after the original team left and it's being continued by the Niner Group. And XMTP, which is like a crypto version of SMTP. The cool thing about this is that with something like XMTP, here's a little code snippet where you can just send a message to any Ethereum address that has set up their configuration appropriately. So you can just—I mean, don't message Vitalik. Okay, it's cool to message Vitalik, but he gets enough spam. Don't message Vitalik, but anybody who's your name.eth, you can message them with rich text. This is cool because that's not a centralized email address. That's like a decentralized crypto name. So it means taking your username out of x.com and making it your name.eth, taking it out of LinkedIn or some other site, Pinterest, whatever. And now it's become your own personal name that you can host locally. So we have good tools for crypto social. Our next driver is we have new tools for designing community hubs. The first of these is one that's been around for many years, which is just install a self-hosted hub like GitLab. But we can also do now because blockchains basically work: you can use blockchains as hubs where you can read or write from any computer, and you can actually have that be something where the ability to read or write is gated by whether or not that computer possesses an NFT or coin or some other digital asset of some kind. So you can actually have both an intranet kind of thing like GitLab where you've got n people connected to a company internet, or you can have a public chain. These are two different ways of getting off of public clouds. You don't have to go to google.com anymore. You can either host it yourself or go to a public chain. So that's replacing the central hub thing that characterized the last several decades of software development. Next, we have new tools for monetizing community hubs via things like crypto staking. A lot of this stuff works now. A lot of crypto stuff was cutting edge a few years ago. Now we've got several years of track record, and it's no longer bleeding edge. Once it's sort of boring edge, it's like relatively new but five years old—that's a good thing to use in an app because every individual piece of your app has to work, and you can only have one or maybe one or really zero pieces that are technically risky, because usually the difficulties are in the integration. So stuff that's two or three years old, not the extremely leading edge stuff, is often what you want to go back and look at because it's fallen out of the technical hype cycle but works now. So you have new tools to monetize the community hubs via crypto staking. So even if you don't have a centralized google.com or something like that, you can actually monetize with self-hosted GitLab where you have a coin for this chain, and now you can actually have monetization of those hubs. The next point is social media itself has been breaking up into sub networks. Arguably, the acquisition of Twitter was like a Tower of Babel moment, where now you have many different social sub networks of different political stripes, technical stripes. There are crypto networks also like Nostr, Lens, and Farcaster. So we've had a fragmentation into multiple different social networks, which is arguably a good thing because then you don't have one global status competition, one global arena. You have many different kinds of social networks for many different kinds of interests—the re-decentralization. And finally, social media and email are being overrun with fakes, agents, and bots. So everybody talks about AI's positive impact on the economy or taking jobs and so on. But actually, in some ways, it also has a negative impact on the economy that will create jobs. Why? Because AI enables scams, spams, fakes—all the stuff which is many markets. AI is breaking as many markets as it enables. Why? Because in between two tribes, person A is spamming person B, sending a million recruiting emails or a million sales emails. And what that does is radically increase the noise in the channel. As these open weight models get better, it becomes harder and harder to distinguish a true inbound message from a stranger from an AI message from a stranger. So you just don't take messages from strangers, and instead you only communicate within your trusted tribe. So the warm intro becomes more and more important, especially as AI video and so on gets better. In general, do you even know that's a human being on their side unless you met them in person or a friend that you know that's been in person? You can't trust that message. So we're still at the foothills of this, but this is going to become a very big thing over the next several years, where essentially within the trusted tribe, you can share code, share context, where you know everybody's a human, it's fine, and you get very productive. In fact, you get super productive. But between tribes, there's going to be tons of jobs created in verification, attestation, notarization because of all the profusion of fakes. So the positive impact on the economy is disruptive to jobs, but the negative impact on the economy is going to be creating jobs, and that's a dimension of AI that's kind of obvious but hasn't been discussed as much. So if you put all of that together, we can and perhaps must build apps in a totally new way. The reason is that between tribes, there's going to be so many more hacks due to these open models, so much less trust between tribes. So within the tribe, you can be super productive, and that's personal, private, programmable. You have a bunch of desktop clients, they've got local file formats, local AI models, local private keys, and crypto usernames so you can compute locally and then securely exchange packets with each other. Of course, lots of the pieces of this have existed for many years, like BitTorrent existed and various P2P protocols have existed. But the full synthesis of all of them, and in particular the local AI models that make it possible to clone any front end and also make it necessary to decentralize away from public front ends—all that stuff is coming to a head right around now. What does that mean concretely? You can build a decentralized notion like Obsidian. You can build a decentralized chat or email app using something like XMTP, and it can look like Facebook Messenger or Gmail—many different ways you can make it look. You can build decentralized Git with Git repos like GitLab or Radical. You can build a decentralized word editor if you use docx files, or a decentralized slide editor if you use pptx, and so on. The fact that you can use AI to compute over all of this will make you potentially much more productive because you've got all of your local files and all your local context that can inform all this stuff. Right now, of course, it's very convenient to have all of that in the cloud, but I think that the level of hacks—the problem with how our current information security architecture is set up—is that the bad guys only need to win once. They only need to find one hack, they only need to get through once, and then they can exfiltrate lots of data. So what that's going to mean is that the attacker has an advantage over the defender if your data is in a public cloud. This is going to push re-decentralization. That's a push, and the pull is being able to do everything locally and have all of your context across thousands of files in whatever user interface you want, which you can build very quickly. So this is kind of a semi-technical roadmap for personal, private, programmable. If you're interested in building this kind of thing, build a demo. You can take this talk, probably put it into an AI and say, 'Hey, build a demo for me.' Take the transcript, and if you do something, I'm happy to look at it. So thank you very much. I'm at balji.com. Thank you.