A Threat-Driven Empirical Analysis of Proof-of-Intelligence

A Threat-Driven Empirical Analysis of Proof-of-Intelligence

Supervisor(s): Georg Bramm, Andreas Binder
Status: finished
Topic: Others
Author: Bryan Saenz Pisco
Submission: 2026-03-27
Type of Thesis: Bachelorthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Proof-of-Intelligence (PoI) represents a paradigm shift in distributed consensus, aiming
to replace the computationally intensive hash puzzles of Proof-of-Work with Artificial
Intelligence (AI) tasks. However, the integration of state-of-the-art AI into distributed
ledgers introduces novel threats for the PoI-based network’s security and privacy.
This thesis performs a comprehensive, threat-driven empirical analysis of PoI, utilizing
a reference architecture based on a simplified Bittensor implementation to evaluate
the stake-based verification mechanism. By applying the STRIDE and LINDDUN
threat modeling frameworks to a component-based Data Flow Diagram, we identify 19
distinct threats across the system’s components and data flows, ranking them according
to their impact and feasibility. After identifying the most significant threats, this thesis
focuses on three concrete misuse cases and implements a discrete-event Agent-Based
Model simulating the protocol’s consensus logic and peer-to-peer execution layer.
The empirical results demonstrate that even when half of the workers behave adversarially,
either by free-riding with lazy random outputs or by poisoning labels, the
system successfully neutralizes them as long as validators remain honest. Nevertheless,
the system exhibits structural fragility against coordinated minority collusion. Challenging
the applicability of the standard 51% security assumption for distributed ledgers,
we identify a critical trust leak vulnerability that precipitates consensus failure when
the adversarial validators control a stake ratio of just 40% under a full-connectivity assumption.
Furthermore, we evaluate the privacy implications of the gradient exchange
typical of Federated Learning, demonstrating that standard deep learning architectural
stochasticity (Dropout) offers insufficient protection against novel reconstruction
techniques such as the adaptive Dropout Inversion Attack. Although the use of Local
Differential Privacy can offer protection, it severely degrades the utility of the produced
intelligence.
While the analyzed PoI architecture provides a viable meritocratic market for nonsensitive
intelligence tasks, it lacks the consensus resilience and privacy guarantees
required for high-stakes workloads. Consequently, this work establishes an initial
formal security and privacy baseline necessary for the development of next-generation,
privacy-preserving intelligence consensus protocols.