When the founder of Obsidian tweeted about using it with Claude Code, it went viral. People immediately understood what the combination enabled: local Markdown files, queried by a local AI, surfacing connections across years of notes without sending anything to the cloud. Balaji Srinivasan, speaking at SuperAI, started with this example and pushed it much further. As he put it:

“You can have local files with a local model, and you can make queries on all of your aggregated historical stuff, and you can learn things and remember something, make connections from two or three years ago that you wouldn’t be able to make before.”

His question: what if everything worked like that? His answer is a roadmap he calls “personal, private, programmable.” Local AI models, local file formats, local private keys, crypto usernames. You compute locally, exchange encrypted packets with your trusted network, and don’t need a central server.

Srinivasan identified ten driving forces from AI, crypto, and social media that make this feasible now. Several of them are independently significant:

1. Open weight models are a CapEx problem for closed AI companies

“The open weight models are only a few months behind the leading edge closed models. So in my view, it’s going to be hard for the closed models to basically pay back all of their CapEx.”

“In a sense, the open weight models are distilling closed models.”

The gap between open and closed AI models has compressed from years to months. If that gap stays narrow, the billions spent on training frontier closed models become a subsidy for the open-weight ecosystem that follows a few months later. The business model of selling API access to a proprietary model gets harder to defend when a locally runnable model does 90% of the job for free.

You can already download LM Studio and run models locally without any internet connection, and with quantization, these will run on phones. That’s the baseline for everything else in this talk: if the model runs locally, a lot of assumptions about what needs to be in the cloud start breaking down.

2. AI clones front-ends easily because eyes are GPUs

If open weight models can run locally, what can you actually build with them? Srinivasan’s answer starts with front-ends:

“AI is better for visual than verbal, and it’s better for front end than back end because your eyes have the equivalent of GPUs. So you can very quickly verify visual or a front end, and you’ll see, oh, these pixels are off. Oh, this box is off. This UI is a little slow or weird. Whereas verifying back end code, you have to sit with a coffee and really look through all of the cases, and it can be cognitively explosive.”

The front-end of any SaaS app is public: you can screenshot it, screen-record it, feed that into a model, and AI can replicate it. The moat shifts entirely to the back-end: the data model, the integrations, and the state management. For any product where the back-end is simple, the entire app is now cloneable. This is a direct consequence of local AI being good enough.

3. “File over app” changes when AI can compute on your files

And if AI can clone the front-end, what actually matters is the data underneath. Open file formats like Markdown, mbox, docx, and xlsx have existed for years. Local AI models change what those formats are worth:

“You can store your files, then you can compute on them, and so it actually matters — the file, not the app.”

I wrote in Why AI is forcing interoperability about how developers and power users are choosing tools that are interoperable with AI agents, and moving away from those that aren’t. This is the local-first version of the same pressure.

Every “export your data” feature goes from a compliance checkbox to an actual escape route. Srinivasan listed Markdown for notes, mbox for email, Git for code, docx and xlsx for productivity. Libraries exist for all of these in every major programming language.

4. Crypto wallets already solved the public key infrastructure problem

So you have local AI, local files, and cloneable interfaces, but to exchange anything securely between computers, you need encryption keys. This is the part most AI-focused audiences will underestimate:

“We have solved what’s called the PKI problem, the public key infrastructure problem, where in order to encrypt stuff, you need to have a private key locally.”

The constraint that held back decentralised apps for decades was key distribution:

“It’s easy to keep a private key secure if you store it very clandestinely. It’s easy to make it very available if you put it on your website. To make it both secure and available, it has to essentially be on your person at all times. It has to be something like a key or a wallet, and in fact, that’s what a crypto wallet is.”

Hundreds of millions of people now carry locally installed private keys in MetaMask, Trust Wallet, Coinbase Wallet, and hardware wallets. Problems that were theoretically solvable if everybody had secure and available private keys are now solvable: secure multi-party computation, encrypted messaging, authenticated packet exchange. I explored in Why AI Agents need Wallets how crypto wallets are ahead of fiat in enabling agentic commerce. The same wallet infrastructure doubles as the identity and encryption layer for local-first apps.

5. AI makes the attacker-defender asymmetry in cloud security worse

The infrastructure for local-first exists. The question is: why would anyone bother leaving the cloud, when cloud services are convenient? Srinivasan answer is that the cloud is becoming increasingly indefensible:

“The attacker has an advantage over the defender if your data is in a public cloud.”

“They only need to find the one hack. They only need to get in once, and then they get to exfiltrate lots of data and so on and so forth.”

AI-powered exploit tools make this asymmetry worse, because they can probe attack surfaces faster than any human security team. But Srinivasan makes a counterintuitive argument about what survives. Because blockchains are public and hold real value, they become the highest-incentive targets, and therefore the most hardened:

“Blockchains will get attacked first. There’s enormous financial incentives to fix them. They will suffer a bunch of hits, and then they’ll get fixed, and those are going to become the only truly secure and trustworthy backends because they’ve got public billion-dollar bug bounty on them.”

Private enterprise backends, with far less exposure to attack, don’t get that hardening. So the most secure infrastructure ends up being the public one, and the most vulnerable ends up being the private cloud.

6. Social media’s Tower of Babel moment is structural, not temporary

The security argument is the push toward decentralisation. The social reality provides additional momentum: the platforms people used to congregate on are breaking apart anyway, he claims.

“The acquisition of Twitter was like a Tower of Babel moment, where now you have many different social sub-networks of different political stripes, technical stripes.”

Srinivasan argues this is net positive, moving from “one global arena” to “many different kinds of social networks for many different kinds of users and degrees of location.” The crypto-native alternatives (Nostr, Lens, Farcaster) are part of this fragmentation. If the global town square is permanently broken, the replacements are many smaller, higher-trust networks, each with its own identity system and communication protocol. That maps directly to the “personal, private, programmable” thesis: communities running their own infrastructure, not depending on a single platform.

7. AI is breaking as many markets as it enables

And within that fragmented landscape, AI is making communication between groups actively worse. Everyone talks about AI taking jobs. Fewer people talk about AI creating noise:

“AI enables scams, spams, fakes, all the stuff which is many markets. AI is breaking maybe as many markets as it enables.”

“Between two tribes, person A spamming person B, sending a million recruiting emails or a million sales emails and so on and so forth. And what that does is it just radically increases the noise in the channel.”

As these open-domain models get better, it becomes harder and harder to distinguish a genuine inbound message from a stranger from an AI-generated one. So you stop taking messages from strangers, and only communicate within your trusted network:

“Do you even know there’s a human being on the side unless you met that person or a friend that you know met that person, you can’t trust that message. We’re still at the foothills of this, but this is going to become a very big theme over the next several years.”

This is already visible in email, LinkedIn, and cold outreach, and I probably understand this better than most because of how messed up email is.

8. AI’s negative impact on markets will create new jobs

Which produces a counterintuitive economic effect: Srinivasan claims that

“There’s going to be tons of jobs created in verification, attestation, notarization because of all the profusion of things.”

“The positive impact on the economy is destruction of jobs. The negative impact on the economy is going to be creating new jobs.”

The AI economy isn’t just about automation replacing human work. It’s also about AI-generated chaos requiring new human intermediaries. That’s a dimension of AI’s economic impact that gets far less attention than it should, and it connects directly to the “within tribe vs between tribe” framing that runs through this entire talk.

*

If all of the above is real, what do you build with? Srinivasan advice to builders is to look at what’s fallen out of the hype cycle:

“Stuff that’s two to three years old, it’s not the extremely leading-edge stuff, is often the stuff that we want to go back to look at because it’s sort of fallen out of the technical hype cycle, but it works now.”

He specifically named crypto staking for monetisation, XMTP for messaging, ENS and SNS for naming, and Farcaster for social. What’s new is that local AI models provide both the capability and the necessity for convergence:

“We can and perhaps must build apps in a totally new way.”

“The full synthesis of all of them, and in particular the local AI models that make it possible to clone any front-end and also make it necessary to decentralize away from the public front-ends, all that stuff is coming to a head right around now.”

That means decentralised versions of Signal, Gmail, Git, Word, and PowerPoint, all built on local files, local AI, local private keys, and crypto usernames, computing locally and exchanging encrypted packets without a central server.

Srinivasan’s bet is that users are both being pulled and pushed in the same direction, and the full synthesis is now feasible:

• The pull is productivity: all of your local files, all of your context across thousands of documents, in whatever user interface you want, which AI can now build quickly.

• The push is security: cloud infrastructure is increasingly targetable by AI-powered attacks, and the attacker only needs to get in once.

I’m not too sure about this

Srinivasan’s talk posits a scenario that is more likely to be adopted by a small minority of users, not the mass internet user base.

1. The usage gap is enormous: just like crypto adoption and indeed daily usage continues to be dwarfed by Internet usage, and even AI usage. Check Metamask’s own stats, and this is clearly off its peak.

Sure, a majority of wallets are inactive, and people can always be nudged into logging in, but the fact is that there has to be a significant enough use-case, and someone has to do that integration to enable this. Farcaster has hardly any daily active users, and not enough to push back against network effects of existing social networks.

2. The complexity is the real restriction: none of these tools are intuitive and easy to set up and use, and the cost of transition, and the overcoming of existing network effects, is going to be faced with significant friction. Google Docs and Slack are sticky because of real-time multiplayer collaboration, free to a point, and not just because of their interfaces. Tiago Forte was right to call out obsidian for its complexity for general users: it feels like a coding IDE, not a writing tool. I might use AI to process my notes in obsidian, but when I have to take notes across devices, I still go to Upnote.

You can talk about how local models will supplant cloud based models, and as much as I’d like that, how many people find it intuitive to set up local models and decide from the hundreds of thousands of models and versions of models on Hugging Face? Most people would rather pay $20 per month to use Opus 4.7 despite limits, over buying expensive hardware to run an inferior model locally. Meanwhile, why does Gemma 4 not work on PocketPal on my device, but works just fine on AI Gallery? The model capabilities on edge devices are significantly lower than cutting-edge models, and for users with deep use cases, that matters.

People need an intuitive, predictable and easy to use and trusted environment to operate, because their goal is not to deploy the latest tool, but use the tools to do the work they want to do, even if they have to pay a little.

Each of Srinivasan’s driving forces are real, but the real challenge lies in them converging as neatly as he expects.

The key question is whether the local-AI-plus-open-files-that-syncs-across-devices-with-crypto-wallets stack can beat cloud-based-easy-to-use-services, and how quickly, and my guess is, not very soon, and not very likely. The transaction cost of the switch is too high.