6. Security & Limitations

Osirium provides a verifiable pipeline between off-chain AI inference and on-chain logic by leveraging cryptographic signatures and Ethereum standards. While the architecture is lightweight and effective, it carries both strengths and current limitations.

✅ Strengths

• EIP-712 Signed Attestations Each AI output is signed using an EVM private key and structured via EIP-712, allowing for tamper-proof verification of the content source.

• Operator Traceability All attestations are linked to a specific MCP node address. Consumers can verify exactly which node generated a response and determine trust accordingly.

• Configurable & Stateless Nodes do not store prompt history beyond attestation scope, reducing the surface for data leaks or model exploitation.

• Source Transparency Prompts can be derived from human input or predefined external sources (e.g., X.com), with full traceability of origin → output → signature.

⚠️ Limitations

• No Zero-Knowledge Proofs Yet Osirium currently uses digital signatures, not zk-SNARKs/STARKs. It cannot prove the validity of the AI computation, only the authorship of the output.

• AI Model Is Off-Chain Claude AI runs off-chain via API. There's a trust assumption that the model processed the prompt as expected — not verifiable by the smart contract alone.

• Single Signer Design Each attestation is signed by a single node. There's no multi-node consensus or quorum model (yet), making it suitable for trusted environments.

• Model Risk / Prompt Injection Since prompts are sent directly to a commercial LLM, there's exposure to AI-level vulnerabilities such as prompt injection or biased outputs.

Osirium focuses on transparency and auditability over computational privacy. Future iterations may incorporate zero-knowledge verification and AI consensus mechanisms to reduce trust assumptions even further.