Most people accept the way the internet works. Greg Magarshak didn't.
In 2011, the way social platforms worked was already settling into a pattern. Facebook held everyone's social graph. Google held everyone's identity. Twitter held everyone's public conversation. The platforms ran the show; the users were the product. If the platform decided to change its rules, raise its prices, or shut down entirely, the communities living on it had no recourse. Their data wasn't theirs. Their connections weren't theirs. Their continuity wasn't theirs.
Most people accepted this. It was the price of a free service. Most engineers who saw the problem built better products on top of the same foundations — slightly better Facebooks, slightly better Twitters. A few people instead asked: what if the foundation itself is wrong? What if communities should be able to host their own software, on their own infrastructure, federated with each other rather than living inside someone else's tenant?
That was the bet behind Qbix. It started in 2011 as a web platform built on a different assumption. Each community runs its own copy. Each user is a publisher rather than a data subject. Each community can talk to other communities without any of them living inside a single company's walled garden. The architecture made decisions that, at the time, seemed unnecessary. Why bother with all that federation work? Why insist that no central party hold the keys? The answer was something like: because the alternative is structurally bad, and somebody has to build the alternative before the moment when it's obviously needed.
This is the part of the story that's hard to convey because it isn't a product story. It's a foundation story. Foundations get more valuable over time without anyone noticing — every feature that gets added on top inherits the foundation's properties for free. After a year, that's barely noticeable. After fifteen years, the foundation is doing things no one would think to add to a fresh project. The patience the early bet required is the same patience that made the foundation increasingly valuable as time went on.
If communities should host their own social platform, why should they accept Visa and the banks for everything else?
The bet behind Qbix was about communities owning their own connections. The same logic, looked at honestly, said something about money too. When a community wants to handle value among its members — dues, contributions, redeemable credits, member rewards — the standard answer is to accept that money flows through Visa, Stripe, and a handful of banks. Those institutions can deplatform you, raise their fees, freeze your accounts, or surveil your transactions. The same problem as social platforms, in a different domain.
Intercoin, started in 2018, was the same instinct applied to money. Build the infrastructure that lets a community issue and transact in its own currency, on top of the same kind of substrate Qbix had been building. Intercoin used blockchain technology — the only practical way at the time to record and settle community-issued value without depending on a central party to keep the books. The architectural work was the familiar one: don't accept that value has to flow through gatekeepers; build the foundation that lets a community be its own.
What Intercoin also worked out — and this matters for what came next — was a different way of paying for the work. Most software companies fund themselves by raising venture money and giving up control of their company in exchange. Intercoin's approach was different: keep the company independent, keep the software open-source, monetize through tokens that grow in value as the system gets adopted, and protect the architectural ideas through patents so they can't be lifted into closed competing products. Open source increases adoption; tokens monetize adoption; patents protect the ideas. The model Intercoin worked out is now the same model that funds the AI work — under the names $SAFE and $SAFEBUX, but the structure was figured out at Intercoin years before AI needed it.
Most security work tries to build stronger locks. Safebox just removed the doors.
Software running on the internet has a specific problem. The people running it — system administrators, engineers, anyone with the keys — log in remotely to fix things, deploy updates, or investigate problems. The standard tool for this is called SSH: a way to open a secure remote terminal on a server and type commands as if you were sitting in front of it. It's how nearly all infrastructure is managed. It's also the single biggest source of catastrophic breaches. If those credentials get stolen, or if an administrator goes rogue, or if a hacker tricks them into typing the wrong thing, the entire system can be compromised. The standard response is to add more locks: stronger passwords, two-factor authentication, audit logs, intrusion detection. Each helps a little. None changes the basic fact that there's a way in.
Safebox started, well before AI was a serious topic, with a different question: what if there were no way in? Not "you shouldn't try to log in," but literally no SSH at all — no remote terminal for an administrator to walk through, no remote terminal for a hacker to pick. The way Safebox achieves this is technically involved (signed images of the entire system, multi-party approval before any change goes live, hardware that proves the running software matches what was approved). The result is unfamiliar but worth describing plainly: a server that, once running, cannot be modified by anyone, because there's no remote access to use to modify it. If you want to change something, the change has to go through a multi-person approval process and produce a new signed image, which becomes the new running system.
The implication is that an entire category of security threats stops existing. There's no credential to steal because there's no login. There's no insider threat because there's no insider access. There's no patched-up runtime to compromise because the runtime is sealed. The remaining risks are smaller, more inspectable, and structurally bounded in ways that the standard model never was. This is what changes when you take the question seriously instead of patching around it.
Safebox was built before AI made any of this urgent. The pattern — remove the dangerous capability, don't try to guard it — was already there when AI showed up and started asking similar questions about a new kind of actor.
The industry settled on chatbots. The substrate suggested a different shape — one that turned out to be safer, more controllable, and built for communities rather than individuals.
When AI got useful, the industry's framing converged within a couple of years. AI is a chat assistant. The chat assistant runs in someone else's cloud. The cloud company holds your conversation. The model decides what it does based on what you say. This was a reasonable product decision — it matched what users expected and what AI companies could easily build — but it was a frame, not the only possible architecture. And it hid the things it didn't represent.
What the chatbot frame hid: AI doesn't have to be one person talking to a model in someone else's data center. It can be communities working together with AI as a participant, on infrastructure they control, with conversations that live durably in their own foundation rather than evaporating after each session. The model doesn't have to be a stateless service running on someone else's hardware. It can run on infrastructure the community owns. The conversation doesn't have to be locked inside the AI company's product. It can be the community's own data, federated, audited, accumulating over time.
This is where fifteen years of foundation work suddenly became strategic. Qbix's substrate already supported community-owned data. The graph approach already supported the kinds of knowledge organization an AI system needs. Intercoin's economic model already provided a way to fund infrastructure without giving the company away. Safebox's safety pattern already provided the answer to "how do you let an AI take actions without letting it take dangerous ones." None of these were built for AI. All of them turned out to be exactly what AI needed.
Conversations, knowledge, decisions all live in the community's own foundation rather than the AI company's servers. They accumulate over time and stay accessible.
The AI can only do things it was specifically allowed to do. New instructions can't grant new capabilities. The boundary is enforced by software, not by the AI's good behavior.
When the community runs the AI on its own hardware, the costs and the privacy work very differently. AI companies charge per word because they have to discard your conversation between requests; running the model yourself lets you keep the in-progress state in memory (the KV cache) across many requests, which can be dramatically cheaper at scale. And the company doesn't see your conversations.
This is what Safebots is — the AI layer that sits on top of the foundation. Bots that participate in community conversations the way other members do. Bots whose capabilities are bounded by contracts the community defines. Bots whose knowledge comes from the community's own accumulated material rather than from a central AI company's training data. The architecture isn't novel because of any individual feature. It's the result of asking what AI looks like when it sits on a foundation built for community sovereignty rather than for advertising-supported social media.
Grokers reads the world. Safebots talks and acts. Safebox holds the result. Each is the same instinct applied to a different layer.
Grokers is the part that reads. A community has accumulated material — documents, codebases, brand guides, transcripts, notes — in whatever forms it was originally stored. Grokers reads all of it and translates it into the same shared format the community's foundation already uses. Whether the source was a PDF, a wiki page, a code repository, or a SKILL.md file (Anthropic's format for packaging AI instructions), the result is structured knowledge in the community's own graph, available to everything the community builds.
Safebots is the part that talks and acts. AI participates in community conversations as a member, with bounded capabilities the community has approved. The AI can read what the community knows, can suggest, can propose to take actions, but it cannot do anything that wasn't explicitly permitted. New instructions in the conversation don't expand what it can do. The line between "what the AI says" and "what the AI does" is sharp and enforced.
Safebox is the part that holds. The infrastructure where it all runs — sealed, signed, multi-party-approved, with no way for anyone to log in and change things behind the scenes. The community's accumulated knowledge, the AI's conversations, the records of what was decided and why, all sit in a place where the rules of how they're stored can't be quietly broken.
Insight arriving from whatever the community has gathered, made legible to the rest of the system.
AI as a participant in community conversation, with capabilities bounded by contracts the community has approved.
Infrastructure where decisions become durable. Sealed, signed, governed — what gets settled, stays settled.
The Hebrew letters above are names from a much older tradition for three faculties of the mind: Chochmah (insight, the flash), Binah (deliberation, working it out), and Da'at (knowledge, the durable settlement). The companion essay, Three Faculties of Wisdom, develops the idea more deeply. The point of mentioning it here is just to name the shape: the system isn't three separate pieces glued together. It's one philosophical instinct applied at three layers, and the three layers compose because they share the philosophy.
What unifies the trajectory isn't a thesis about AI, or about Web3, or about decentralization. It's something simpler. The dominant way of doing things is usually full of patches that nobody questions anymore. If you go down to the level where the original choices are visible, you can almost always find a different way that the industry has stopped looking for. Big tech said: trust us with your data. The substrate said: build it so trust isn't required. Banks said: trust us with your money. The substrate said: communities can issue their own. Operations said: trust your administrators with the keys. The substrate said: don't have keys to trust.
Each of these moves looked unnecessary at the time. Each of them turned out to be the right answer to a question that wasn't yet being asked clearly. The pattern isn't that consensus is always wrong. It's that consensus protects assumptions that nobody bothers to revisit, and revisiting them sometimes reveals an architecture that the consensus had stopped looking for.
The substrate carrying this work has been built on that instinct for fifteen years. Each layer added inherits the same way of thinking, applied at a new level. Safebox, Safebots, and Grokers are three of the most recent expressions of it. There will be others. The instinct is what persists, and the foundation is what carries it forward.
The companion essay — Three Faculties of Wisdom — describes the architecture as it stands today, with the philosophical frame that gives it shape. This essay is the background: how the architecture got built, what it took to be early, and why the patience turned out to be worth it. The bet was on the foundation. The bet paid off.