This post is short. It does three things.

It tells you what’s in the cookbook on sultanismyname.com that the substack series didn’t have room for. It names the open problems I’m still arguing with myself about. And it asks you, one last time, to pick a recipe.

What’s in the cookbook

The full bounded-dilution proof, including the worst-case scenarios with the parameter table and the math that produces the 43.75%number from posts two and three. The substack version was a summary. The cookbook version is the proof, the assumptions the proof depends on, and the cases where those assumptions might break.

The phased launch architecture. Months 1 through 6 cap the protocol at $50M of supply with 200% collateral ratios and zero SZK in the collateral mix. The cap and the ratio relax across published phases as specific stability criteria are met — diversity of collateral, depth of liquidity, time at peg, count of independent integrations. Each phase has a written exit criterion. The cap is not relaxed by governance vote. It is relaxed by meeting the criterion in observable on-chain data.

The cold-start story. The Stability Reserve Fund is empty at genesis. SZK has no price. Collateral diversity is minimal. The phased launch architecture is the answer to that, and the cookbook chapter spells out exactly what the protocol looks like in week one (cap binding, single high-quality collateral, no Layer 4 dilution available, conservative trigger thresholds), week twelve, and month six. There is a separate recipe on what not to do during cold start, which is most of what other projects have tried.

The cryptographic migration table. Component by component, primitive by primitive, status as of April 2026. What’s production today. What’s hybrid-ready in the next eighteen months. What’s the destination. Where the migration is hard and where it’s mechanical. Which signatures are most exposed to harvest-now-decrypt-later and which get the front of the queue.

The regulatory architecture, per relevant jurisdiction. The U.S. picture. The EU picture (MiCA-shaped). The UK picture. The Singapore picture. The G20 surface. What’s a design choice and what’s a legal question requiring counsel in venue. Which regulators I expect to be early movers and which to be slow. None of this is legal opinion. All of it is what I would tell my own board if I were standing this up.

The recipe index. Every design decision in StableZK as a numbered cookbook recipe. Problem, Solution, Discussion, See Also. This is the part the engineers will print and the part the policy people will quote. It is the load-bearing artifact of the document.

The FAQ. Every question I have already been asked, answered plainly. Why an L1 instead of a rollup. Why this isn’t Penumbra or Aztec or Maker. What happens at Q-Day if Phase 3 hasn’t shipped. Why the migration isn’t done. Whether this is competitive with USDC or complementary. Whether a central bank could really back a non-CBDC instrument like this. Each gets a paragraph. Each is honest.

What’s still open

The cookbook is more honest than the series has had room to be. Three open problems are worth naming in this post directly.

Fee-only security in the long run. The protocol’s economic security model has block rewards that taper across the first sixteen years and then approach zero. After that, the network’s security depends primarily on transaction-fee revenue. This is structurally similar to the question Bitcoin will eventually face when its block reward halves below the level that pays for security at then-current attack costs. The question is whether the fee surface produces enough revenue, distributed across enough validators, to keep the security budget above the attack budget. I have models that say yes under reasonable assumptions about adoption and transaction value. I have other models that say maybe. Yes and maybe are not the same answer. This is the open problem I am most willing to be wrong about and most actively working on. The cookbook chapter on long-run economic security lays out the assumptions, the sensitivity analysis, and the proposed monitoring framework. It also lays out what we’d do — concretely, in code — if the fee surface didn’t produce enough by year ten or twelve. Saying we will figure it out is the failure mode posts two and three were about. Saying here are three pre-committed responses, here are their trigger conditions, here is what triggers each is the work I owe.

Cross-chain ZK production-readiness. Phase 1 of the bridge architecture uses validator committee attestation as a transitional trust model. That is the same trust model the L1 itself uses for consensus, so we are not introducing a new trust assumption — but the goal is full ZK verification on the peer chain, which is not production-ready as of this writing across the chains we care about most. Estimated 12 to 18 months out. The cookbook chapter on cross-chain primitives is honest about which legs of the bridge are ZK today, which are committee, and which are hybrid. If you read that chapter and conclude the bridge isn’t where you’d like it yet, you and I are reading the same document the same way.

SZK reflexivity at Layer 4. The 15% cap closes the Terra loop in the worst-case math. It does not eliminate every reflexive dynamic in markets that don’t follow the worst-case path. In particular, dilution at the cap can interact with SZK’s own price discovery in ways that the static model can’t fully bound. The cookbook acknowledges this, characterizes the residual risk, and proposes a set of empirical tests we’d run in production to detect reflexivity early. Detect early is not the same as prove it can’t happen. I am not pretending it is.

There are other open problems. These three are the ones I want a smart skeptic to push back on. If you push back on any of them and tell me something the cookbook hasn’t already considered, I would like to know.

The number I want you to carry

If you forget every other parameter in StableZK, carry the 15% cap.

The cap is the difference between a ladder and a ramp. It is the parameter that closes the circular-backing failure mode that has eaten every algorithmic stablecoin to date. It is the parameter that produces a bounded worst case instead of an unbounded one. It is, structurally, the most important number in the design.

Every other parameter is calibration. The cap is the principle.

See also

• Posts 1 through 5 — the argument.

• Cookbook on sultanismyname.com — the receipts.

• GitHub — the code, the test suite, the formal verification artifacts, the audit reports.

• The whitepaper PDF — for the strict cryptographic specification.

Closer

I’m not selling a token in this series. I told you in the first post and have repeated it in every one. There has been no allocation raised against the run of these posts. If and when that changes, I will tell you in plain text in the post where it changes, before the rest of the post. The fact that this line is in every post is the point. Trust is the cumulative absence of betrayal. The right time to start writing it down is at the start.

Pick a recipe — fork it, send it to your CFO, send it to your CISO, send it to your regulator, write a counter-recipe, build a different ladder, build a different waterfall. The point of the cookbook is not that this is the only way to do it. The point is that there is a way to do it, that the tradeoffs the industry has been treating as inviolable are not, and that the next currency we ship had better not have a master key.

Money without a master key is not a slogan. It is a set of constraints that compose, that have a working reference implementation, and that the current cryptographic generation makes possible for the first time in financial history.

Pick a recipe. Act on it this week.

— Sultan

The move is: the conversation got stuck on a tradeoff that isn’t a tradeoff.

Privacy versus compliance. Decentralization versus stability. Speed versus safety. L1 sovereignty versus interoperability. Transparency versus surveillance. Each of these is a binary the industry treats as inviolable, and each of these is a binary that falls apart the moment you stop importing the constraint that produced it.

This post is a survey. Five entries, plus a sixth. Each entry follows the same shape: where the binary came from, why people still believe it, what falsifies it, and what StableZK does about it. The cookbook chapter for each is named at the end of the entry. Print this and put it on a wall somewhere.

What’s on the table

• Five widely-held false binaries in the industry as of April 2026

• Plus the sixth: deal with quantum later versus never ship anything

• StableZK’s resolution for each, with a cookbook reference

• A general-purpose pattern recognizer for spotting the next false binary as it appears

❦ ❦ ❦

1. Privacy versus compliance

Where it came from. Pre-cryptographic regulators had no way to verify a property of a transaction without seeing the transaction. Privacy and verification were structurally at odds.

Why people still believe it. The crypto industry’s first generation operated under the same constraint by inheritance. Every privacy product positioned against compliance. Every compliance product positioned against privacy. The framing fed both sides.

What falsifies it. Cash. The most-private financial instrument is also the one AML was first written for, and AML works against cash. Selective disclosure with the holder in the loop has been the operating model for a hundred years. Zero-knowledge proofs let crypto adopt the same model without the disclosure surface that the prior cryptography forced.

StableZK’s resolution. Default privacy via shielded transactions. Selective disclosure via scoped view keys. ZK compliance attestations for source of funds, sanctions screening, jurisdiction of residence, large-transfer reporting. No master key. The regulator gets what the regulator needs. Everyone else gets the privacy they should always have had.

Cookbook. Ch. 6, The Regulatory Perimeter.

2. Decentralization versus stability

Where it came from. The first generation of decentralized stablecoins were either over-collateralized at capital-inefficient ratios (Maker, c. 2018) or algorithmic without exogenous backing (UST, c. 2022). The over-collateralized ones survived but couldn’t scale. The algorithmic ones scaled but couldn’t survive. Industry split into “centralized stablecoins are bad” and “decentralized stablecoins don’t work” camps. Neither camp built the third option.

Why people still believe it. Because most projects pick one of the two camps. Centralized stablecoins (USDT, USDC) reintroduce the trusted party crypto exists to remove. Algorithmic stablecoins keep failing in public. The two failure modes reinforce each other.

What falsifies it. Stability is a credible commitment to escalate, not a state to maintain. A graduated ladder built on exogenous overcollateralization, with bounded protocol-token dilution as the lower rungs and an immutable waterfall at the bottom, is decentralized in the sense that matters (no admin, no master key, no foundation discretion in the room during a panic) and stable in the sense that matters (the peg is defended through five published mechanisms with proven worst-case math).

StableZK’s resolution. The five-layer GCSR. The 15% SZK collateral cap. The 130% floor. The 43.75% bounded-dilution proof. szUSD → szBOND → SZK in immutable code.

Cookbook. Ch. 4, The GCSR. Ch. 5, The Resolution Waterfall.

3. Speed versus safety

Where it came from. Early L1s had real consensus latency. The fastest chains skipped on validation; the safest chains skipped on throughput. Solana versus Ethereum, in the framing of the 2021 cycle, was speed versus safety.

Why people still believe it. Because performance optimization and security guarantees genuinely do trade against each other in naive consensus designs. The framing has truth at the boundary. The framing is wrong at the protocol-engineering level.

What falsifies it. MEV. The largest “speed versus safety” cost in the modern L1 stack is not consensus throughput. It is transaction ordering attacks. Front-running, sandwich attacks, and toxic flow extract value at the cost of fairness, and they are not solved by faster consensus. They are solved by ordering rules that prevent the leader from seeing transaction content before commitment.

StableZK’s resolution. StableBFT consensus with parallel views and BLS aggregation provides fast finality. A threshold-encrypted mempool ensures transactions are committed to ordering before their content is decryptable, eliminating the leader’s information advantage. Speed is preserved. Safety — defined to include fairness, not just liveness — is materially better than every L1 of comparable throughput. The tradeoff was an artifact of the framing, not the engineering.

Cookbook. Ch. 3, §3.4, MEV-Resistant Ordering.

4. L1 sovereignty versus interoperability

Where it came from. The rollup thesis: the only way to get interoperability with a settlement layer is to be an application running on top of that settlement layer. Sovereignty meant disconnection. Interoperability meant subordination.

Why people still believe it. Because the rollup ecosystem is loud and the rollup thesis is articulate and the rollup approach genuinely works for a class of applications. The class it works for is not “monetary system.” A rollup cannot implement a stability ladder because the rollup does not control its own ordering or finality. A rollup cannot make the resolution waterfall immutable in a sense that survives a settlement layer’s social-layer governance. A rollup cannot guarantee post-quantum migration of its own primitives independent of the settlement layer’s decisions.

What falsifies it. The interoperability part of the binary is solved by ZK light clients and bridge primitives that do not require subordination. A sovereign L1 can prove its state to a peer chain via a ZK proof verified on that peer chain. The peer chain does not have to be a parent chain. The cryptography is the interoperability layer. Sovereignty and interoperability are orthogonal dimensions, not points on a single axis.

StableZK’s resolution. Sovereign L1. Native bridges to the major settlement layers via ZK light clients (Phase 1 with validator committee attestation as a transitional simplification, full ZK verification in Phase 2 — this is one of the open work items the cookbook is honest about). The peer chains see StableZK as a peer. The bridge primitives are symmetric.

Cookbook. Ch. 3, §3.5, Cross-Chain Primitives; App. B FAQ on the rollup question.

5. Transparency versus surveillance

Where it came from. Bitcoin’s transparency was sold as a feature, then weaponized as a chain-analysis surface. Privacy chains responded by going opaque, which let regulators argue privacy implied criminality. The two camps spent a decade in a rhetoric war neither could win.

Why people still believe it. Because a public ledger and a private ledger really do present different surfaces to a chain analyst. The mechanism is real. The framing — that transparency to me requires surveillance of me — is what’s wrong.

What falsifies it. The unit of disclosure does not have to be the transaction. It can be the property. I sent funds within the protocol’s published rules is a property. No counterparty in my transaction history is on the sanctions list is a property. I have not exceeded my jurisdiction’s reporting threshold this year is a property. Each is provable cryptographically. The audit surface is the set of properties that can be proved on demand. The surveillance surface — what is visible without permission — is empty.

StableZK’s resolution. Default privacy. On-demand provability of exactly the property a verifier requires. Transparency to the right party at the right time at the holder’s discretion or under lawful warrant. No surveillance surface for anyone else.

Cookbook. Ch. 6, The Regulatory Perimeter; Ch. 2, §2.3, Privacy as a Property of the Whole Stack.

6. Deal with quantum later versus never ship anything

This is the bonus binary. It is also the one that animates the whole series.

Where it came from. PQ primitives are slower, larger, and harder to implement well. Production cryptography is conservative. The standardization process took until 2024. The narrative emerged that “quantum is a future problem” and that taking it on now would prevent shipping anything useful in the present.

Why people still believe it. Because the engineering cost is real and the deadline is uncertain. Both inputs are correct. The conclusion drawn from them is wrong.

What falsifies it. The harvest-now-decrypt-later threat means the deadline applies retroactively to anything you ship today. Every signature, every proof, every attestation produced under classical primitives becomes invalid the day the primitives break. Deferring the migration is not deferring a cost. It is committing the entire installed base to a re-attestation event on a date the engineering team does not control. The math on that is worse than the math on doing the migration in the design phase.

StableZK’s resolution. Phase 1 Groth16 and BLS in production today, with the acknowledged property that those primitives are not quantum-resistant. Phase 2 hybrid hash-based commitments alongside, buying integrity through the migration window. Phase 3 STARK or lattice-based ZK end-to-end. Re-attestation primitives in the protocol so that the migration is not a re-attestation event for the holder. The migration has a number on it. The number is not infinity. That, structurally, is the difference.

Cookbook. Ch. 3, Cryptographic Primitives — the migration table, the per-component status, the re-attestation recipes.

How to spot the next false binary

The pattern, in case it is useful: a tradeoff that is presented as inviolable is almost always a tradeoff that was real under the constraints of the prior generation of technology and is false under the current generation, but has not been re-examined because re-examining it would invalidate work the incumbents have already done.

The test: is the tradeoff still a tradeoff if we assume the cryptography of 2026 instead of the cryptography of 2010? If the answer is no, the tradeoff is artifact, not law. The work is to figure out which of those answers your industry is still importing.

I have publicly said the same is true of the supervisory rating system for banks. CAMELS was good for the era it was written. It is not good for the era we are in now. The thing that predicts a bank panic in 2026 is not the same thing CAMELS measures. We import the rating because re-examining it would invalidate forty years of supervisory practice. That is not a reason to keep the rating. It is a reason to do the work.

Same pattern. Same answer. Apply broadly.

See also

• Posts 1 through 4 — each binary’s full treatment.

• Post 6 — Money Without a Master Key. Hand-off to the cookbook.

• Cookbook — every chapter is, in some sense, the long-form treatment of one of the binaries above.

Closer

I’m not selling a token in this series. There is no allocation being raised against the run of these posts. If that changes I will tell you in plain text in the post where it changes, before the rest of the post. You should be tired of reading that line by now. That is the point.

Pick a recipe. The recipe in this post is the test. Find one tradeoff in your own work that you have been treating as inviolable. Run it through is this still a tradeoff under the cryptography of 2026? Most of the time, the answer will surprise you.

If the answer doesn’t surprise you, the tradeoff was real. Save your effort for the ones that aren’t.

— Sultan

There are roughly $2.3T in U.S. paper currency in active circulation. Not in vaults — in circulation, in wallets and registers and shoeboxes and under mattresses, moving from hand to hand without a counterparty record at any of the transitions. That instrument is the most-private financial instrument the modern American economy has produced. It is also one of the most regulated. The Bank Secrecy Act applies to cash. The Currency Transaction Reporting threshold applies to cash. Suspicious Activity Reports apply to cash. AML works against cash. It works well enough that the bulk of cash movement that should be reported is reported, and the bulk of laundering attempts that depend on cash get caught.

Read that sentence again. The most private instrument in the system is also the instrument compliance was first written for, and the system runs.

So when somebody tells you privacy and compliance are at war — that you have to pick one, that crypto’s privacy properties are inherently incompatible with regulatory oversight, that any system with default privacy is by construction a money-laundering machine — they are telling you something cash falsifies on its face every day, in every state, in every retail transaction, in every cash-deposit ticket walked into a teller window with a reasonable explanation.

The framing is wrong. This post is about why, and about what regulators actually object to (it isn’t privacy), and about what zero-knowledge cryptography lets you build that no prior generation of financial technology could.

What’s on the table

• U.S. paper currency in circulation: ~$2.3T, the most-private instrument in the system, the same system AML works in

• FATF Recommendation 16 (the “Travel Rule”): originator and beneficiary information transmitted with transfers above a threshold. Designed for wires. Specified before ZK existed

• FinCEN guidance on CVCs (convertible virtual currencies): focuses on Money Service Business obligations, source-of-funds attestation, sanctions screening. Almost none of it requires identity revelation when ZK can prove the underlying property

• StableZK’s view-key model: every account holder can issue a scoped view key to a third party (auditor, accountant, regulator with cause). The view key reveals exactly the slice of state the holder authorized. No master key exists

• ZK compliance attestations in StableZK: source-of-funds proof, sanctions-screening proof, jurisdiction-of-residence proof, tax-basis computation, large-transfer reporting. Each is a proof that the property holds without revealing what underlies the proof

• The migration path: Phase 1 Groth16 (production today, not quantum-resistant), Phase 3 STARK / lattice (the destination, quantum-resistant). Compliance attestations move with the migration

❦ ❦ ❦

The problem

The framing of privacy versus compliance as adversaries got baked into financial regulation in the pre-cryptographic era because, in that era, it was true.

Before zero-knowledge proofs, the only way to verify a property of a transaction was to see the transaction. The only way to verify that the originator wasn’t on a sanctions list was to know who the originator was. The only way to verify that the funds had a legitimate source was to see the chain of custody. Privacy and verification were fundamentally at odds because verification meant disclosure. Compliance regimes inherited that constraint because they had no other option. The regimes are not stupid. They were built against the cryptography of their time.

Cash got carved out of the worst of this through a different route. Cash is not infinitely divisible by counterparty record because nobody asks you for the counterparty record. The implicit deal is: we accept lower auditability per transaction in exchange for the friction of physical handling, which makes large-scale laundering operationally hard. That deal worked because cash has bandwidth limits. You cannot move $50M in suitcases without somebody noticing the suitcases. The compliance regime around cash is structured to catch the suitcases, not the singles.

Crypto’s first generation broke that deal in both directions. It removed the bandwidth limits — you can move $50M in a transaction with no physical correlate at all — and it also removed the privacy, because the public ledger is a counterparty record by default. So compliance regimes responded the way they were trained: more disclosure, harder identity gates, KYC at every on-ramp, off-ramp, and venue. The result is a system where users have neither cash’s privacy nor banking’s regulatory clarity. The worst of both worlds, by design, because the framing assumed those properties were a tradeoff.

Then zero-knowledge proofs arrived in production and the assumption stopped holding.

Here’s the part I want you to read precisely.

A zero-knowledge proof of a property does not require revealing the underlying state. Every regulatory ask that previously required disclosure can be reformulated as a property to be proved. Are you on the sanctions list is a property. Did your funds come from a non-sanctioned source is a property. Is your aggregate annual transfer below the reporting threshold is a property. Are you a tax resident of a jurisdiction that requires you to file is a property. Every one of these can be proved cryptographically without the holder revealing identity, transaction history, counterparty list, or balance.

Which means the compliance regime can ask the same questions it has always asked — and get the same answers — without the disclosure that previously came as the price of the answer.

That is the whole insight. The compliance regime is unchanged. The disclosure surface collapses.

What regulators actually object to

I worked for a bank regulator. I have spent a lot of time in rooms with other bank regulators. The thing I will tell you, having sat in those rooms, is that regulators do not object to privacy.

What regulators object to is the inability to enforce the law when there is probable cause. They object to designs where, when the warrant arrives, the records do not exist. They object to designs where their tools — sanctions enforcement, AML enforcement, tax enforcement, court orders — cannot reach the relevant slice of state because no slice exists or because the slice cannot be authoritatively produced.

This is a different objection from “we want to see everyone’s transactions all the time.” It is an objection that says: for the small fraction of cases where lawful enforcement is warranted, the system has to be able to produce what’s needed. The number of cases where this kicks in is small. The default state of every other holder is privacy.

This is exactly the deal cash already operates under. Walk into a bank, deposit five thousand dollars in cash with a reasonable explanation, and the bank will accept the deposit, generate a CTR if applicable, and otherwise leave you alone. Get convicted of money laundering and the IRS can subpoena the bank’s records of your deposit. The deal is default privacy with selective disclosure on cause. It has worked for a hundred years.

The deal does not require a master key. It does not require everyone’s transactions visible to everyone all the time. It does not require KYC on every micropayment. It requires that the system be capable of producing the right answer for the small fraction of cases where the law has cause. That is satisfiable cryptographically without recreating any of the disclosure surface that gave the prior framing its teeth.

The decision

StableZK ships a four-part regulatory architecture. None of it requires a master key. None of it requires identity revelation by default. All of it satisfies the compliance asks that actual financial regulators have actually made.

One. The view-key model. Every account holder can issue a scoped view key to a third party. The scope is set by the holder: a specific time range, a specific counterparty, a specific category of transaction. The view key reveals exactly the slice of state the holder authorized and nothing more. There is no master key. There is no protocol-level admin who can read accounts. The third party — auditor, accountant, regulator with a warrant — gets exactly what they were supposed to get and exactly nothing else. Selective disclosure with the holder in the loop.

Two. ZK compliance attestations. A holder can prove a property of their account without revealing the account. I am not on the OFAC sanctions list, proved against the published list, with no identity revelation. My funds were sourced from non-sanctioned counterparties, proved across the chain of custody, with no counterparty revelation. My aggregate transfers this year are below the FATCA threshold, proved against the holder’s history, with no balance revelation. The protocol ships a library of attestation circuits for the obvious regulatory asks. New asks are additive. The pattern is composable.

Three. The warrant model. When a court order with cause arrives at a regulated counterparty (an exchange, a custody desk, a fund), the counterparty’s compliance team uses its existing access to the account holders it serves to produce the slice the warrant requires. This is the same model banks already operate. StableZK does not introduce a new disclosure surface; it permits the existing one to operate cryptographically. The regulator does not need a master key on the protocol because the regulator already has subpoena power over the regulated counterparty.

Four. Suspicious-activity attestation. Regulated counterparties operating on StableZK can produce SAR-equivalent reports — large-transfer flags, structuring detection, sanctioned-counterparty proximity — using ZK attestations from the holder’s account, with the counterparty as the recipient of the disclosure. Same regulatory output. Different disclosure surface. The counterparty sees what they need. The protocol sees nothing.

The four pieces compose. A regulated exchange operating on StableZK can do its KYC at onboarding (off-protocol), accept ZK attestations from the holder during operation (on-protocol), produce SARs and CTRs for the regulator (off-protocol), and respond to warrants with scoped view keys against the holder’s account (on-protocol). Every regulatory output the existing system produces is producible. The protocol is not visible to the regulator and does not need to be.

What this looks like under the post-quantum decision

Compliance attestations are the place where the post-quantum migration matters most, and most quietly.

A regulator who accepts a ZK attestation today is accepting the cryptographic claim that the underlying property held at the time the proof was generated. If the proof system gets broken — by a quantum capability or any other classical break — the attestation becomes retroactively unsound. Every “I was not on the sanctions list” proof in the chain history becomes a proof of nothing in particular.

This is the worst kind of cryptographic failure to inherit. Compliance attestations are exactly the artifacts whose value depends on long-term integrity. A bank’s records have to be auditable for years after the transaction. A SAR has to be defensible if the case goes to court a decade later. A tax-basis computation has to hold up to an audit five years out. The proofs have to outlive the proof system.

The path is the one Post 1 named. Phase 1 Groth16 in production today, with the acknowledged property that those proofs are not quantum-resistant. Phase 2 hybrid hash-based commitments alongside, buying integrity through the migration. Phase 3 STARK or lattice-based ZK end-to-end, quantum-resistant, with proofs that survive cryptographic regime change.

The cookbook chapter on the regulatory perimeter has the migration table. There is a recipe for re-attestation under primitive change — proofs generated under Phase 1 can be replayed under Phase 3 against the same underlying state, producing fresh proofs whose cryptographic integrity outlasts the original system. That recipe is non-trivial. It is also necessary. Without it, the compliance attestations have a shelf life. With it, they don’t.

What this isn’t

This is not a claim that ZK compliance is easier than the prior regime. It is harder. The circuits are non-trivial. The libraries are immature. The integration burden on regulated counterparties is real. There is real implementation work between we have ZK proofs and the FinCEN examiner accepts them as a substitute for transaction-level disclosure. Some of that work is technical. Most of it is institutional — getting the regulator’s tooling, training, and procedural confidence to a place where the proofs are accepted as sufficient. That is not a one-year project.

It is also not a claim that ZK compliance is complete. There are regulatory asks that don’t reduce cleanly to a property of a single account. Coordinated structuring across multiple accounts, for example, is a pattern that requires comparison across holders. The view-key model handles this through the regulated counterparty layer rather than at the protocol layer. That is a deliberate choice. The protocol’s job is not to be the regulator. The protocol’s job is to be a place a regulated counterparty can operate without the protocol itself becoming the disclosure surface.

It is not a claim that this satisfies every jurisdiction. The cookbook is explicit: the regulatory framework is a design, not a legal opinion. Specific jurisdictional implementations will be developed in collaboration with counsel in each relevant venue. What I will say is that the design is built to be implementable in jurisdictions that take regulator effectiveness seriously, and that the regulators I have spent time with — U.S. and otherwise — recognize the difference between privacy and opacity. They want privacy. They will not accept opacity. The design gives the first and rejects the second.

See also

• Post 1 — Inside the Quantum Window. Why the proof system has to migrate.

• Post 3 — Make the Waterfall Immutable Or Don’t Bother. Why “no master key” is structural, not a marketing line.

• Post 5 — The False Binaries. The pattern this is one instance of.

• Cookbook Ch. 6 — The Regulatory Perimeter. The full architecture, the per-jurisdiction notes, the FAQ for examiners.

Closer

I’m not selling a token in this series. The protocol token (SZK) exists in the design and there is no allocation being raised against the run of these posts. If that changes I will tell you, in plain text, in the post where it changes, before the rest of the post.

Pick a recipe. If you operate a regulated counterparty in this space — a bank, an exchange, a custody desk, a fund — read your current disclosure surface. Then ask which of those disclosures is required because the regulator needs the property to hold and which is required because the cryptography of 1985 had no other way to verify it. The first set is permanent. The second set is migrate-able. The migration is worth real money in lower disclosure liability and real customer trust in default privacy.

Anyone who tells you privacy and compliance are at war is selling you something. Usually a surveillance product. Sometimes a privacy product. Always something.

— Sultan

You can change the columns over decades through legislation. You cannot change them on the day the bank fails. The order being known and unchangeable is the entire reason an FDIC receivership doesn’t trigger a panic that destroys the next three banks down the street. Depositors don’t run because they know their column. Subordinated holders don’t sue because they know their column. Equity holders absorb because they always knew they were the column at the bottom.

It is the part of bank resolution that works best.

It is also the part crypto has refused, for fifteen years, to import.

What’s on the table

• The L1: StableZK. Three asset classes: szUSD (dollar-pegged), szBOND (yield-bearing junior debt), SZK (protocol token, equity-shaped)

• The waterfall: szUSD → szBOND → SZK. Senior to junior to last. Immutable in code. Cannot be reordered by governance

• The floor: 130% minimum collateral ratio. Cannot be lowered by governance, ever, period

• What governance can touch: trigger thresholds within published bounds, fee schedules within published bounds, parameter spaces with explicit ceilings

• What governance cannot touch: the order of the waterfall, the floor, the 15% SZK collateral cap, the bounded-dilution math

• CAMELS: the supervisory rating system that’s supposed to evaluate this kind of thing for actual banks, doesn’t, and I have publicly said needs a refresh

❦ ❦ ❦

The problem

A bank run starts when depositors are not sure which column they’re in.

That sentence is doing more work than it looks like. The mechanism of a bank run is not greed and it is not panic. The mechanism is uncertainty about loss absorption priority. If I know with certainty that I am insured, I do not run. If I know with certainty that I am uninsured, I run early — but I run only once, and the second-mover doesn’t accelerate me. If I do not know which I am, I run, the next person sees me running, and the line outside the building is now longer than the staff inside it.

This is why deposit insurance works. Not because it covers all possible losses — it doesn’t, and it isn’t supposed to — but because it makes the uncertainty go away for the class of holder who would otherwise drive the panic. Insured depositors know their column. They walk past the building. The run is contained to the columns where loss absorption was always going to happen.

Now look at what crypto has done with this for fifteen years.

The DAO. June 2016. A reentrancy bug drains roughly a third of the contract. The community holds an emergency vote on whether to hard-fork the chain to reverse the theft. The fork passes. The fork creates Ethereum and Ethereum Classic, which is to say it creates two chains because the loss absorption rule was decided in a vote after the loss happened. There was no published column. There was a debate.

Terra / UST. May 2022. As the peg breaks, governance proposals fly. Burn UST. Mint LUNA. Halt LUNA. Restart the chain without the bad actors. Each proposal is an attempt to write the loss absorption rule under fire. The market prices the debate, not the protocol. The debate is the run accelerant.

The various stablecoin emergency-power clauses written in the founding documents of basically every algorithmic and partially-algorithmic stablecoin in the post-Terra wave. They all read the same way. Article XII: In the event of a sustained loss of peg, the foundation may, at its sole discretion, deploy emergency mechanisms including but not limited to… The reader stops at “sole discretion.” Sole discretion is the opposite of a published column. Sole discretion is “we will figure out who absorbs after we see how bad it is.” That language is calibrated to make the writers feel safe. It makes the holders run.

Here is the part I want you to read precisely.

Ambiguity about loss absorption priority is the run mechanism. Not the trigger. The mechanism. A protocol with an immutable waterfall and a 5x worse credit profile is more run-resistant than a protocol with a 5x better credit profile and a discretionary one. The credit profile sets how often the run starts. The waterfall sets whether the run reaches second-mover scale. Most projects spend ninety-five percent of their attention on the first and almost none on the second.

CAMELS, the supervisory rating system the U.S. uses for chartered banks, doesn’t catch this either. C is capital adequacy. A is asset quality. M is management. E is earnings. L is liquidity. S, added in 1996, is sensitivity to market risk. Six letters. Five of them measure how the institution is doing under conditions where the resolution playbook is an afterthought. The resolution-readiness of the playbook itself is not a CAMELS factor. I have publicly argued the rating needs a refresh because the thing that actually predicts a panic is the credibility of the resolution path, and we don’t measure it. Crypto has the same problem in a more acute form, on a faster clock, with no examiner.

The decision

StableZK has three asset classes, in published priority order, with the order written into the protocol such that no governance call can rewrite it.

szUSD — the dollar-pegged asset. Senior. Holders of szUSD are made whole first in a resolution event, to the extent of available collateral. This is the column the depositor is in. The reason szUSD can carry a credible peg is that holders know, with the same certainty an insured depositor knows about FDIC insurance, that they are not the column that absorbs.

szBOND — the yield-bearing junior instrument. Subordinated. Holders accept loss absorption ahead of szUSD in exchange for yield. This is the column the senior unsecured creditor is in. szBOND exists, in part, to be a credible loss absorber so that szUSD does not have to be. A protocol without an instrument like szBOND is a protocol whose dollar-pegged asset is the first absorber by default, which is a protocol whose dollar peg is implicitly junior to its own token. That is exactly Terra’s mistake.

SZK — the protocol token. Equity-shaped. SZK absorbs last and is the dilutive instrument in Layer 4 of the GCSR ladder from the previous post. Holders of SZK are buying the upside of the protocol’s success and the corresponding obligation to absorb the downside of its failure. This is the column the equity holder is in. They always knew.

The waterfall is szUSD → szBOND → SZK. The order is in code. There is no admin function that can reorder it. There is no governance proposal that can amend it. The only way to change the order is to fork the chain — which, like the Bitcoin supply curve, is not a parameter change but an exit from one network and the start of another. That is the right cost for changing a rule that load-bearing.

The floor is the 130% minimum collateral ratio. New issuance below that ratio is rejected by the protocol. The floor is in code. Governance cannot lower it. Governance can adjust above it — within published bounds — but the floor is the floor.

The 15% SZK collateral cap from the previous post is the same kind of constraint. In code. Above the cap, governance cannot allocate more of the protocol’s own token to back the dollar-pegged asset. Below the cap, governance can flex within bounds.

What governance can touch is, deliberately, a small set: trigger thresholds within published bounds, fee schedules within published bounds, parameter spaces with explicit ceilings. The full list is in the cookbook. The principle is the one Bagehot would recognize. The ladder rungs and their order are out of the room. The room can vote on details.

Why immutable in code beats immutable on paper

Article XII of a foundation charter can be amended by the foundation. Smart contract code with no admin function cannot. This is the substantive difference between a written rule and a rule that has been removed from the room.

Bitcoin’s monetary policy works for the same reason. There is no admin function on the supply curve. The 21M cap is enforced not by foundation discipline but by node software that rejects blocks that mint more. A hard fork could change it. A vote cannot. The cost of changing the rule is the cost of forking the network — which is to say, the cost of replacing the rule is the cost of replacing the network. That cost is the credibility.

The waterfall in StableZK works the same way. There is no governance path that reorders szUSD and SZK. To do it, you would have to fork. The cost of forking is the cost of the credibility you would lose by doing it. The room cannot weigh that cost in a panic and the room is structurally barred from trying.

This is the part of bank resolution that crypto has refused to import. The legislative half — the columns being written down — yes, sometimes, on paper. The structural half — the columns being out of reach during the event — almost never. Almost never is the part that matters. Almost never is what the market prices.

What this looks like under the post-quantum decision

Every governance call carries a signature. If a future quantum capability can forge those signatures, an attacker with a forged governance vote in their pocket can in principle execute any move governance is authorized to make. That is the threat surface of a governance system.

The waterfall being out of reach to governance is therefore also out of reach to an attacker who has compromised the governance signing primitive. The 130% floor is out of reach. The 15% SZK cap is out of reach. The order of szUSD → szBOND → SZK is out of reach. A successful PQ attack on governance can change parameter spaces, fee schedules, trigger thresholds — within published bounds — and not the bounds themselves.

This is not a substitute for migrating governance signatures to PQ primitives. We are doing both. It is a structural defense in depth: the things that matter most are out of governance’s reach, so they are out of a compromised governance’s reach.

What this isn’t

This is not a claim that no rule should ever be changeable. The cookbook describes a small set of governance perimeter changesthat require both a supermajority vote and a long timelock — measured in months, not blocks. Those changes are the legislative half. They are slow on purpose. They cannot be deployed under fire.

It is not a claim that the order I picked is the only correct one. I argue with myself about whether szBOND should be one tier or multiple — whether there should be a senior subordinated and a junior subordinated, the way bank capital structures usually have. The cookbook lays out the case for and against. I landed on one tier because the marginal credibility of more granularity didn’t beat the marginal complexity. Reasonable people disagree.

It is not a claim that immutability is free. Immutability cuts both ways. A bug in the waterfall code is also unfixable by governance. The mitigation is that the waterfall is a small, audit-rich, formally-verified piece of code with a deliberately narrow surface area. Narrow is the operative word. The waterfall does one thing — distribute available collateral in priority order — and it does that thing in fewer than a thousand lines of consensus-critical code. If a system needs ten thousand lines of immutable code, the system is wrong before the immutability is wrong.

See also

• Post 1 — Inside the Quantum Window. The decision that forced everything.

• Post 2 — Bagehot Was Right. The five-layer escalation ladder that produces the waterfall as its terminal rung.

• Post 4 — Privacy and Compliance Aren’t Enemies. Why the same logic — small load-bearing rules, taken out of governance’s reach — applies to the regulatory perimeter.

• Cookbook Ch. 5 — The Resolution Waterfall. The contract surface, the audit story, the formal-verification posture, the FAQ on edge cases.

Closer

I’m not selling a token in this series. I told you in posts one and two and I’m telling you now. The protocol token (SZK) exists in the design because the dilutive backstop needs something to dilute. There is no presale running against the run of these posts and no allocation being asked for at the end. If that changes I will tell you, in plain text, in the post where it changes, before the rest of the post.

Pick a recipe. Read your stablecoin’s resolution language. If the document you read uses the phrase sole discretion, the protocol you hold has no published column. The market will price that. Print this post and hand it to the team that runs the protocol. Ask them to publish the column.

If they can’t tell you which column you’re in, you already know.

— Sultan

That sentence is the entire reason functioning monetary systems function. Every currency that lasts more than a generation has some version of it baked in. Every currency that doesn’t, doesn’t.

When I served at the FDIC I watched the corollary at work. Banks under stress did not want graduated intervention. They wanted a circuit breaker — a hard stop, an injection, a rescue, a clean switch flipped. That is not what a regulator gives a bank under stress. What a regulator gives a bank under stress is the next step on a known ladder: capital action, asset action, supervisory action, receivership. The order is published. The trigger conditions are published. The commitment to walk down the ladder is the entire game.

You can disagree with which rungs are on the ladder. You cannot remove the ladder.

This post is about why every decentralized stablecoin to date has been built without one, and what it costs to build one back in.

What’s on the table

• Terra / UST: peak supply ~$18.7B, collapsed to ~$0 in roughly seven days, May 2022

• DAI on Black Thursday: March 12, 2020 — keeper auctions cleared at zero, ~$8M of bad debt entered the system from oracle latency and gas spikes

• USDC during the SVB weekend: March 10–13, 2023 — depegged to ~$0.87 on news that ~$3.3B of reserves were held at a failing bank

• Bagehot’s principle: lend freely, at a penalty rate, against good collateral. Lombard Street, Henry S. King, 1873

• The L1 I’ve been building: a five-layer graduated stability regime with one cap that matters and one waterfall that matters

• The cap: 15% of collateral may come from the protocol’s own token. The number is the entire ballgame

• The proof: in the worst case, where the protocol’s own token goes to zero AND every other piece of exogenous collateral loses fifty percent of its value at the same time, maximum dilution is bounded at 43.75%. Bounded. Convergent. Survivable.

❦ ❦ ❦

The problem

Every stablecoin failure that mattered was a failure of escalation, not a failure of code.

Terra was the most spectacular and the most instructive. The stability mechanism was a one-step move: if UST traded below a dollar, you could burn it for a dollar of LUNA. The mechanism was elegant and proved through quiet markets. It had no second step. When the trade got large, the dollar of LUNA became a dollar of LUNA-falling, then a dollar of LUNA-collapsing, then a dollar of nothing. There was no rung two. Anchor’s yield exit accelerated the run. The system did not have a ladder. It had a ramp.

DAI’s near-failure on Black Thursday was a different shape and the same lesson. Maker had a single auction mechanism for liquidating undercollateralized vaults. It worked when the network worked. Under network stress — gas spikes, oracle delays, keepers offline — auctions cleared at zero and the protocol absorbed the loss. The mechanism was correct in steady state. It had no escalation in the state where steady state had broken. The recovery was a hand-built MKR auction stitched together over weeks. That was a rescue. That was Bagehot in the breach. The thing the protocol was missing wasn’t intelligence. It was a written next move.

USDC’s SVB weekend was the most polite of the three. The peg recovered. Circle made depositors whole. The asset that matters never zeroed. But the depeg — three days at eighty-seven cents — happened because the system had no advertised escalation between full backing in cash equivalents and waiting for the FDIC to figure out who gets what. The market priced the gap. The market always prices the gap.

The pattern is the same in all three cases. The mechanism worked at the design point. It had no second mechanism. It had no third. Stability was treated as a state to be maintained, with one circuit breaker for when the state was lost. That is not how a currency stays a currency. That is how a currency wins on quiet days and loses on the day that matters.

Here’s the part I want you to read precisely.

A monetary system is not credible because of the mechanism it operates in steady state. It is credible because of the mechanisms it has committed to deploy as conditions deteriorate. The commitment is the credibility. The mechanism is the implementation of the commitment.

Bagehot is one sentence about three rungs of a ladder. Modern central banks operate ladders with a dozen rungs each. Their credibility comes from the public knowledge that the ladder exists, that the trigger conditions are written down, and that the ladder cannot be removed by anyone in the room when the room is on fire.

Every decentralized stablecoin to date has shipped without that ladder. They have shipped a circuit breaker, dressed up as a mechanism, with a marketing line that called it innovation. Innovation is the wrong word. Stability is the oldest unsolved problem in money. It does not yield to clever code. It yields to credible commitment.

The decision

The L1 I’ve been building has a five-layer escalation regime. I’ll walk it once. Each layer is a rung of a ladder. The ladder is published, immutable, and the trigger conditions live in code.

Layer 1 — Over-collateralization. Every unit of the dollar-pegged asset is backed by at least 150% exogenous collateral at issuance. This is the steady-state buffer. Maker did this. It works.

Layer 2 — Algorithmic adjustment. When the peg deviates beyond a threshold, the protocol begins automatic operations: bond issuance to soak up supply, reserve deployment to defend the peg, fee adjustments. The point is not that any single tool is decisive. The point is that the move is automatic, sized, and visible.

Layer 3 — Emergency facilities. If Layer 2 doesn’t restore the peg, the protocol elevates required collateral ratios on new issuance and offers fee incentives for users to redeem out of the system. This is Bagehot literally — penalty rate, good collateral. It widens the spread until the trade becomes attractive enough to clear.

Layer 4 — Dilutive backstop. If the peg is still under threat, the protocol mints and sells the protocol’s own token (SZK, in the L1 I’ll name in the next post) into a market-clearing auction, with proceeds purchasing the dollar-pegged asset to defend the peg. This is the rung that ate Terra. The difference is in two parameters and one proof.

Layer 5 — Resolution waterfall. If the system cannot defend the peg even with dilution, the priority order for loss absorption is immutable: the dollar-pegged asset is made whole first, the bond instrument absorbs second, the protocol token absorbs last. The order is in code. It cannot be changed by governance during a crisis. The next post is about why.

The whole thing only works because of two parameters and one proof.

The first parameter: the protocol’s own token is capped at 15% of total collateral. It is the rung that exists, with a ceiling. Terra’s design had no ceiling — UST was effectively backed by LUNA without limit, and LUNA’s value was supported by the demand for UST. That is a circle, not a ladder. A ceiling on self-collateralization breaks the circle.

The second parameter: the minimum collateral ratio is enforced at a hard floor of 130% and that floor cannot be lowered by governance. Not voted down. Not adjusted under stress. The floor is in code, the same as the waterfall is in code.

The proof: under the worst joint scenario this design admits — the protocol’s own token goes to zero, every other piece of exogenous collateral loses fifty percent of its value, and the dilution mechanism runs to its bounded limit — the maximum deficit relative to outstanding supply is 43.75%. Bounded. Convergent. The math is in chapter four of the cookbook.

Forty-three percent is bad. Bounded forty-three percent is survivable. Unbounded death-spiral is not. The difference between a number with a ceiling and a number with no ceiling is the difference between a haircut and a collapse. It is also the difference between something a central bank could underwrite and something no serious institution will go near.

This is the entire ballgame. The number is 15%. The proof is the proof. Without them you have a ramp. With them you have a ladder.

What this looks like under the post-quantum decision

Post 1 said the architecture treats post-quantum resilience as a property of the whole stack. The ladder is part of the stack. Every signature that triggers an escalation — every governance call that adjusts a parameter, every oracle update that crosses a threshold, every auction transaction that mints SZK — is itself a cryptographic commitment. If those primitives can be forged after Q-Day, the ladder becomes a vector. The defender’s escalation machinery becomes the attacker’s escalation machinery.

This is why post-quantum migration cannot be deferred for a stability protocol the way it can sometimes be deferred for a payments protocol. Payments fail per-transaction. Stability fails per-system. A single forged escalation against a stability ladder is not a transaction loss. It is a peg loss. Nothing about that recovers.

The cookbook chapter on cryptographic primitives covers which signature schemes are load-bearing for escalation transactions specifically and which are along for the ride. The migration path is staged so that the escalation surface gets PQ first.

What this isn’t

This is not a claim that the design is perfect. There are open problems I argue with myself about, and one is Layer 4 reflexivity. The fifteen-percent cap closes the Terra loop. It does not eliminate every reflexive dynamic. In a sufficiently brittle market, dilution at the cap may still feed back into protocol-token price in ways the model can’t fully bound a priori. The cookbook spells out where the model holds and where it relies on assumptions that have to be tested in production. I am not pretending the math is the world. The math is a constraint on how badly the world can behave.

It is also not a claim that this is the only design that works. Bagehot’s principle is older than blockchains and more general than any specific implementation. There are other ladders that would also satisfy it. This is the one I built because it is the one I think survives the constraints I care about — post-quantum durability, regulatory perimeter, MEV-free ordering, and central-bank adoptability without becoming a CBDC.

The last constraint is worth a sentence on its own. A monetary system that wants a central bank to credibly back it without becoming a CBDC has to operate the ladder a central bank already operates, in a form a central bank can underwrite. The ladder isn’t there to look like a central bank. It’s there to be one a central bank could use.

See also

• Post 1 — Inside the Quantum Window. The decision that forced everything.

• Post 3 — Make the Waterfall Immutable Or Don’t Bother. Why Layer 5 cannot be governance-mutable. The L1 gets a name.

• Cookbook Ch. 4 — The GCSR. The full bounded-dilution proof, the worst-case scenarios with numbers, the parameter table.

Closer

I’m not selling a token in this series. The protocol’s own token exists in the design — it has to, or the dilutive backstop has nothing to dilute — but no allocation is being raised against the run of these posts. If that changes I will tell you in plain text in the post where it changes, before the rest of the post.

Pick a recipe. If you operate a stablecoin and your stability section is one paragraph long, your stability mechanism is probably one rung of a ladder. Find your second rung. Write down its trigger condition. Publish it. If you can’t, you have a circuit breaker, not a system. There is a difference, and the market knows.

Bagehot was right.

— Sultan

I served as the inaugural Chief Innovation Officer of the FDIC. The job teaches you one thing the policy schools can’t: financial systems do not fail the way their operators are ready for. They fail in the corner you didn’t game out. The credit shock is the one you priced. The run is the one you didn’t.

I left that role for reasons I’ve written about elsewhere. The discipline I took with me was simple: go back to first principles, demand evidence that’s been challenged in public, be honest about what your data can and can’t tell you. It’s why I’ve publicly said CAMELS ratings need a serious refresh. In Q3 2023 I pointed that discipline at digital money and didn’t like what I found.

The shorthand for the project I started afterwards is “an L1 I’ve been building.” I’ll name it in post three. For now what matters is the question I started from, and why it sent me back to first principles for three years.

The question was simple and unkind: what would a digital monetary system have to look like to survive across cryptographic regime change and if a central bank were to get behind it (without going down the central bank digital currency route)?

What’s on the table

• Bitcoin market cap: ~$1.57T (Apr 2026)

• NIST FIPS 203 / 204 / 205 (post-quantum signatures and KEMs): finalized August 2024

• The current best public CRQC estimates from the labs whose numbers I trust: a range, not a date. Center of the range, optimistic side, is uncomfortably close

• “Q-Day” used in this series: the first day a cryptographically relevant quantum computer exists in private hands and is willing to use it

• Working assumption in this series: the parties most likely to hold a CRQC first are not optimizing for Bitcoin’s market cap

❦ ❦ ❦

The problem

Bitcoin can’t survive cryptographic regime change. That’s not a slur, it’s a property. It’s the most-watched, least-upgradable cryptosystem in the world. Roughly a tenth of the supply sits in addresses whose public keys are already on chain in plaintext. The signing primitive — ECDSA over secp256k1 — is one of the things a working quantum computer breaks first. The protocol governance is, charitably, slow. Less charitably, it ships a hard fork roughly never. The process to do so would come at the last minute, with lots of hand wringing and cause significant market chaos. None of this is news to anyone in the room. None of it is fixed.

The objection, if you’ve spent any time around this conversation, is “we have years.” I don’t think that’s true anymore. And the reason isn’t a paper.

Here’s the part I want you to read precisely.

The parties capable of fielding a cryptographically relevant quantum computer first — whichever ones get there, in whichever order, on whichever timeline — are not optimizing for the market cap of Bitcoin. They are optimizing for sovereign-scale advantage. Encrypted diplomatic cable archives. Banking system interception. Adversary code that has to stay secret for forty years. Digital regime change. Weapons telemetry. The list is long and Bitcoin is not on the front page of it. Bitcoin is collateral.

That sounds like good news for a Bitcoin holder. It is not.

Three reasons.

One. Once a CRQC exists for any of those other reasons, the Bitcoin attack becomes cheap. The capital expenditure was made for someone else’s problem. Cracking the coins out of pre-2010 P2PK addresses is a side project on the same hardware. Cheap is relative — these are not laptop programs — but the marginal cost line, once the platform exists, is well inside the upside.

Two. Harvest-now-decrypt-later already applies. Every transaction graph, every public key, every Groth16 proof published to a public chain since inception is in the harvest. A patient adversary doesn’t need to attack the network the day the machine boots. They need to wait until the machine boots. Recent AI advancements have already proven this point.

Three. The people who do hold this capability, if anyone does, are not signaling. Operationally, they cannot. Once they signal, every adversary’s encrypted backlog gets airgapped or rotated. The default state of a working CRQC, if one already exists, is silence. “We’re not there yet” is consistent with both worlds — we are not there yet, and we are there and choosing not to say. If you bet on the announcement, you’re betting the wrong direction.

Put those three together honestly and “we have years” stops being a forecast. It becomes a hope. I am not willing to design a monetary system around a hope.

That’s the window. It might already be closed and we wouldn’t necessarily know.

The decision

The decision I made three years ago, and that the rest of this series unpacks, is the one most projects defer: treat post-quantum resilience as a property of the whole stack, not a future migration.

This is unpopular for a reason. PQ primitives are slower, larger, less battle-tested, and more annoying to integrate. They eat block space. They make wallets harder to write. They make every elegant cryptographic shortcut twice as hard. People put them off because the deadline is hypothetical, the cost is real, and the next-quarter incentives reward shipping today.

The trade looks different if you take seriously that the deadline is not hypothetical, and that if the wrong week arrives, every signature you ever produced is retroactively reversible. Which is to say: every commitment you ever made, every payment, every proof of compliance, every privacy guarantee. All of it back on the table, retroactively, at the speed of whoever is decrypting first.

You don’t migrate out of that. You design around it from the start.

Here is the honest version of how far that gets you, today, April 2026.

| Phase | Status (Apr 2026) | What it gives you | |—|—|—| | Phase 1 | Production | Groth16 for ZK, BLS for aggregation. Battle-tested. Performant. Not quantum-resistant. Acknowledged. | | Phase 2 | 12–18 months out | Hybrid. Hash-based commitments alongside the existing proof system. Buys integrity through the migration window. | | Phase 3 | The destination | STARK-based or lattice-based ZK end-to-end. Larger proofs. Slower verification. Quantum-resistant. |

I will not pretend Phase 3 is finished. It is not. The cookbook on sultanismyname.com lays out exactly which primitives are production-ready as of this writing and which are 12 to 18 months out. There is real work between here and there. Anyone telling you otherwise is selling something. Launching a L1 is a non-trivial process. This is the first in a series of steps to not only do that but also make it work in a modern regulatory construct AND to operate as a replacement to fiat currencies in a central bank, post Bretton Woods, context

What I will say is this. The architecture commits to it. The protocol does not have an ambiguous we’ll figure it out clause where the migration belongs. The migration is on the roadmap with a number next to it. That, structurally, is the difference.

What the decision touches

The thing I didn’t expect, three years ago, was how much else this single decision pulled in.

Once you take cryptographic regime change seriously, you can’t have a stability mechanism that depends on signatures being unforgeable forever. You have to design escalation rules that survive a primitive being broken. The rules have to be written down — in code, immutably — before the panic, because you cannot patch them during it. Which means the resolution waterfall has to be immutable. Which is the central-banking question. Which is the FDIC question, in different clothes.

Once you take it seriously, you can’t have privacy guarantees that decay when the proof system breaks. The privacy layer has to be designed for a proof system you will eventually swap out. Which forces compliance attestations onto the same migration path. Which is the regulatory-perimeter question.

Once you take it seriously, you can’t have an MEV story that depends on transaction ordering being tamper-proof under cryptographic assumptions you don’t trust across decades. So you build threshold-encrypted ordering with primitives chosen for the long arc.

Each of those is a post in this series. Each of those is a chapter in the cookbook. The thread connecting them is the one I started this post with: a digital monetary system has to fail well across cryptographic regime change, or it isn’t a digital monetary system. It’s a digital wager.

See also

This is post one of six.

• Post 2 — Bagehot Was Right. Why every stablecoin failure is a failure of escalation, not of code. The five-layer stability regime, the bounded-dilution proof, why one specific number is the entire ballgame.

• Post 3 — Make the Waterfall Immutable Or Don’t Bother. What the FDIC actually does, and what crypto refuses to import. The L1 gets a name in this post.

• Post 4 — Privacy and Compliance Aren’t Enemies. The view-key model, ZK compliance attestations, and what regulators actually object to (it isn’t privacy).

• Post 5 — The False Binaries. Five tradeoffs the industry treats as inviolable, plus a sixth — deal with quantum later — that has the same problem the others do.

• Post 6 — Money Without a Master Key. Hand-off to the long-form cookbook on sultanismyname.com, including the open problems I’m still arguing with myself about.

Closer

I’m not selling a token in this series. There won’t be one to sell during the run of these posts and there isn’t an allocation to ask for at the end. If that changes I will tell you, in plain text, in the post where it changes, before the rest of the post.

Pick a recipe — even just the threat model in this post — and use it this week. If you run a stablecoin treasury, an exchange, a custody desk, a fund: the harvest-now-decrypt-later assumption is one your auditors should already be on. Print this post and hand it across the table. If your security review doesn’t have a post-quantum migration plan with a number next to it, you are running on hope.

Hope is not a forecast.

— Sultan

Most of it is priced like luxury goods. The rest is marketing running ahead of the science. So I went back to first principles — same thing my father drilled into me, same thing I’ve done building AI systems for thirty years — and asked: what data do I actually have that’s credible and peer-reviewed?

That question kicked off three years of experiments. Three cohorts. Thirty-five people in the last one; eighteen finished. (The dropout rate was its own finding.) Then I ran the same program on myself.

The result: a 10-year drop in biological age. Currently more than five years younger than my chronological age. Total out-of-pocket cost: under $3,000.

I published the whole thing as a free cookbook — six chapters, twenty recipes. What to test, what to ignore, what four supplements almost everyone should actually be taking, how to train after 35, and three budget tiers depending on how deep you want to go. No clinic required (although a good doctor is always recommended!). No proprietary program. No celebrity markup.

I’m not selling anything. I just wanted to know what the evidence actually said, and then do those things.

If you’ve been curious about this space but skeptical of the price tags and the hype, this is what I wish had existed when I started.

Check it out here

If we are serious about “ensuring U.S. technology and U.S. standards — particularly in AI, biotech, and quantum computing — drive the world forward,” then we have to treat these domains the way earlier generations treated nuclear deterrence and space: as whole of nation, long cycle industrial and security projects, not a loose collection of R&D programs, underwriting legacy companies and venture bets.

That implies three concrete shifts.

First, we need a disciplined technology portfolio, not a wish list. AI, compute, networking, sensing, energy, and advanced manufacturing form one interdependent stack. A policy that overindexes on model development while underinvesting in chips, power, networking, and secure software supply chains is strategically incoherent. A credible strategy must specify where we intend to lead absolutely, where we are content with allied parity, and where we are willing to trade or depend.

Second, the defense industrial base must evolve from a small-batch, platform-centric model to a software-driven, high-iteration, and update-centric ecosystem. The NSS is right to call out the cost asymmetry between cheap offensive drones and expensive defensive systems; the response must be sustained investment in automation, AI-assisted design and testing, and dual-use manufacturing capacity that can surge on demand.

Finally, we must institutionalize public–private collaboration at operational tempo, not conference tempo. The most important emerging technologies now live exclusively in the commercial sector. That requires new mechanisms for classified problem sharing, streamlined security accreditation, and procurement pathways measured in months, not years.

In strategic technologies, time is now the decisive variable. Our investments should be judged less by dollars committed and more by how quickly they change what our operators, analysts, and allies can do. The clock is ticking.

—

This originally was published here in response to the new US National Security Strategy

tl;dr offensive quantum systems that break bitcoin might already been out there.

The Quantum Arms Race: No Longer Theoretical

Back then, the debate was whether quantum computers could ever break encryption or deliver practical advantage. Today, the question is how soon—and who gets there first. China’s massive $138 billion government-backed quantum fund, announced in 2025, is just the latest escalation in a global investment surge. U.S. quantum funding has exploded in response, with over $1.25 billion invested in Q1 2025 alone. The market is projected to hit $5.3 billion by 2029, but the real story is in the speed and scale of technical breakthroughs.

Technical Milestones: From Hype to Reality

• Google’s Willow chip smashed previous records, using error correction to make quantum computing more reliable and completing calculations in minutes that would take classical supercomputers eons.

• Harvard’s logical quantum processor encoded 48 logical qubits, a leap toward practical, fault-tolerant quantum machines.

• IBM’s roadmap: 4,000 qubits by 2025, with fault-tolerant systems running 100 million gates by 2029.

Quantum attacks on encryption are no longer science fiction. Chinese researchers have already demonstrated quantum attacks on 50-bit RSA keys. While this is far from breaking modern encryption, it’s a proof-of-concept that the “harvest now, decrypt later” threat is real—and growing.

The Quantum Threat Window: The Encryption Ticking Clock

Here’s the uncomfortable reality: we have officially entered the window where quantum technologies—both those publicly acknowledged and those still classified—are in a position to break widely used encryption standards like RSA and ECDSA (the cryptographic backbone of Bitcoin and much of the world’s secure communications).

• Quantum computers have reached a threshold where, in theory, they can factor large integers and compute discrete logarithms—core operations underpinning RSA and ECDSA.

• Recent breakthroughs in quantum error correction and scaling have accelerated timelines far beyond what most experts predicted even a few years ago. The demonstration of quantum attacks on smaller-scale RSA keys is no longer academic; it’s a warning shot.

• “Harvest now, decrypt later” is no longer a hypothetical threat. State actors and sophisticated cybercriminals are actively collecting encrypted data with the expectation that it will be decrypted once quantum capabilities are sufficient.

Known vs. Unknown Capabilities

• Public quantum milestones—such as Google’s Willow chip and China’s quantum communication satellites—are only part of the story. The most advanced quantum technologies are likely classified, particularly those developed for military and intelligence use.

• It’s plausible that nation-states already possess quantum systems capable of breaking cryptographic standards, but are keeping these capabilities secret for strategic advantage.

How Far Into the Window Are We?

• No one can say with certainty how deep we are into this quantum threat window. The only consensus is that we are in it now.

• Indicators that the window is open:

  • Successful quantum attacks on smaller encryption keys have been demonstrated in academic and government labs.

  • Major governments have set aggressive deadlines (e.g., NSA’s 2035 mandate) for transitioning to quantum-resistant cryptography, signaling that they believe the threat is imminent.

  • The pace of investment and secrecy around quantum programs has sharply increased, especially in China and the U.S.

Will We Know If It Happens?

If a quantum attack breaks RSA or ECDSA at scale, we may not know immediately. The first successful exploitations are likely to be covert, targeting high-value intelligence or financial systems. The public may only learn of these breaches long after the fact, if at all. The prudent move is to assume the window is open and act accordingly: accelerate the transition to quantum-resistant cryptography, monitor for signs of compromise, and prepare for a world where cryptographic trust can no longer be taken for granted.

Geopolitics: The Quantum Cold War

China’s Quantum Ambitions

China isn’t just competing—it’s integrating quantum into every lever of state power:

• Military-Civil Fusion: Quantum research is embedded in China’s military modernization. The PLA is developing quantum sensors for submarine detection, quantum navigation for GPS-denied environments, and quantum-secure communications.

• Quantum Communications Leadership: China’s national QKD network and quantum satellites make it the world leader in secure communications, with over 2,000 kilometers of quantum-encrypted fiber and the world’s first quantum satellite.

• Indigenous Innovation: Facing Western export controls, China is building a self-reliant quantum ecosystem, from hardware to software, reducing dependency on foreign suppliers.

U.S. Risks: The Quantum Threat Matrix

• Encryption at Risk: Quantum computers threaten to render today’s encryption obsolete. The U.S. faces the risk that adversaries are already stockpiling encrypted data, waiting to decrypt it once quantum is ready.

• Military Edge Eroding: Quantum sensing could make U.S. stealth technology vulnerable. Quantum navigation could enable Chinese forces to operate undetected in GPS-denied environments.

• Supply Chain and Talent Shortages: The U.S. struggles to secure quantum supply chains and fill talent gaps, risking both innovation and security.

• Global Technology Divide: The race risks a world where a handful of nations—especially China and the U.S.—control the most powerful computation and communication tools, deepening global inequality and increasing the risk of technological surprise in future conflicts.

U.S. Response: Scrambling to Catch Up

• Export Controls: The U.S. has imposed strict controls on quantum hardware and software, and banned investments in Chinese quantum firms.

• Post-Quantum Cryptography: The NSA has set a 2035 deadline for government-wide adoption of quantum-resistant encryption.

• Allied Coordination: The U.S. is working with allies to keep quantum advances out of adversarial hands, while investing in domestic research and workforce development.

Commercialization: Quantum Goes Mainstream

Quantum computing is no longer confined to research labs. Commercial sales hit $854 million in 2024, up 70% from the previous year. Real-world applications are emerging:

• Financial Services: Quantum optimization for trading and risk modeling.

• Drug Discovery: Quantum simulation for pharmaceutical breakthroughs.

• Materials Science: Designing new materials for batteries and energy storage.

• Cybersecurity: Quantum key distribution for “unbreakable” communications.

The Talent Crunch

A new bottleneck has emerged: talent. There’s only one qualified candidate for every three quantum jobs. The skills gap threatens to slow progress, regardless of funding. The good news? More than half of industry jobs don’t require a PhD—upskilling from adjacent fields is working.

The Ethical and Strategic Dilemma

Quantum’s rise brings new ethical and strategic risks:

• Resource Inequality: Quantum capabilities are concentrating among a few nations and corporations.

• Transparency: Quantum algorithms are often black boxes, complicating accountability.

• Privacy: The ability to break encryption threatens fundamental privacy rights.

• Job Displacement: Automation potential could disrupt entire industries.

The Path Forward: Collaboration or Confrontation?

Despite tensions, international collaboration continues—Europe’s Quantum Internet Alliance, U.S.-Singapore partnerships, and more. But the trend is toward militarization and restricted cooperation, especially as quantum becomes a pillar of national security.

Table: Key Geopolitical Threats and U.S. Risks

(sorry for table format, substack doesn’t do my kinds of tables well)

Conclusion: The Battle Isn’t Over—But the Window Is Open

The “battle for quantum supremacy” hasn’t been won or lost. Instead, it’s evolved into a more complex, urgent, and consequential contest. China leads in government investment and quantum communications; the U.S. leads in private innovation and hardware (cavear - we think). The next five years will decide who turns quantum promise into quantum power.

But here’s the new reality: we are now living in the quantum threat window. The only question is how far in we are—and whether we’ll recognize the moment when the world’s encryption is truly broken. The future of national security, economic competitiveness, and even global privacy hangs in the balance. The only certainty? The battle is far from over—and the stakes have never been higher.

— Sultan

One of the most common questions I get—right after “Is AI going to take my job?” and “Can AI write my emails for me?”—is: How do you keep up with everything happening in AI? The truth is, even for someone who lives and breathes this stuff, it’s overwhelming. There are more headlines, breakthroughs, and think pieces than there are “AI will change everything” conference panels.

So, what’s my secret? I did what any self-respecting AI nerd would do: I had an AI platform build a news site for me (I used our native AI platform Limni from Frontier Foundry, which runs securely on my laptop without an internet connection). Not just any news site—a bespoke aggregator that surfaces the most-discussed AI stories from tier 1 news outlets, then cross-checks what’s echoing across social media. It’s like having a Bloomberg terminal (or OpenBB, but for AI, and with fewer existential crises.

Introducing: AI Trend Tracker

This little experiment is now my go-to dashboard for:

• Top AI headlines from sources that actually check their facts

• Stories trending on social media (so I know what everyone’s arguing about)

• A clean, distraction-free UI (no pop-ups, no “One Weird Trick” ads)

And yes, it updates itself. No more doomscrolling through a dozen tabs or chasing social rabbit holes.

EDIT: Here it is!

What Does It Look Like?

Below are a few screenshots from my AI Trend Tracker test app:

Confession: This Is What I Do on Conference Calls

Let’s be honest: we all multitask during conference calls. Some people doodle. Some people check their fantasy football scores. Me? I’m refreshing my AI news dashboard, pretending to nod sagely while actually reading about the latest LLM drama or regulatory kerfuffle. If you see me looking extra thoughtful on Zoom, now you know.

Pro tip: If you’re ever asked a question mid-call, just say, “I’m sorry you broke up there, can you ask me that again?” Works every time.

Why Build My Own?

Sure, there are plenty of news aggregators out there—Feedly, Google News, Flipboard, News360, you name it. But none of them quite nailed the combination of:

• Tier 1 news only (no clickbait)

• Social signal boosting (what’s actually being discussed)

• AI-powered curation (not just RSS feeds)

• Minimal distractions (my attention span is precious)

• Slightly humorous summaries (see my previous bullet lol)

So, I did what any builder does: I built (well, had AI build) my own. It’s not perfect, but it’s already saving me hours a week—and a few brain cells.

This also allows me to continue to iterate on it (note the 2.0 in the screenshot above)… there are some fun new features coming (ranking/rating posts relative to my interests, automate putting drafts into social media, push notifications for certain things to my phone directly or run it locally on my phone as a private app as a few examples).

This entire app build and deployment took me less than 3 hours, half of which I did while on a beach while getting a tan. I’ve built over 10 apps like this that run in the background of my life keeping me sync’d and moving forward while carving out time to be a good husband, father and (occasionally) even relax.

Like What You See?

Should I open source this and put it on Github? Curious about your thoughts dear reader

Coming Up Next

This is the first in a series of real-world examples of how modern AI isn’t just hype—it’s delivering real value, right now. Next up: how I use AI to automate the world’s most boring compliance tasks (and why my legal team both loves and fears me).

Stay tuned. And if you see me on a conference call, know that somewhere, an AI is making sure I’m up to date—even if I’m not.

— Sultan

• First off THANK YOU for subscribing, I hope you enjoy these posts!

• Second, you’ll see content related to regulations (like this piece) in financial services, more broadly in FS, healthcare and a few other things — specifically I have a series on how I’ve radically optimized my life using AI

• I love engagement, so please reach out if there’s something you’d like to see/hear

Now on to the article

Well, well, well. Look who's finally decided to join the 21st century. The FDIC—that bastion of bureaucratic brilliance—has just issued new guidance saying banks can now engage in "permissible crypto-related activities" without begging for permission first. Acting Chairman Travis Hill declares they're "turning the page on the flawed approach of the past three years."

The flawed approach of the past three years.

Let me tell you about those three years.

I should know—I lived through them as the FDIC's first (and apparently last) Chief Innovation Officer, a role I occupied for exactly one year before throwing in the towel and writing what can only be described as a regulatory resignation letter that made headlines. My Bloomberg op-ed, titled "Why I Quit as FDIC Innovation Chief: Technophobia," wasn't just a farewell—it was a eulogy for American financial leadership. Oh and yes I know they ‘announced’ this in March, but here in June we’re still not seeing a lot of action so I don’t feel late, especially in regulatory terms…

The Cave Paintings of Financial Regulation

Picture this: You're tasked with explaining cryptocurrency to an agency where less than one-half of staff had a basic understanding of the technologies they regulate. Even senior officials—the people making the rules—are baffled by concepts like fintech, the dark web and even financial apps. It's like being asked to teach quantum physics to people who think electricity is witchcraft.

The resistance wasn't just to crypto—it was to modernity itself. I received pushback from staff in response to basic modernization efforts such as ending the use of fax machines and physical mail. FAX MACHINES. In 2021. While I'm trying to explain blockchain technology, these people are literally still sending documents via methods invented when disco was popular. My (often repeated) dad joke is that most of these people can’t even change the ring tones on their phones.

The Great Crypto Standoff

For three years, the FDIC treated cryptocurrency like that weird uncle at Thanksgiving—acknowledged its existence but kept it at arm's length, occasionally throwing suspicious glances and making everyone uncomfortable. Banks wanting to dip their toes in digital assets had to go through a bureaucratic obstacle course that would make Kafka weep… and to no end in process.

The 2022 guidance essentially required banks to ask "Mother, may I?" before doing anything crypto-related. It was regulatory helicopter parenting at its finest—the kind of risk-averse, innovation-crushing approach that makes China's central bank digital currency look like a stroke of genius by comparison.

And now? Now they've suddenly discovered that maybe, just maybe, treating the fastest-growing sector of finance like radioactive waste wasn't the smartest strategy.

The Technophobic Bureaucracy

In my Bloomberg piece, I called the federal bureaucracy "both hesitant and hostile to technological change" and warned that "America's global financial leadership is in jeopardy". That was in February 2022. Three years later, the FDIC is finally admitting I might have had a point.

The problem wasn't just ignorance—it was willful ignorance combined with institutional inertia. Something like 30% of different departments at FDIC have a majority of staff who are retirement eligible, meaning their planning horizon extends about as far as their next pension check based on their over $300,000 a year salary. You can't innovate for the future when half your workforce is mentally already on a golf course in Florida.

The Caveman Analogy

Explaining crypto to financial regulators in 2021-2022 was exactly like trying to explain the automobile to cavemen. Except worse, because at least cavemen were curious about new hunting techniques. These regulators looked at innovation the way cavemen might look at fire—simultaneously terrified and convinced it would burn down everything they'd spent decades treading water around.

"But what if people use Bitcoin for bad things?" they'd ask, apparently unaware that people have been using cash for bad things since cash was invented. "But what about consumer protection?" they'd worry, while simultaneously allowing payday lenders to operate with predatory rates that would make a medieval usurer blush. The US Treasury Department estimates that at least $300 billion is laundered annually in the US.

The Real Cost of Institutional Cowardice

While the FDIC was busy playing whack-a-mole with crypto innovation, Singapore was building a comprehensive digital asset framework. While our regulators were clutching their pearls over DeFi, the UK was positioning itself as a global crypto hub. We weren't just falling behind—we were actively sabotaging our own competitive position. And let’s not even get into the regulatory innovations in the UAE, the global home of crypto currently.

The "flawed approach" wasn't just about crypto policy—it was about a fundamental inability to adapt to technological change. We had an agency filled with lawyers over 50 trying to regulate technologies they couldn't even pronounce, let alone understand.

Welcome to the Party, It's Only Half Over

So here we are in 2025, with the FDIC finally admitting that maybe banks should be allowed to participate in the digital economy without filing Form 27-B in triplicate and waiting six months for approval. Better late than never, I suppose, though "late" doesn't quite capture the magnitude of this timing failure.

The new guidance is a step in the right direction, but let's not break out the champagne just yet. This is like finally getting indoor plumbing and acting like you invented the flush toilet. The rest of the world has been building crypto infrastructure while we've been debating whether blockchain is safe enough for our delicate financial system.

The Trump Administration's Uphill Battle

To be fair, the Trump administration is trying to course-correct this regulatory disaster. The Senate just passed the GENIUS Act (Guiding and Establishing National Innovation for U.S. Stablecoins) in a 68-30 vote, creating the first federal framework for stablecoins. Trump himself has said he wants stablecoin legislation on his desk before Congress breaks for its August recess, and there's genuine bipartisan momentum building.

But here's the kicker: this was supposed to be "the easiest crypto bill to pass," yet it took months to reach the Senate floor, failed once, and passed only after fierce negotiations. As Senator Cynthia Lummis admitted, "We thought it would be easiest to start with stablecoins. It has been extremely difficult. I had no idea how hard this was going to be."

The GENIUS Act is progress, but it's also a perfect example of how broken the system remains. We're celebrating the passage of basic regulatory clarity for stablecoins like it's the moon landing, when countries like Singapore established comprehensive crypto frameworks years ago. It's regulatory Stockholm syndrome—we've been trapped in bureaucratic paralysis for so long that any movement feels like victory.

And even this modest progress comes with controversy. Critics like Elizabeth Warren opposed the bill partly because of Trump's own crypto ventures, including his stablecoin USD1, arguing it creates conflicts of interest. The spectacle of senators debating whether the President should be allowed to profit from the very industry he's trying to regulate perfectly captures the absurdity of our situation.

The Bottom Line

Three years ago, I warned that American financial leadership was at risk because our regulators were more interested in protecting their bureaucratic fiefdoms than protecting America's competitive edge. The recent FDIC announcement and the GENIUS Act prove my point—we're finally doing what we should have done in 2021 (or earlier), except now we're playing catch-up in a race where everyone else got a head start. And congress is moving at the pace we should expect (i.e. very slowly)

The FDIC's "green light" for crypto isn't innovation—it's admission of failure. It's regulatory agencies finally acknowledging that maybe, just maybe, treating the future of finance like a contagious disease wasn't the brilliant strategy they thought it was.

But hey, at least they've stopped using fax machines… so has anything really changed that much?

tldr: no

Sultan Meghji was the first Chief Innovation Officer at the FDIC, where he spent a year trying to drag financial regulation into the digital age before concluding that some missions are impossible. His resignation letter to Bloomberg became required reading for anyone interested in why American financial innovation moves at the speed of continental drift. He currently is CEO of Frontier Foundry, a privacy-focused AI firm.

EDIT: Here’s the full yahoo link

Click here if you’re interested in watching my appearance on Yahoo Finance discussing this.

Notable Investors and Absent Players 

The fundraising attracted marquee investors such as Nvidia and Microsoft, yet Apple’s absence from the round was conspicuous. Nvidia's involvement stands out, given the hardware giant’s integral role in AI development through its GPU technology. However, the heavy involvement of both Nvidia and Microsoft also stirs subtle antitrust concerns, especially as these two titans hold significant influence over the broader AI ecosystem. Microsoft’s involvement seems less problematic than Nvidia’s, but their continued investments in AI startups do fuel conversations about potential antitrust behavior in AI infrastructure and services. 

Valuation and Revenue Expectations 

The implied valuation of OpenAI is now estimated at over $150 billion, a staggering figure that raises significant questions. With previous losses of $5 billion reported, industry watchers might expect OpenAI’s current revenue to reflect a more substantial number, somewhere closer to $7 billion, based on conventional venture norms. Instead, OpenAI’s most recent figures suggest revenue around $3.7 billion, leaving a notable gap between the expected financial performance and the actuals. This discrepancy highlights the challenges of aligning market expectations with the realities of current AI revenue generation. 

A Skewed Market: The Impact on AI Startups 

OpenAI’s fundraising underscores a broader issue in the AI venture capital market—there’s an imbalance in funding distribution. If we remove the top five AI deals of the year, the amount of capital remaining for the rest of the AI market is meager. Early-stage AI startups are simply not generating the revenue levels investors are expecting, creating the impression that the market is overvalued. As we look toward 2025, it seems increasingly unlikely that we will see many more mega-deals at the scale of OpenAI's. 

Furthermore, while there are ten startups led by former OpenAI employees that have raised over $25 billion collectively, these companies are struggling to translate that capital into revenue. Combined, these ventures report less than $100 million in revenue—a stark reminder that high valuations are not necessarily a reflection of current financial success. 

Racing to Justify Valuations 

In response to the immense capital raised and the lofty valuation attached to it, OpenAI is under pressure to rapidly build revenue and justify its standing in the AI sector. Part of this effort involves aggressive hiring, particularly targeting senior AI talent to compensate for significant attrition in recent years. Additionally, OpenAI is following in the footsteps of companies like Scale AI by hiring teams to perform manual data work, signaling a shift in its operational strategy. 

Beyond hiring, OpenAI is also investing heavily in lobbying efforts aimed at shaping AI regulation. As AI becomes increasingly integrated into sectors like healthcare, finance, and national security, the regulatory landscape will play a crucial role in determining the success of these technologies. OpenAI’s efforts to influence this space are critical to ensuring they remain a dominant player in the AI field. 

The Next Generation of AI Startups 

Interestingly, the newest wave of AI startups looks markedly different from OpenAI. Rather than relying on centralized clouds packed with Nvidia GPUs, these emerging firms are focused on specific industries and use cases. This approach mirrors the early days of cloud adoption by enterprises, where companies slowly embraced the technology over a 10 to 15-year period. There’s a parallel here with the move away from mainframes to open systems in the 1990’s as well. The reality is that it will take more than a few years for AI companies' revenues to catch up with the hype. Customers are still grappling with understanding how best to leverage AI, and the tangible value these technologies offer is still materializing. 

In contrast to OpenAI, many of these new AI companies are leaner, more focused, and on a faster path to profitability. They aren’t chasing general-purpose AI but rather targeting niche applications with clear and immediate business value. This positions them to scale and generate revenue faster, potentially disrupting the broader AI ecosystem in ways that OpenAI’s slower, more capital-intensive approach has yet to do. 

Conclusion: Navigating an Overheated Market 

OpenAI’s record-breaking fundraising highlights both the incredible potential and the growing challenges within the AI sector. While this influx of capital signals continued optimism in AI’s transformative power, the realities of revenue generation, competition, and market expectations are casting a shadow over these valuations. As we move toward 2025, the AI sector may see fewer large-scale deals, and success will hinge more on practical revenue generation rather than inflated market expectations. The next generation of AI startups will likely define the future of this industry, driven by a focus on specialization and profitability, in stark contrast to the generalist approach of OpenAI. 

For those who've been following my commentary over the last two years, you’ve heard me argue that the demand for Nvidia’s kind of chips—especially those powering the development of foundational AI models—is fundamentally transient. Sure, there’s still plenty of money to be made right now, but let’s not kid ourselves: the writing is on the wall. Even the notion of ‘foundational model’ is open for debate (even if you can define it).

Take a look around. Our own company has been running multi-billion parameter language models on nothing more than off-the-shelf laptops. This isn’t some hypothetical future—it’s happening now (and has been for quite a while!). The idea that you need sprawling data centers and massive cloud infrastructure to support most of today’s AI applications is increasingly a relic of the past. This shift isn’t just about the tech nerds like us tinkering in our labs. Even big players like Apple are moving towards on-device processing, a strategy we’ve championed since last year at Frontier Foundry. Our first LLM was called “Limni” - “Lake” in greek in case you didn’t know.

What does this all mean? It means that companies spending eight or nine figures on hardware may soon find themselves questioning those decisions. Software is eating the world, as they say, and nowhere is this truer than in AI. Companies will increasingly pivot from those heavy, capex-heavy hardware investments towards more agile and cost-effective software solutions, the kind that deliver almost the same power without the need for the massive physical footprint or energy consumption.

How many times do we need to learn this lesson? Software always beats hardware. We’re just watching it play out on a new stage.

==========

[^1]: Nvidia's revenue and earnings data sourced from their Q2 2024 financial report, showing a remarkable increase in data center revenue and a total earnings beat, but with slowing growth compared to previous quarters.

[^2]: [Investopedia Live Coverage](https://www.investopedia.com) detailing Nvidia's shift in market dynamics and investor concerns about long-term demand trends.

[^3]: Commentary on Apple's shift to on-device AI processing, a movement away from heavy reliance on centralized cloud infrastructures

I wrote this op-ed in The Wall Street Journal as a corrective. I want people to understand that AI will have a tangible, beneficial impact on their lives. This op-ed spoke to how AI will lower food prices, where Americans are feeling the effects of inflation most acutely. But AI will benefit real people in countless ways, including:

• Transportation: Nothing aggravates people as much as sitting in traffic, and that traffic has enormous economic consequences, too. What if AI determines our traffic patterns, instead, shaving countless cumulative hours off of people’s commutes every year? And let’s not forget the enormous potential for self-driving cars, which are only possible because of AI, to save lives by limiting traffic accidents.

• Healthcare: Diagnosing patients can be extremely difficult, particularly if they have symptoms that could point to any number of underlying causes. But AI can detect patterns a doctor would never think to look for to identify the cause of someone’s medical issue. We are not far from AI detecting cancer or heart disease in patients long before it shows up on any tests, and, consequently, saving their lives.

• Climate: The climate crisis is here, and it is real. The only way we can reverse this worrying trend is to cut carbon emissions immediately and substantially. AI can help companies, governments, and even private households identify quick, relatively easy ways they may not have considered to lower their emissions footprint.

• Financial Services: Racial discrimination, both subconscious and very overt, has plagued the financial services industry for as long as there have been financial services. In recent decades, this has been most acute in lending and credit decisions. AI can identify where people have been refused credit for good reasons, and when discrimination is the only feasible answer. Once we know when and where discrimination is happening, we can far more effectively root it out.

• Education: As any parent who has ever worked with a school district to get their child an individualized education plan (IEP) can attest, getting educational plans tailored for a student can be painful. And that’s with school districts only on the hook for IEPs for students with special needs. With AI, though, every student in America could get an individualized education plan, tailored to their strengths and areas for improvement, and even, thanks to burgeoning technologies like those found in ChatGPT, get the materials that will help them follow through on their IEPs.

This is just the tip of the iceberg. There is so much else AI could do for people in ways they can see and feel. It’s up to us to make sure they know.

Certainly, the familiar Trump agenda items that consumed much oxygen during the first presidential run will reappear as encores—flashy tax cuts (that don’t pay for themselves), fresh trade war saber-rattling (be ready to hear more about Tariffs), and doubled-down on drilling & energy independence / export. Supporters and critics alike can expect more of the same script that fuels Trump’s uneven political strengths while inflaming the cultural divides his detractors decry as tearing at the fabric of American unity. Hence for Trump part two, the underappreciated chances he takes sculpting smarter guardrails around innovational forces like AI and crypto—modern innovations promising (and delivering!)  both economic boons and societal disruption—may ultimately determine the overall reception of his leadership as polarizing or prophetic.

But separate from the trifecta of taxes, trade and drilling, the most intriguing Trump pivot could emerge on two lesser discussed but exponentially impactful frontiers – artificial intelligence and cryptocurrencies. Though lacking traditional visibility in a legacy policy portfolio, both domains showcase pillars of future global economic power and prosperity. As AI infiltrates nearly all industries and crypto capacities remake finance, Trump’s second-term choices sculpting their rise carry significance dwarfing other economic tinkering. In both cases, the current President’s “risk first and only” regulatory view of both sees possibly its greatest difference to an innovation and American-leadership focused agenda that could, beyond anything else covered here, radically alter the rest of the 21^st century.

On AI and associated machine learning algorithms, Trump possesses no innate affinity or historical fluency to guide these advances either more broadly or in terms of specific applications. But he shows latent savviness by generally abstaining from arbitrarily neutering innovators through premature regulation and framing these technologies first, and only, as risks, letting capital flow and breakthroughs emerge organically. Compared to less economically proficient regions rushing pell-mell standards more bureaucratic than practical, America enjoyed competitive advantage from Trump’s light governance touch so far allowing startups latitude proving concepts and securing public trust. This is in stark contrast to the Biden administration where they are focused on a ‘No, but we’ll let you in at some point once we’re out of office’ strategy.

Cryptocurrencies and their blockchain technologies inspire similar internal conflicts for team Trump, balancing openness towards financial system modernization against reflexive distrust of threatening change. There is an inherent conflict between Trump’s views on political and economic centrality and the fundamental decentralized philosophies in crypto.  Regulators across agencies like the Fed, FDIC, Treasury, SEC and CFTC guided under his watch fluently spoke crypto vernacular. Their proactive engagements to date crystallized a coherent posture acknowledging vast promise met equally by risks. Hence thoughtful policy evolution outpaces most nations. A Trump 2.0 administration with an expanded remit (especially with control of both houses of Congress which also appears to be ‘as given’ if he were to win again), staffing of agencies with expertise (most of which left during the first 2 years of the Biden admin) and clear policy goals would immediately lead to positive economic & political outputs.

But further opportunities emerge for more collaborating across government, academia and industry at this crossroads. Strategic choices in the next two years could determine whether revolutionary phases flourishing elsewhere eventually mature abroad then get imported back secondhand to America, ceding competitiveness—or whether confident public-private partnerships cement domestic innovation leadership underlying much of this century’s web3 transformation. The infrastructure to greatly expand public-private partnerships is already in place and more direct support from a Trump 2.0 would equally show immediate returns.

What might presidential leadership pursuing the latter look like? First, funding research and specialized education programs for AI & digital asset literacy, particularly in financially underserved communities allows traditionally excluded demographics accessing epochal opportunity. Second, encouraging upgrading legacy technologies in regulated areas to enable frictionless adoption makes intuitive sense and would extend American global leadership; doing so reinforces broader trust and equally important soft diplomacy gains. Third, establish clear regulatory guardrails that allow for restrictions in use and entry points for innovation for emerging technologies. Other targeted policy tweaks and streamlined rulemaking promise profoundly positive spillovers. See earlier comments I’ve made about the potential impact of the Supreme Court throwing out the doctrine - This change alone would radically alter the regulatory landscape.

Of course, critics will rightly warn against overreach or distortion from policy overcorrecting too crudely to bolster hypothetical projections. Change itself challenges many even where evidence shows net progress. And Trump himself owns no record showing savvy restraint whenever tantalized by a chance reshaping history exclusively by his moxie. Both technological frontiers highlighted here demand heightened emotional intelligence and disciplined collaboration beyond typical strongman tendencies. Of course, critics will rightly warn against overreach or distortion from policy overcorrecting too crudely to bolster hypothetical projections. Change itself challenges many even where evidence shows net progress. And Trump himself owns no record showing savvy restraint whenever tantalized by a chance reshaping history exclusively by his moxie. Both technological frontiers highlighted here demand heightened emotional intelligence and disciplined collaboration beyond typical strongman tendencies.

Yet the opportunity still blinks enticingly before his taking. The former (and potentially future) president owns this climate and these tools for canonizing a surprisingly enlightened economic legacy should he see wisdom in astutely shepherding seismic shifts already underway. Defying expectations of him for short-term self-service by wisely unleashing innovations destined to improve countless livelihoods would surprise his antagonists and reward open-minded supporters. And much as the brash billionaire reality star crafted an iconoclast political image seemingly hastening needed disruption of ossified systems, he may choose harnessing profound technological transformations for society’s betterment as an unlikely final act. Heroes emerge often where least expected, and perhaps a Trump 2.0 would lead to the most innovative technology lead expansion of American economic and political power since the end of the second World War. Time will tell.

The fear of AI seems to have stemmed directly from the concerns surrounding Big Tech, Social Media, and Cryptocurrency. The voices that once clamored about the threats posed by these technologies have now shifted their gaze towards AI, generating concerns that are largely based on speculative risks. These fears, rather than being rooted in solid evidence of AI's current implications, seem to be extrapolations from the issues faced in other areas of the digital realm.

This brings us to the administration's 'regulatory first' model. We have seen this strategy in action in other spheres, notably in the world of cryptocurrencies. Various government agencies, with the financial services sector at the forefront, are espousing a 'no first' stance. Rather than taking a proactive approach to understand and work with emerging technologies, the default response seems to be to say 'no' and impose restrictions. It is clear that more than a few people in the Biden (and previously Obama) administrations felt like they messed up how to respond to Social Media and now are over-correcting with something much broader, much more impactful.

While regulation is undoubtedly important to prevent abuse and protect society, the approach of constraining technology first, and encouraging it later, will limit the potential benefits that these technologies can offer. It is the responsibility of the regulatory bodies to strike a balance between the need to regulate and the importance of fostering innovation.

However, amid this focus on risk and regulation, several crucial issues seem to be left on the back burner. Take, for example, the potential disruptions that the current generation of AI might introduce, such as the commoditization of Deep Fakes and their potential impact on the forthcoming elections.

Deep Fakes, AI-powered manipulations of audio and video that can generate realistic, but entirely fake, media, pose a significant threat to the integrity of information in our society. The potential misuse of this technology in a political context, such as during an election, could have profound effects on our democracy.

Intriguingly, the stage has been set for this conversation with legislative precursors such as the 2023 National Defense Authorization Act (NDAA) and the proposed Blueprint for an AI Bill of Rights. The 2023 NDAA has incorporated crucial AI guidelines, suggesting that the government recognizes the potential of AI and is willing to integrate it into the nation's defense mechanism. Simultaneously, the AI Bill of Rights proposes to safeguard the rights of individuals against potential AI threats, providing a framework to ensure that AI systems operate within ethical boundaries, respecting privacy and freedom.

These policies depict a foresight and willingness to engage with AI's potential, not just its risks. They present a vision of a future where AI is integrated into our societal infrastructure, but with necessary protections to safeguard individual rights and maintain social order.

In contrast, Executive Order 13960, which focused on promoting the use of trustworthy AI in government, seems to lean more towards caution. The Order mandates rigorous risk assessment and management strategies before any AI systems can be employed. The emphasis on preemptive regulation paints a stark picture when compared to the forward-looking and integrative approach of the 2023 NDAA and the AI Bill of Rights.

This contrast raises questions about the administration's approach to AI. While regulation is essential, so too is creating an environment that allows the benefits of AI to be realized. Striking a balance between these two will be key to harnessing the full potential of AI. It's clear that the conversation around AI is evolving and it's crucial that we continue to engage in this discussion with an open and balanced perspective.

Further, there is the persistent issue of AI's impact on the job market, which we are just beginning to see. The automation of tasks by AI is likely to lead to job displacement in various sectors, and this potential upheaval requires significant attention and planning. We are already seeing it happen - a report from Challenger, Gray, and Christmas found that 3,900 people lost their jobs in May due to artificial intelligence (AI). This was the first time AI was listed in the monthly report…. and a first glance as to what the future will bring. These job losses will not be contained to any one market or subset of the workforce but will end up impacting nearly every person who works.

In summary, while the Biden administration's concerns about the risks of AI are valid, the emphasis should not be solely on regulation. It's essential that we also focus on understanding these technologies, addressing the most pressing threats they pose, and ensuring that our society is prepared to manage the disruptions they may cause. AI holds immense potential to improve our world, but only if we approach it with a balanced perspective that includes not only the risks but the opportunities and presents a cohesive way forward maximizing our nation’s opportunities to guide the global AI market moving forward. Education (both traditional and professional) needs significant focus and investment in all sectors to assist with this transition.

Much like the glamorous Casablanca of yesteryears, Dubai stands as a bustling transit point, an international business hub radiating glamour, flanked by skyscrapers and inhabited by diverse people from all corners of the globe. The main difference being, when someone in Dubai says "Play it again, Sam," they're likely requesting a popular cryptocurrency jingle at the local blockchain conference, not a heartfelt piano serenade.

Moving on to our next cinematic stopover, Mos Eisley, famously labeled as a 'hive of scum and villainy.' Dubai, is an intersection for the world's diverse cultures. Where east meets west, north meets south, and droids are replaced by venture capitalists and crypto entrepreneurs. And maybe also some villainy in the form of drug running or arms dealers.

Like Mos Eisley, Dubai pulsates with thrilling chaos and that intoxicating sense that anything is possible. However, in this case, 'anything' tends to involve tax-free shopping sprees rather than lightsaber duels. Forget about seeing the Millennium Falcon; you're more likely to witness a convoy of Lamborghinis casually parked outside the local Starbucks.

Yet, if Casablanca and Mos Eisley had a sneaky, somewhat shadowy sibling, Dubai would undoubtedly take that spot. This city, admired for its glitzy opulence, is not only a haven for Instagram influencers but has also caught the attention of some Russian oligarchs (approximately 40% of the current population). And let's be clear, folks, these aren't your regular oligarchs. They're more financially.. creative let’s say, making vast sums of money disappear and reappear like they're performing some sort of fiscal magic trick.

Imagine the Mos Eisley Cantina, but replace the unsavory patrons with sharply dressed characters whose hobbies include starting crypto exchanges, money laundering & going to brunch. In Dubai, you'll spot them lounging on the beach, a briefcase (in the form of a purse costing more than a new Honda) handcuffed to their wrist, savoring the sun, sea, and the banking system that sometimes seems to have a touch of myopia. And one that definitely makes use of regulatory arbitrage across the various legal jurisdictions that make up the UAE.

Don't get me wrong, folks, Dubai is bustling with legitimate business. But with money flowing like the waters of the Dubai Fountain, it's sometimes like playing a giant game of three-card monte, only with more sand and fewer playing cards. You never quite know where that ruble will pop up next.

In the end, just remember, I'm not implying that every Russian in Dubai is an oligarch engaged in dubious activities. Some are probably just there for the fantastic shawarma. Or to buy a planet (aka a Ferrari). In Dubai, it's always a little hard to tell.

Let's not forget the rising dragon in the room - China. It's no secret that the Chinese have found a home away from home in Dubai. Like the Force in Star Wars, the influence of the Chinese is strong here, and it's much more than just adding a touch of red to the city's color palette.

Just as the Jawas traded their wares in Mos Eisley, Chinese businesses have rapidly carved out a niche in Dubai. From the countless shops in Dragon Mart (which, let's be honest, is as close as we get to a real-life Diagon Alley to add more fictional world building confusion), to large-scale infrastructure projects, Chinese influence is everywhere. Plus that totally non operational Naval facility.

In fact, if you squint a little, that's not a droid you're seeing in the street, but a flurry of Chinese entrepreneurs making the next big deal. Whether it's real estate, retail, or tech startups, these folks are making moves faster than Han Solo did when he saw a bounty hunter.

But it's not just business. The city's cultural tapestry is becoming increasingly vibrant with Chinese festivities. Lunar New Year in Dubai is a spectacle to behold, and trust me, folks, the fireworks make the Death Star explosion look like a faulty sparkler.

So, while we've got Russian oligarchs making money do the hula, and the rest of us are just trying to figure out the difference between a Dirham and a Dinar, the Chinese are quietly rewriting the rules of the game. Casablanca, Mos Eisley, and now a touch of Shanghai - Dubai truly is a world in a city!

But remember, folks, whether you're here for the skyscrapers, the shopping, or the shawarma, keep your humor receptors tuned and your appreciation for cultural diversity high. That's the Dubai way, after all!

So, if you've ever dreamed of being in the middle of an iconic film set - minus the lightsabers and fedoras - Dubai's the place for you. That's all for now, folks! Just remember, this is all humor. So, keep laughing and keep the droids oiled!

** also for disclosure, there are a few from for profit organizations, products, etc. Do not consider my inclusion here as an endorsement, paid or otherwise **

• Vector Databases: First a good introduction here, one of many good use cases here & a great paper on understanding sparse vs. dense vector search here.

• LoRA: To quote my old friend Andy, “You can’t leave out LoRA!” This is important to doing cheap transfer learning and fine tuning.  No more spending $millions to train a model - just use an existing foundation model and fine tune it with a small set of additional training data and BAM!

• RAG (retrieval augmented generation): Easily the best way to streamline the creation of intelligent natural language processing models. Introduction here, paper here.

• Visualizing A Neural Machine Translation Model (Mechanics of Seq2seq Models With Attention): A sequence-to-sequence model is a model that takes a sequence of items (words, letters, features of an images…etc) and outputs another sequence of items. A fantastic primer with links to original papers is here. H/T to my friend Jason on this one

• Transformer (part 2): Another solid paper here if you want more info.

• And if you’re coming to this from a biological starting point, looking at the human brain and the role billions of years of evolution have taken one must include Logic of Chance. h/t to Jimmie for this one.

1. Can I just say how AMAZING the current AI + Open Source environments are?

2. I DO. NOT. ENDORSE. this as a formal recommendation.

3. BUT WOW there are some great nuggets in there!

4. I’m very curious what you all think…

—

BILL

To restructure and enhance the United States banking system, to create a more cohesive, proactive, and accountable banking industry, and for other purposes.

SECTION 1. SHORT TITLE

This Act may be cited as the "Comprehensive Banking Reform Act of 202X".

SECTION 2. DEFINITIONS

In this Act, the term "Bank" refers to any financial institution accepting deposits from the public.

SECTION 3. SEPARATION OF DIF FROM THE FDIC

(a) The Deposit Insurance Fund (DIF) shall be separated from the Federal Deposit Insurance Corporation (FDIC) and placed within the Federal Reserve System.

(b) Up to $1,000,000 in deposits shall be 100% covered. Deposits ranging from $1,000,000 to $5 million shall be covered pro-rata based on the balance sheet of the bank. Deposits exceeding $5 million shall not be covered. DIF passthrough insurance may be considered.

SECTION 4. EXAMINER UNIFICATION AND STANDARDIZATION

(a) All bank examiners shall be unified into a single organization, under the authority of a management board. The Board shall consist of the following members, who may only be seated upon Senate confirmation:

1. The Secretary of the Treasury (who shall serve as co-chair)

2. The Chair of the Federal Reserve Board (who shall serve as co-chair)

3. The Vice Chair for Examination of the Federal Reserve Board

4. Two State Banking Commissioners, voted on bi-annually by the aggregate of States’ Banking Commissioners. If, by January 1 of a voting year, a slate is not presented to the Secretary of the Treasury or Chair of the Federal Reserve Board, the board co-chairs shall appoint 3 for that year.

5. The Comptroller of the Currency

6. The Director of the Consumer Financial Protection Bureau

7. Four senators from the Senate Banking Committee, no more than 2 of any one party at any time

8. Two Independent Board Directors, each serving staggered 2-year terms, no more than 1 of any one party at any time

(b) A standardized examination process for all banks shall be established, with tiers based on the percentage of U.S. deposits and loans. The top 20 banks in the United States shall be under daily enhanced examination and shall not increase their deposits or loan books by over 1% without pre-approval and a public hearing with the management board.

(c) Banks within the bottom 5% will be put under 'enhanced' examination and shall have two years to leave the bottom 5% tier or be required to sell until meeting the necessary requirements.

SECTION 5. DATA UPLOADS AND ANALYSIS

(a) All banks are required to facilitate automated daily data uploads, both standard and based on API requests from the relevant agency.

(b) Standard numerical analysis shall be performed daily, with both dashboards and automated reports of changes - internally and from external open source data, such as federal rates, put out in real-time.

(c) All banks with assets exceeding $20 billion are required to conduct automated quarterly balance sheet stress testing.

(d) Any change in balance sheet more than 1% shall be reported to the federal government within 3 hours of the discovery of that change. Failure to do so will result in significant penalties equal to or greater than the change in balance sheet.

SECTION 6. HUMAN CAPITAL MANAGEMENT

(a) Implement a comprehensive overhaul of policies regarding hiring, growth, and retention of human capital in banking institutions.

SECTION 7. CYBERSECURITY OPERATIONS

(a) Create a separate cyber operational program with regulatory and enforcement authority equal to other banking regulatory bodies, under the same board as defined in Section 4. This program will work in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Homeland Security (DHS) to provide a proactive cyber regulatory component.

(b) All banks shall be subject to an annual cybersecurity audit.

(c) A new rating system for organizations' cybersecurity measures and resilience will be created and implemented.

(d) Any incident that exposes any Personally Identifiable Information held by the bank, transactional data, balance sheet data, regulatory data or internal operating processes shall be reported within 24 hours of discovery. Failure to do so will result in significant penalties equal to or greater than 2% of the balance sheet of the bank.

SECTION 8. IMPLEMENTATION AND REGULATIONS

(a) The Federal Deposit Insurance Corporation (FDIC) is hereby dissolved. All authorities, duties, responsibilities, and functions of the FDIC, unless otherwise specified in this Act, shall be transferred to the Federal Reserve Board.

(b) The Federal Reserve Board is directed to promulgate necessary regulations to effectively assume the duties and functions transferred from the FDIC.

(c) The relevant regulatory authorities shall promulgate additional regulations to implement and enforce this Act.

(d) The Federal Reserve Board shall coordinate with other relevant agencies and bodies, as appropriate, to ensure the smooth transition of functions and duties from the FDIC. All FDIC staff shall be moved to the Federal Reserve Board or the Office of the Comptroller of the Currency, with no loss of role, benefits, compensation, or tenure.

SECTION 9. EFFECTIVE DATE

This Act shall take effect one year after the date of enactment.

SECTION 10. SEVERABILITY

If any provision of this Act or the application thereof to any person or circumstances is held invalid, the remainder of this Act or the application of such provision to other persons or circumstances shall not be affected thereby.