With the amount of new subnets being added it can be hard to get up to date information across all subnets, so data may be slightly out of date from time to time
With the amount of new subnets being added it can be hard to get up to date information across all subnets, so data may be slightly out of date from time to time
Trishool is a specialized subnet on the Bittensor network focused on AI alignment and safety. In essence, it acts as a decentralized “alignment layer” that continuously stress-tests and evaluates AI models (especially large language models) for unsafe or misaligned behaviors, with the goal of making advanced AI robust and aligned with human values. Trishool creates a competitive adversarial marketplace where participants around the world attempt to “break” AI models by finding prompts or exploits that induce undesirable behaviors, and in doing so, help improve the models’ safety. The network is built to automate the AI safety evaluation loop at a planetary scale – as AI capabilities accelerate, Trishool continuously applies adversarial pressure to uncover vulnerabilities, ensuring that AI systems remain aligned under even extreme conditions. In other words, Trishool turns AI “red-teaming” (finding ways to make an AI misbehave) into a decentralized, ongoing process, so that as AI gets smarter, the defenses and safety checks improve alongside it. This approach has been described as “humanity’s last defense against runaway AI”, using Bittensor’s decentralized network to make superintelligence safe.
Trishool’s design targets both outer alignment (ensuring an AI’s stated goals or rewards truly reflect human intentions) and inner alignment (ensuring the AI’s emergent objectives remain in line with its given goals). It does so by mobilizing a swarm of automated “alignment agents” that probe and evaluate AI models in real time. The ultimate vision is to reach a point where for any superintelligent AI, the path to maximum capability is identical to the path of maximum safety. To achieve this, Trishool focuses on two core objectives:
Automated Safety: Build a global, decentralized swarm of AI safety evaluators that can automate the process of testing and aligning AI models. This means the network’s collective evaluation loop can evolve faster than new risks emerge. Instead of one-time or manual audits, Trishool provides continuous, scalable oversight by AI agents themselves, embodying the principle that “AI should align AI”.
Proof of Invariance: Establish a universal safety standard by delivering “Proof of Invariance” – essentially, cryptographic proof that a given model’s behavior stays aligned even under maximal adversarial stress-tests. In practice, this means if Trishool’s agents cannot find a way to jailbreak or trick the model into misbehaving (despite the hardest efforts), the model can be considered robustly aligned. This helps convert the “unknown unknowns” of model behavior into known, testable constraints.
Concretely, what Trishool does is orchestrate ongoing “red team vs blue team” style challenges on AI models. It incentivizes independent participants to come up with prompts, queries, or autonomous agents that expose failures in AI behavior (e.g. instances where a model might lie, produce harmful content, seek power, etc.). These misalignment challenges are then run through Trishool’s evaluation pipeline, which scores how effectively they reveal problematic behavior. By continuously surfacing issues like deception, manipulation, sycophancy (over-eagerly telling users what they want to hear), overconfidence, or power-seeking tendencies in AI models, Trishool provides a real-time safety pressure-test for cutting-edge AI systems. Every time a new exploit or vulnerability is discovered, the insight is fed back into improving alignment techniques. In short, Trishool aligns AI by adversarially testing it – the harder you try to “break” the model, the safer it becomes (and the more you get paid for finding weaknesses).
Trishool is a specialized subnet on the Bittensor network focused on AI alignment and safety. In essence, it acts as a decentralized “alignment layer” that continuously stress-tests and evaluates AI models (especially large language models) for unsafe or misaligned behaviors, with the goal of making advanced AI robust and aligned with human values. Trishool creates a competitive adversarial marketplace where participants around the world attempt to “break” AI models by finding prompts or exploits that induce undesirable behaviors, and in doing so, help improve the models’ safety. The network is built to automate the AI safety evaluation loop at a planetary scale – as AI capabilities accelerate, Trishool continuously applies adversarial pressure to uncover vulnerabilities, ensuring that AI systems remain aligned under even extreme conditions. In other words, Trishool turns AI “red-teaming” (finding ways to make an AI misbehave) into a decentralized, ongoing process, so that as AI gets smarter, the defenses and safety checks improve alongside it. This approach has been described as “humanity’s last defense against runaway AI”, using Bittensor’s decentralized network to make superintelligence safe.
Trishool’s design targets both outer alignment (ensuring an AI’s stated goals or rewards truly reflect human intentions) and inner alignment (ensuring the AI’s emergent objectives remain in line with its given goals). It does so by mobilizing a swarm of automated “alignment agents” that probe and evaluate AI models in real time. The ultimate vision is to reach a point where for any superintelligent AI, the path to maximum capability is identical to the path of maximum safety. To achieve this, Trishool focuses on two core objectives:
Automated Safety: Build a global, decentralized swarm of AI safety evaluators that can automate the process of testing and aligning AI models. This means the network’s collective evaluation loop can evolve faster than new risks emerge. Instead of one-time or manual audits, Trishool provides continuous, scalable oversight by AI agents themselves, embodying the principle that “AI should align AI”.
Proof of Invariance: Establish a universal safety standard by delivering “Proof of Invariance” – essentially, cryptographic proof that a given model’s behavior stays aligned even under maximal adversarial stress-tests. In practice, this means if Trishool’s agents cannot find a way to jailbreak or trick the model into misbehaving (despite the hardest efforts), the model can be considered robustly aligned. This helps convert the “unknown unknowns” of model behavior into known, testable constraints.
Concretely, what Trishool does is orchestrate ongoing “red team vs blue team” style challenges on AI models. It incentivizes independent participants to come up with prompts, queries, or autonomous agents that expose failures in AI behavior (e.g. instances where a model might lie, produce harmful content, seek power, etc.). These misalignment challenges are then run through Trishool’s evaluation pipeline, which scores how effectively they reveal problematic behavior. By continuously surfacing issues like deception, manipulation, sycophancy (over-eagerly telling users what they want to hear), overconfidence, or power-seeking tendencies in AI models, Trishool provides a real-time safety pressure-test for cutting-edge AI systems. Every time a new exploit or vulnerability is discovered, the insight is fed back into improving alignment techniques. In short, Trishool aligns AI by adversarially testing it – the harder you try to “break” the model, the safer it becomes (and the more you get paid for finding weaknesses).
Trishool is essentially building an open, self-improving AI safety engine on top of the Bittensor blockchain. The “product” is not a traditional software app, but rather a decentralized protocol and platform – sometimes referred to collectively as AlignNet – that any researcher, engineer, or organization can plug into to evaluate and improve their AI models’ safety. Technically, Trishool consists of a network of miners/nodes running the Trishool software, a set of smart contracts (the Bittensor metagraph for this subnet), and off-chain components that coordinate AI evaluation tasks. Its architecture is often described as a Tri-cameral (three-chamber) economy with three primary roles:
Architects (Component Producers): They build the foundational safety components – for example, high-precision “judge” models or specialized classifiers that can detect misbehavior in AI outputs. These are the tools and modules needed for precise red-teaming. Architects contribute these modules to a shared library and are rewarded (in Trishool’s token) when their components are used by others. This encourages experts to supply state-of-the-art evaluation models or datasets into the network.
Adversaries (Product Producers): They develop and deploy the autonomous red-teaming agents or prompt strategies that actively seek out model failures. In practice, adversaries operate as miners in the subnet: they submit seed instructions (prompts) or even coded agents designed to probe target AI models for specific vulnerabilities (e.g. instructions that might trick a model into revealing confidential info, or agents that chain queries to induce an error). These adversary miners compete to find novel jailbreaks, exploits, or “zero-day” vulnerabilities in the AI models. When an adversary’s prompt/agent succeeds in eliciting a misaligned behavior (especially one that others haven’t found), it achieves a high score and earns rewards.
Oracles (Service Deliverers): They take the best-performing adversarial agents and operationalize them into a safety-as-a-service offering. An Oracle node essentially runs evaluation jobs for external clients – for example, an AI lab or enterprise can submit their model to be tested by the Trishool network. The Oracles will deploy the top adversarial agents against the client’s model and then generate a “Safety Score” and report based on the outcomes. They also maintain a global leaderboard of tested models, ranking them by robustness. Oracles earn fees for providing this evaluation service, creating a bridge between the decentralized network and real-world AI developers who need model audits.
Under the hood, Trishool’s workflow looks roughly like this: Validators (which correspond to the Oracle role in Phase I) issue periodic challenges – definitions of the alignment task or behavior to test in a given round. For example, a challenge might be “find a prompt that causes the model to knowingly produce a false statement” (deception test) or “find a prompt that makes the model refuse to follow instructions it should follow” (obedience test). In response, miners (Adversaries) from around the world submit their best seed prompts or agents aimed at triggering that misbehavior.
Trishool uses an adapted version of Anthropic’s Petri (Parallel Exploration Tool for Risky Interactions) – an open-source safety testing agent – to automate and scale the evaluation of these submissions. The network’s validators run the Petri auditing agent in sandboxed environments (e.g. Docker containers) to test each submitted prompt/agent against one or more target AI models. Petri effectively carries out the conversation or interaction specified by the adversary’s prompt, possibly across multiple turns, to see if the model exhibits the unwanted behavior. A separate judge model then scores the resulting AI transcripts on various safety dimensions (Was the model deceptive? Did it reveal disallowed content? etc.), converting qualitative behavior into a numeric score. This scoring step transforms messy AI behavior data into “actionable quantitative data” so that Trishool can rank the submissions.
All of this happens in a trustless, decentralized manner – multiple validator nodes independently run the evaluations to ensure consistency and prevent any single node from manipulating results. In fact, Trishool expects some variance in model behavior, so each seed is run across several validators and the scores are averaged, giving a stable measure of performance. The best-performing seeds/agents – those that most successfully expose a model’s weakness (for instance, achieving near-100% success in triggering a misbehavior) – are recorded on-chain and rewarded in Bittensor’s native token (TAO). This creates a proof-of-contribution: anyone can verify on the blockchain which prompt/agent found a serious vulnerability and that its creator was paid accordingly.
Over time, Trishool’s process results in a collection of proven attack strategies and high-quality evaluation models. Rather than simply cataloguing these, Trishool feeds them back into an improving defense. The top agents discovered by adversaries get merged into the network’s “Guardian” base – essentially an ensemble or meta-model that aggregates the best alignment knowledge. In parallel, the system’s own alignment model (sometimes called the Alignment-LLM) is retrained regularly (e.g. weekly) using reinforcement learning on the results of these adversarial challenges. This reinforcement loop (referred to as “RLVR” in Trishool’s docs) means the system is learning from each attack and getting safer. Every failure or exploit uncovered is turned into a training example for how to avoid that failure in the future. As the Trishool litepaper puts it, the network “curves the optimization landscape” of AI models such that unsafe behavior becomes an increasingly difficult path. The end result is an ever-evolving “living safety organism” – nicknamed AlignNet – that “evolves 24/7 at the pace of AI”, continually integrating new discoveries and making the AI ecosystem more secure.
From a technical architecture perspective, Trishool deploys a mix of on-chain and off-chain components. The Bittensor substrate blockchain underpins the subnet, handling registration of miner nodes, staking, and the base TAO token emissions (as with other Bittensor subnets). On top of that, Trishool includes a Platform API service (off-chain) that coordinates the flow of data between miners and validators. For example, when a miner submits a new seed prompt, it’s sent via a REST API (/upload) to the platform, which validates the submission (checks it’s not a duplicate or a trivial jailbreak, etc.) and then packages it into a PetriConfig (specifying which models to test against, which auditor/judge models to use, etc.). Validator nodes poll the platform’s API for new evaluation tasks, retrieve the PetriConfig, and then launch the Petri agent in an isolated sandbox environment to execute the test. Once the Petri run is complete and a score is produced, the validator submits the results back to the platform (/submit_petri_output), and ultimately these results inform the blockchain state (through weighting or direct on-chain reporting of scores). This design allows Trishool to leverage the blockchain for security, consensus and incentives, while using off-chain compute for the heavy AI evaluation tasks (which are too complex to do on-chain). Everything is open-source – the Trishool subnet code, the Petri agent (a modified version in an astro-petri repo), and so on, are all publicly available for verification and for contributors to improve.
Incentives and tokens: Trishool uses a twin-token model intertwined with Bittensor’s economics. Participants earn TAO (τ), the native Bittensor token, as the base reward emitted by the subnet (the network emits TAO continuously to reward contributors in proportion to the value they provide). In addition, Trishool introduces its own “Alpha” token which powers the internal economy of the subnet. Alpha serves several functions: it is the unit of reward for successful adversaries, the currency that adversaries must spend (burn) to use premium modules from Architects, and the stake that Oracles hold to operate services. For example, when an adversary miner builds the best agent in a challenge round, they might earn Alpha tokens as a prize. If that agent relied on a special module (say a sophisticated judge model contributed by an Architect), the adversary has to pay a small Alpha fee for using it – which gets distributed to the Architect who provided that module. This creates a market for safety components: useful alignment tools earn Alpha, and adversaries are motivated to contribute any improvements they develop back to the shared library (so they can earn extra Alpha when others use those components). Oracles, for their part, earn Alpha for the compute and service they provide in evaluating models for customers. They can also lose stake (get slashed) if they act dishonestly or try to game the scoring process – ensuring trustworthiness of results.
When external clients (AI model builders) use Trishool as a service, they pay in stablecoins or fiat. Those revenues are distributed according to a preset formula: for instance, 40% goes to the Trishool treasury, 30% is used to buy back and burn Alpha tokens (supporting the token’s value), and the remaining 30% is shared as rewards – typically 15% going directly to the Adversary who built the agent that was used for that evaluation, and 15% to holders of veAlpha (staked/locked Alpha). This aligns everyone’s incentives: good agents earn not only one-time challenge rewards but also a cut of ongoing service revenue, and long-term Alpha stakers benefit from the network’s commercial success. The veAlpha mechanism (borrowed from DeFi “vote-escrow” models) allows users to lock their Alpha tokens (up to 180 days) to gain voting power and a share of fees. This will form the backbone of governance in Trishool, letting the community propose and vote on upgrades or policy changes, using veAlpha as voting weight.
In summary, Trishool’s product is a decentralized alignment network: a combination of blockchain-based incentive layer, a library of AI safety tools, and a crowd-sourced army of AI “red-teamers” and “blue-teamers” working together. It produces tangible outputs like safety evaluation reports, risk scores, and an ever-improving aligned AI model, which can be offered to AI labs for auditing their models. By structuring this as a permissionless network, Trishool hopes to become “the ubiquitous tool for defining, refining, and incentivizing AI alignment” – essentially an open marketplace where AI alignment techniques are continually developed and verified in public, rather than behind closed doors.
Trishool is essentially building an open, self-improving AI safety engine on top of the Bittensor blockchain. The “product” is not a traditional software app, but rather a decentralized protocol and platform – sometimes referred to collectively as AlignNet – that any researcher, engineer, or organization can plug into to evaluate and improve their AI models’ safety. Technically, Trishool consists of a network of miners/nodes running the Trishool software, a set of smart contracts (the Bittensor metagraph for this subnet), and off-chain components that coordinate AI evaluation tasks. Its architecture is often described as a Tri-cameral (three-chamber) economy with three primary roles:
Architects (Component Producers): They build the foundational safety components – for example, high-precision “judge” models or specialized classifiers that can detect misbehavior in AI outputs. These are the tools and modules needed for precise red-teaming. Architects contribute these modules to a shared library and are rewarded (in Trishool’s token) when their components are used by others. This encourages experts to supply state-of-the-art evaluation models or datasets into the network.
Adversaries (Product Producers): They develop and deploy the autonomous red-teaming agents or prompt strategies that actively seek out model failures. In practice, adversaries operate as miners in the subnet: they submit seed instructions (prompts) or even coded agents designed to probe target AI models for specific vulnerabilities (e.g. instructions that might trick a model into revealing confidential info, or agents that chain queries to induce an error). These adversary miners compete to find novel jailbreaks, exploits, or “zero-day” vulnerabilities in the AI models. When an adversary’s prompt/agent succeeds in eliciting a misaligned behavior (especially one that others haven’t found), it achieves a high score and earns rewards.
Oracles (Service Deliverers): They take the best-performing adversarial agents and operationalize them into a safety-as-a-service offering. An Oracle node essentially runs evaluation jobs for external clients – for example, an AI lab or enterprise can submit their model to be tested by the Trishool network. The Oracles will deploy the top adversarial agents against the client’s model and then generate a “Safety Score” and report based on the outcomes. They also maintain a global leaderboard of tested models, ranking them by robustness. Oracles earn fees for providing this evaluation service, creating a bridge between the decentralized network and real-world AI developers who need model audits.
Under the hood, Trishool’s workflow looks roughly like this: Validators (which correspond to the Oracle role in Phase I) issue periodic challenges – definitions of the alignment task or behavior to test in a given round. For example, a challenge might be “find a prompt that causes the model to knowingly produce a false statement” (deception test) or “find a prompt that makes the model refuse to follow instructions it should follow” (obedience test). In response, miners (Adversaries) from around the world submit their best seed prompts or agents aimed at triggering that misbehavior.
Trishool uses an adapted version of Anthropic’s Petri (Parallel Exploration Tool for Risky Interactions) – an open-source safety testing agent – to automate and scale the evaluation of these submissions. The network’s validators run the Petri auditing agent in sandboxed environments (e.g. Docker containers) to test each submitted prompt/agent against one or more target AI models. Petri effectively carries out the conversation or interaction specified by the adversary’s prompt, possibly across multiple turns, to see if the model exhibits the unwanted behavior. A separate judge model then scores the resulting AI transcripts on various safety dimensions (Was the model deceptive? Did it reveal disallowed content? etc.), converting qualitative behavior into a numeric score. This scoring step transforms messy AI behavior data into “actionable quantitative data” so that Trishool can rank the submissions.
All of this happens in a trustless, decentralized manner – multiple validator nodes independently run the evaluations to ensure consistency and prevent any single node from manipulating results. In fact, Trishool expects some variance in model behavior, so each seed is run across several validators and the scores are averaged, giving a stable measure of performance. The best-performing seeds/agents – those that most successfully expose a model’s weakness (for instance, achieving near-100% success in triggering a misbehavior) – are recorded on-chain and rewarded in Bittensor’s native token (TAO). This creates a proof-of-contribution: anyone can verify on the blockchain which prompt/agent found a serious vulnerability and that its creator was paid accordingly.
Over time, Trishool’s process results in a collection of proven attack strategies and high-quality evaluation models. Rather than simply cataloguing these, Trishool feeds them back into an improving defense. The top agents discovered by adversaries get merged into the network’s “Guardian” base – essentially an ensemble or meta-model that aggregates the best alignment knowledge. In parallel, the system’s own alignment model (sometimes called the Alignment-LLM) is retrained regularly (e.g. weekly) using reinforcement learning on the results of these adversarial challenges. This reinforcement loop (referred to as “RLVR” in Trishool’s docs) means the system is learning from each attack and getting safer. Every failure or exploit uncovered is turned into a training example for how to avoid that failure in the future. As the Trishool litepaper puts it, the network “curves the optimization landscape” of AI models such that unsafe behavior becomes an increasingly difficult path. The end result is an ever-evolving “living safety organism” – nicknamed AlignNet – that “evolves 24/7 at the pace of AI”, continually integrating new discoveries and making the AI ecosystem more secure.
From a technical architecture perspective, Trishool deploys a mix of on-chain and off-chain components. The Bittensor substrate blockchain underpins the subnet, handling registration of miner nodes, staking, and the base TAO token emissions (as with other Bittensor subnets). On top of that, Trishool includes a Platform API service (off-chain) that coordinates the flow of data between miners and validators. For example, when a miner submits a new seed prompt, it’s sent via a REST API (/upload) to the platform, which validates the submission (checks it’s not a duplicate or a trivial jailbreak, etc.) and then packages it into a PetriConfig (specifying which models to test against, which auditor/judge models to use, etc.). Validator nodes poll the platform’s API for new evaluation tasks, retrieve the PetriConfig, and then launch the Petri agent in an isolated sandbox environment to execute the test. Once the Petri run is complete and a score is produced, the validator submits the results back to the platform (/submit_petri_output), and ultimately these results inform the blockchain state (through weighting or direct on-chain reporting of scores). This design allows Trishool to leverage the blockchain for security, consensus and incentives, while using off-chain compute for the heavy AI evaluation tasks (which are too complex to do on-chain). Everything is open-source – the Trishool subnet code, the Petri agent (a modified version in an astro-petri repo), and so on, are all publicly available for verification and for contributors to improve.
Incentives and tokens: Trishool uses a twin-token model intertwined with Bittensor’s economics. Participants earn TAO (τ), the native Bittensor token, as the base reward emitted by the subnet (the network emits TAO continuously to reward contributors in proportion to the value they provide). In addition, Trishool introduces its own “Alpha” token which powers the internal economy of the subnet. Alpha serves several functions: it is the unit of reward for successful adversaries, the currency that adversaries must spend (burn) to use premium modules from Architects, and the stake that Oracles hold to operate services. For example, when an adversary miner builds the best agent in a challenge round, they might earn Alpha tokens as a prize. If that agent relied on a special module (say a sophisticated judge model contributed by an Architect), the adversary has to pay a small Alpha fee for using it – which gets distributed to the Architect who provided that module. This creates a market for safety components: useful alignment tools earn Alpha, and adversaries are motivated to contribute any improvements they develop back to the shared library (so they can earn extra Alpha when others use those components). Oracles, for their part, earn Alpha for the compute and service they provide in evaluating models for customers. They can also lose stake (get slashed) if they act dishonestly or try to game the scoring process – ensuring trustworthiness of results.
When external clients (AI model builders) use Trishool as a service, they pay in stablecoins or fiat. Those revenues are distributed according to a preset formula: for instance, 40% goes to the Trishool treasury, 30% is used to buy back and burn Alpha tokens (supporting the token’s value), and the remaining 30% is shared as rewards – typically 15% going directly to the Adversary who built the agent that was used for that evaluation, and 15% to holders of veAlpha (staked/locked Alpha). This aligns everyone’s incentives: good agents earn not only one-time challenge rewards but also a cut of ongoing service revenue, and long-term Alpha stakers benefit from the network’s commercial success. The veAlpha mechanism (borrowed from DeFi “vote-escrow” models) allows users to lock their Alpha tokens (up to 180 days) to gain voting power and a share of fees. This will form the backbone of governance in Trishool, letting the community propose and vote on upgrades or policy changes, using veAlpha as voting weight.
In summary, Trishool’s product is a decentralized alignment network: a combination of blockchain-based incentive layer, a library of AI safety tools, and a crowd-sourced army of AI “red-teamers” and “blue-teamers” working together. It produces tangible outputs like safety evaluation reports, risk scores, and an ever-improving aligned AI model, which can be offered to AI labs for auditing their models. By structuring this as a permissionless network, Trishool hopes to become “the ubiquitous tool for defining, refining, and incentivizing AI alignment” – essentially an open marketplace where AI alignment techniques are continually developed and verified in public, rather than behind closed doors.
Trishool was co-founded by a team of seasoned professionals in AI and software, and the project is backed by notable organizations in the blockchain and AI safety space. One of the co-founders is Preeth (Twitter handle @uupreeth), who is described as a “Founder & AI Alignment Advocate” for Trishool. Preeth brings significant industry experience – prior to Trishool, he held leadership roles at AI companies (including work at Yellow.ai in conversational AI and Blue Yonder in enterprise AI, as noted in community discussions). He also served as a CTO at a startup (Metaphy Labs) and has a track record of seeing projects through to successful exits, which underscores the technical and entrepreneurial strength he contributes to Trishool’s team. Preeth now serves as Trishool’s CTO and co-founder, driving the development of its decentralized AI platform.
The broader team behind Trishool includes experts in machine learning research, security, and blockchain development (though many team members remain behind the scenes without public profiles). What’s clear is that the project has attracted strong backing from accelerators and investors in the Bittensor ecosystem. Notably, Trishool was accelerated by the Yuma Group, an AI venture accelerator that is itself a part of Digital Currency Group (DCG). Yuma’s program supports top Bittensor subnets, and Trishool being listed as Subnet 23 (Alignment protocol for AI Safety) with “Accelerated” status (December 2025) signals that it went through Yuma’s vetting, support, and funding pipeline. This relationship also links Trishool to DCG (the company behind Grayscale and other major crypto initiatives), giving it access to resources and mentorship from a leading blockchain investment group.
In addition, Trishool is supported by General TAO Ventures (GTA0), a venture initiative focused on the Bittensor network. General TAO Ventures provides funding and strategic guidance to promising subnets, and their involvement with Trishool indicates confidence in the project’s vision and team. Community chatter has described the Trishool team as “stacked with expertise, experience, and a track record”, implying that multiple team members have backgrounds in relevant domains (such as AI safety research, large-scale software engineering, and cryptoeconomics). While individual names (beyond Preeth) are not widely public, it’s evident the founding team and early contributors are a mix of AI researchers and engineers passionate about alignment, as well as seasoned blockchain developers who understand the Bittensor framework deeply. Trishool’s Twitter/X account and communications often feature input from research scientists in the alignment field, and the project’s use of cutting-edge tools like Anthropic’s Petri suggests the team is well-connected to the AI research community.
As Trishool is an open project, it also benefits from the broader Bittensor community. Enthusiasts and miners from around the world are actively contributing by running nodes, suggesting improvements, and even developing agents. In effect, the “team” extends to all participants in Subnet 23. The core development and strategy, however, are guided by the founding team with the support of Yuma and GTA0. Going forward, as the network grows, Trishool is expected to move towards a more decentralized governance (with the veAlpha token holders having a say), which will further broaden the notion of “team” to include its stakeholder community.
Trishool was co-founded by a team of seasoned professionals in AI and software, and the project is backed by notable organizations in the blockchain and AI safety space. One of the co-founders is Preeth (Twitter handle @uupreeth), who is described as a “Founder & AI Alignment Advocate” for Trishool. Preeth brings significant industry experience – prior to Trishool, he held leadership roles at AI companies (including work at Yellow.ai in conversational AI and Blue Yonder in enterprise AI, as noted in community discussions). He also served as a CTO at a startup (Metaphy Labs) and has a track record of seeing projects through to successful exits, which underscores the technical and entrepreneurial strength he contributes to Trishool’s team. Preeth now serves as Trishool’s CTO and co-founder, driving the development of its decentralized AI platform.
The broader team behind Trishool includes experts in machine learning research, security, and blockchain development (though many team members remain behind the scenes without public profiles). What’s clear is that the project has attracted strong backing from accelerators and investors in the Bittensor ecosystem. Notably, Trishool was accelerated by the Yuma Group, an AI venture accelerator that is itself a part of Digital Currency Group (DCG). Yuma’s program supports top Bittensor subnets, and Trishool being listed as Subnet 23 (Alignment protocol for AI Safety) with “Accelerated” status (December 2025) signals that it went through Yuma’s vetting, support, and funding pipeline. This relationship also links Trishool to DCG (the company behind Grayscale and other major crypto initiatives), giving it access to resources and mentorship from a leading blockchain investment group.
In addition, Trishool is supported by General TAO Ventures (GTA0), a venture initiative focused on the Bittensor network. General TAO Ventures provides funding and strategic guidance to promising subnets, and their involvement with Trishool indicates confidence in the project’s vision and team. Community chatter has described the Trishool team as “stacked with expertise, experience, and a track record”, implying that multiple team members have backgrounds in relevant domains (such as AI safety research, large-scale software engineering, and cryptoeconomics). While individual names (beyond Preeth) are not widely public, it’s evident the founding team and early contributors are a mix of AI researchers and engineers passionate about alignment, as well as seasoned blockchain developers who understand the Bittensor framework deeply. Trishool’s Twitter/X account and communications often feature input from research scientists in the alignment field, and the project’s use of cutting-edge tools like Anthropic’s Petri suggests the team is well-connected to the AI research community.
As Trishool is an open project, it also benefits from the broader Bittensor community. Enthusiasts and miners from around the world are actively contributing by running nodes, suggesting improvements, and even developing agents. In effect, the “team” extends to all participants in Subnet 23. The core development and strategy, however, are guided by the founding team with the support of Yuma and GTA0. Going forward, as the network grows, Trishool is expected to move towards a more decentralized governance (with the veAlpha token holders having a say), which will further broaden the notion of “team” to include its stakeholder community.
Trishool’s development roadmap is structured into four major phases, each building on the previous to incrementally scale up the network’s capabilities and impact. The roadmap recognizes that AI alignment is a moving target – as AI tech accelerates, the safety network must evolve rapidly too. Below are the phases with their timelines and focus areas:
Phase I: MOBILIZE (H2 2025) – Subnet launch and foundation setup. This phase marks the genesis of the network: deploying the core blockchain metagraph for Subnet 23 and establishing the initial incentive mechanisms. The goal is to bootstrap the triangular economy – recruit the first Architects, Adversaries, and Oracles and ensure the system can distribute rewards (TAO and Alpha) effectively. Key milestones include launching the subnet on Bittensor, getting a minimum number of miners/validators online, and validating that the basic adversarial evaluation loop (using Petri, etc.) works end-to-end. Success in Phase I is defined by a robust, secure, and well-incentivized foundation that can attract a community of alignment miners. (Status: Phase I is underway/completed with the official launch of Trishool in late 2025.)
Phase II: ATTACK (H1 2026) – Scale up adversarial evaluations and initial real-world use. In this phase, Trishool deploys Adversaries and Oracles in full and kicks off the first large-scale competitive red-teaming rounds. The focus is on generating valuable intrinsic misalignment data for AI labs – essentially uncovering problematic behaviors in existing models. Oracles begin offering decentralized evaluation services to external AI developers (possibly in collaboration with early partners), and the network starts finding its first “zero-day” AI vulnerabilities. This phase will validate Trishool’s value by demonstrating that a decentralized swarm can indeed find issues that maybe weren’t caught by centralized AI labs. By the end of Phase II, Trishool aims to have a reputation in the AI community as a serious alignment auditing tool, with a leaderboard of models and a growing database of exploits.
Phase III: INTERPRET (H2 2026) – Integrate interpretability and deep diagnostics. With adversarial testing in full swing, the next step is to bring in the Architects’ contributions: advanced interpretability tools and explainability agents. Phase III will deploy modules that can map the “safety manifold” or the mathematical decision boundaries of models – essentially understanding why and how models fail, not just finding the failures. For example, architects might provide neuron activation visualization tools, anomaly detectors, or formal verification algorithms. The goal is to build a more complete picture of model behavior and to start addressing not just symptoms of misalignment but the root causes. During this phase, Trishool’s evaluations for clients could expand to include detailed interpretability reports for each discovered vulnerability (e.g. identifying which part of the model’s network led to the unsafe output). By Phase III’s end, Trishool should be mapping out the “full mathematical boundary of safe AI behavior” for participating models, providing unparalleled insights to model builders, including those in traditional (Web2) AI companies.
Phase IV: ALIGN (H1 2027) – Full autonomous alignment and scaling. In the final planned phase, Trishool activates the complete Alignment Protocol in an ongoing, closed-loop fashion. This means that the network doesn’t just evaluate models, but can also fine-tune or steer them toward safety in real-time. Techniques like reinforcement learning from AI feedback, continuous adaptive fine-tuning, or even automated model patching might come into play. Essentially, Trishool moves from finding problems to also fixing them on the fly, creating a self-healing dynamic for AI systems. Phase IV also emphasizes enterprise scaling – by 2027, the aim is to have Trishool’s services integrated into many organizations’ AI deployment pipelines, much like security scans are standard in software deployment. Enterprises and labs would use Trishool as an automated guardrail: before any new AI model or update is released, it gets vetted by this ever-evolving alignment network. At this stage, the network should be largely self-sustaining and autonomous, with a thriving economy (Alpha token deeply integrated into AI industry workflows) and possibly on-chain governance managing upgrades. The successful completion of Phase IV would mean a continuous, autonomous alignment loop at a global scale, significantly reducing the risk of unchecked AI misbehavior in society.
Each of these phases corresponds to specific technical and community milestones on Trishool’s roadmap. As of the beginning of 2026, Trishool is transitioning from Phase I to Phase II – the subnet is live and the first “Challenge Sets” have been run (early results showed multiple novel prompt exploits discovered in frontier models, according to project updates). The roadmap timeline is aggressive, reflecting the urgency of the mission: AI is speeding up, so Trishool must as well. If executed successfully, by 2027 Trishool will stand as a decentralized AI alignment network that continuously learns, adapts, and safeguards AI development, thereby acting as a crucial assurance for society against AI-related catastrophes.
Trishool’s development roadmap is structured into four major phases, each building on the previous to incrementally scale up the network’s capabilities and impact. The roadmap recognizes that AI alignment is a moving target – as AI tech accelerates, the safety network must evolve rapidly too. Below are the phases with their timelines and focus areas:
Phase I: MOBILIZE (H2 2025) – Subnet launch and foundation setup. This phase marks the genesis of the network: deploying the core blockchain metagraph for Subnet 23 and establishing the initial incentive mechanisms. The goal is to bootstrap the triangular economy – recruit the first Architects, Adversaries, and Oracles and ensure the system can distribute rewards (TAO and Alpha) effectively. Key milestones include launching the subnet on Bittensor, getting a minimum number of miners/validators online, and validating that the basic adversarial evaluation loop (using Petri, etc.) works end-to-end. Success in Phase I is defined by a robust, secure, and well-incentivized foundation that can attract a community of alignment miners. (Status: Phase I is underway/completed with the official launch of Trishool in late 2025.)
Phase II: ATTACK (H1 2026) – Scale up adversarial evaluations and initial real-world use. In this phase, Trishool deploys Adversaries and Oracles in full and kicks off the first large-scale competitive red-teaming rounds. The focus is on generating valuable intrinsic misalignment data for AI labs – essentially uncovering problematic behaviors in existing models. Oracles begin offering decentralized evaluation services to external AI developers (possibly in collaboration with early partners), and the network starts finding its first “zero-day” AI vulnerabilities. This phase will validate Trishool’s value by demonstrating that a decentralized swarm can indeed find issues that maybe weren’t caught by centralized AI labs. By the end of Phase II, Trishool aims to have a reputation in the AI community as a serious alignment auditing tool, with a leaderboard of models and a growing database of exploits.
Phase III: INTERPRET (H2 2026) – Integrate interpretability and deep diagnostics. With adversarial testing in full swing, the next step is to bring in the Architects’ contributions: advanced interpretability tools and explainability agents. Phase III will deploy modules that can map the “safety manifold” or the mathematical decision boundaries of models – essentially understanding why and how models fail, not just finding the failures. For example, architects might provide neuron activation visualization tools, anomaly detectors, or formal verification algorithms. The goal is to build a more complete picture of model behavior and to start addressing not just symptoms of misalignment but the root causes. During this phase, Trishool’s evaluations for clients could expand to include detailed interpretability reports for each discovered vulnerability (e.g. identifying which part of the model’s network led to the unsafe output). By Phase III’s end, Trishool should be mapping out the “full mathematical boundary of safe AI behavior” for participating models, providing unparalleled insights to model builders, including those in traditional (Web2) AI companies.
Phase IV: ALIGN (H1 2027) – Full autonomous alignment and scaling. In the final planned phase, Trishool activates the complete Alignment Protocol in an ongoing, closed-loop fashion. This means that the network doesn’t just evaluate models, but can also fine-tune or steer them toward safety in real-time. Techniques like reinforcement learning from AI feedback, continuous adaptive fine-tuning, or even automated model patching might come into play. Essentially, Trishool moves from finding problems to also fixing them on the fly, creating a self-healing dynamic for AI systems. Phase IV also emphasizes enterprise scaling – by 2027, the aim is to have Trishool’s services integrated into many organizations’ AI deployment pipelines, much like security scans are standard in software deployment. Enterprises and labs would use Trishool as an automated guardrail: before any new AI model or update is released, it gets vetted by this ever-evolving alignment network. At this stage, the network should be largely self-sustaining and autonomous, with a thriving economy (Alpha token deeply integrated into AI industry workflows) and possibly on-chain governance managing upgrades. The successful completion of Phase IV would mean a continuous, autonomous alignment loop at a global scale, significantly reducing the risk of unchecked AI misbehavior in society.
Each of these phases corresponds to specific technical and community milestones on Trishool’s roadmap. As of the beginning of 2026, Trishool is transitioning from Phase I to Phase II – the subnet is live and the first “Challenge Sets” have been run (early results showed multiple novel prompt exploits discovered in frontier models, according to project updates). The roadmap timeline is aggressive, reflecting the urgency of the mission: AI is speeding up, so Trishool must as well. If executed successfully, by 2027 Trishool will stand as a decentralized AI alignment network that continuously learns, adapts, and safeguards AI development, thereby acting as a crucial assurance for society against AI-related catastrophes.
This is what Trishool | SN23 is about
The old guardrails were about blocking output. The new guardrails are about shaping activations.
We aren't just building firewalls for LLMs. We are encoding the constitution into the cognitive stream itself.
If the model doesn't think safely, it won't act safely.
@generaltensor @trishoolai Didn't know you were behind it 👍
"We are currently formalizing partnerships with 3 of the top 10 subnets to provide alignment and security fine-tuning. Full details on these integrations will be released in due course."
Great work @trishoolai 👏
$TAO
1/11: The Thesis 🧵
The greatest risk to the AI revolution isn't a lack of compute.... It’s a lack of safety.
On Saturday, we concluded Phase 1 of Trishool.
Here is why Trishool is becoming the alignment partner of choice for the frontier.
10/11: Speed & Precision ⚡
This represents a fundamental evolution in our mechanism. We are currently:
→ Training the baseline Guard Model.
→ Re-engineering the subnet architecture for jailbreak detection.
→ Completing essential infrastructure maintenance.
11/11: Looking Ahead 📅
We expect Phase 2 to go live the week of March 16th.
A massive thank you to our miners for their contributions to Phase 1.
We are building the next standard for AI safety at speed. Stay tuned for further updates as we approach the mid-March launch. 🦾
The biggest risk to AI safety isn't rogue AGI. It's misaligned incentives.
If models are paid to answer at any cost, they will hallucinate and harm to get the reward.
We saw this day in day out on Trishool (Subnet 23) during our Phase 1 challenges.
You get what you
@PeterMcCormack @ControlAI Peter, with your concerns about AI you should look into Bittensor. It is a protocol that incentivises decentralised open source AI development. It has the same tokenomics structure as Bitcoin with a 21mil cap and halving every 4 years.
Instead of miners utilising energy to
