Every use case isn’t security critical. There’s a lot of AI used to render silly images and films, generate marketing copy, play games, proofread social media posts, etc.

You solve this by charging a little more for security certified AI that runs in a secure DC.

You can also easily randomize AI work load distribution, so individual nodes don’t get all queries for a whole coherent conversation or project. It makes an attack less valuable.

Apple has done some research on blinding and obfuscating AI too.

I get the sense that you don't understand security at a fundamental level. Its one thing to run non deterministic algorithms, its another thing to tie your account to a box running CP nodes. Anybody who buys into that future of computing is a complete fucktard. I'll be in my cabin.