Recently, Vitalik has repeatedly mentioned a term that may still sound unfamiliar to many people: CROPS.
The concept was first formally introduced on March 13, when the Ethereum Foundation board published the “EF Mandate.” The document stated that the EF would prioritize Ethereum’s censorship resistance, open-source values, privacy, and security — or CROPS — to support user self-sovereignty, while keeping Ethereum resistant to exploitation and improving the user experience.
This point matters, especially as AI begins to enter wallets and automated execution scenarios. At that point, CROPS is no longer only about Ethereum’s values. It may become a question of whether users can still control their own digital lives in the AI era.
1. What Exactly Is CROPS?
To understand CROPS, we first need to dispel a common misconception.
Ethereum certainly needs to improve performance and reduce costs. But it is not simply competing with other blockchains over speed and fees.
From a short-term user experience perspective, speed and cost are the most visible factors. But over a longer time horizon, Ethereum’s direction has become increasingly clear over the past two years: what it truly aims to provide is a more fundamental set of capabilities.
Users should be able to hold assets, represent their identity, sign transactions, and coordinate with others without relying on a single platform, giving up final control, or being arbitrarily blocked by a centralized service.
This is what CROPS is really about.
In the context of the EF Mandate, CROPS mainly points to five directions: Censorship Resistance, Capture Resistance — which Vitalik later added — Open Source, Privacy, and Security.
- C — Censorship Resistance: Ensuring that transactions and smart contracts cannot be tampered with or blocked because of pressure from external political forces or centralized entities.
- R — Capture Resistance: Preventing Ethereum’s governance, development roadmap, and key access points from being controlled over the long term by a small number of special interests.
- O — Open Source / Openness: Keeping the code fully open source and preserving permissionless access across the ecosystem.
- P — Privacy: Using cryptographic technologies to preserve users’ right to privacy on top of a transparent ledger.
- S — Security: Upholding the base layer’s security guarantees and providing extremely strong ultimate settlement security.
Taken together, these principles serve as a clear set of filters and guiding framework, consistent with Ethereum’s long-standing values.
At the protocol layer, this means Ethereum needs to keep improving censorship resistance, client diversity, validator decentralization, formal verification, and more. At the application layer, wallets, RPC services, browsers, signing interfaces, and account systems need to reduce their dependence on centralized entry points. At the user experience layer, security cannot rely solely on users understanding complex transactions by themselves. Risks should be surfaced before users take action through clearer signing displays, more verifiable interactions, and stronger risk warnings.
This also explains why the EF has recently been moving in more concrete directions around security, privacy, protocol resilience, and ecosystem public goods.
For example, the Ethereum Audit Subsidy program aims to lower the barrier for Ethereum ecosystem developers to access high-quality security audits. Seen more broadly, it is not just about subsidizing audit costs. It is about making “security” less of a high-cost service available only to large projects, and more accessible to small and mid-sized developers.
In late May, Vitalik again discussed his view of the EF’s future direction. He emphasized that the EF should become a smaller organization with a clearer stance and a stronger focus on long-term sustainability, rather than trying to cover every need in the ecosystem.
The reason is practical: the EF does not have unlimited resources, nor does it receive ongoing revenue from staking or transaction fees. Its limited resources should therefore go toward work that is essential to Ethereum’s CROPS values and difficult for other actors to reliably take on.
In other words, at this historical stage of Ethereum’s transition, CROPS is not an abstract slogan that puts ideals ahead of reality. It is more like a framework for defining and constraining what the EF should and should not do.
2. When CROPS Meets AI: Where Two Parallel Worlds Converge
Vitalik Buterin’s most recent effort to bring CROPS into a broader discussion came in the context of AI.
On May 28, Vitalik posted an update on local AI, saying that DeepSeek V4 had released a 2-bit quantized version that could run within roughly 90 GB of VRAM, reaching about 35 tok/s on Apple hardware and about 7 tok/s on AMD hardware. He also said that real “CROPS AI” should support multiple hardware platforms, rather than being limited to “decentralized AI.”
He also noted that there is significant overlap between a CROPS Ethereum access layer and CROPS AI. Examples include paid remote LLM calls enabled by zero-knowledge proofs, private Ethereum RPC reads, and more AI models fine-tuned for Ethereum scenarios in the future to improve smart contracts, protocol code, and ecosystem security.
This effectively places Ethereum and AI inside the same problem framework.
In the past, discussions about AI often focused on model capabilities: whether AI can write code, and especially whether it can replace humans in handling complex tasks.
But from a user security perspective, the real change brought by AI is not only that it is “more capable.” It is that AI is changing the entry point for digital operations.
This may sound familiar, but it is still important. In the past, applications had relatively clear interfaces: we opened a wallet to transfer assets, a DApp to trade, a browser to search, and a social app to post. Each application had relatively clear boundaries.
But with the arrival of AI agents, these boundaries will become increasingly blurred. Users will no longer click through functions one by one. Instead, they will express intent in natural language:
Help me find the best cross-chain route.
Help me make a swap.
Help me organize my assets.
Help me run a DeFi strategy.
Help me generate and send a transaction.
This sounds convenient. But it also raises a more important question: when AI becomes your digital agent, what exactly is it signing on your behalf? And what private information is it exposing?
If AI runs entirely in a centralized cloud environment, users’ asset information, transaction intent, address relationships, identity preferences, and behavioral patterns may all become concentrated in the hands of a small number of service providers.
This is especially important when on-chain execution depends on opaque APIs, centralized RPCs, black-box plugins, and unverifiable reasoning processes. Users may gain convenience, but they may also find it harder to know what they have actually handed over.
This is the question CROPS AI needs to answer.
An AI system that better aligns with CROPS should not only be powerful. It should also be as censorship-resistant, open, privacy-preserving, and secure as possible.
Ideally, it should be able to run locally. At the very least, in sensitive scenarios, it should reduce reliance on centralized cloud services, minimize information leakage, and allow users to understand, confirm, and retain ultimate control.
In other words, AI cannot simply become a smarter black box, especially in Web3. In the future, AI may not only summarize articles, write code, or handle customer service. It may directly participate in asset management and automated execution.
The closer AI gets to user assets, the more important CROPS becomes.
This is also why the CROPS Ethereum access layer and CROPS AI overlap.
3. What New Growth Could This Overlap Create for Web3?
From this perspective, it is only natural that Vitalik recently mentioned the overlap between the CROPS Ethereum access layer and CROPS AI.
Whether we are talking about Ethereum or AI, users are increasingly facing the same core question:
How can I use AI assistance without handing over my privacy, identity, assets, and right to choose to a centralized intermediary?
On the Ethereum side, this question appears in many forms:
How do users access on-chain data?
How do they connect to RPC services?
How do they sign transactions?
How do they confirm whether a DApp interaction is safe?
How do they avoid having all wallet queries, balance reads, and transaction broadcasts pass through a small number of centralized services?
On the AI side, the question looks different, but the structure is similar:
How do users call models?
How can prompts and personal data be protected from misuse?
How can local models handle sensitive tasks?
And when remote large-model capabilities are needed, how can users avoid exposing their identity and intent as much as possible?
These two sets of questions may seem different, but their underlying logic is very similar.
For example, when Ethereum users check balances, read transaction history, or simulate transaction outcomes, they often need to go through RPC services. RPC may look like a technical interface, but it can potentially know a user’s IP address, wallet addresses, query habits, asset structure, and interaction paths. If this data is collected centrally, a user’s on-chain privacy can gradually be pieced together.
AI users face a similar issue when calling remote models. They may expose personal preferences, financial information, or even identity clues. If users begin using AI to handle wallet operations in the future, the risk will become even greater.
This is why Vitalik’s examples — paid remote LLM calls through zero-knowledge proofs and private Ethereum RPC reads — are essentially trying to solve the same problem:
How can users access remote capabilities without exposing all of their information?
This is where CROPS Ethereum and CROPS AI converge.
On one side, there is a more private, more verifiable on-chain access layer with fewer trust assumptions. On the other side, there is a more open, more locally runnable, and more secure AI execution environment. Together, they may form a new entry point for users into the digital world.
If we extend outward from the underlying logic of CROPS, the entire Web3 ecosystem — especially the wallet layer as the main user entry point — will undoubtedly take on more responsibilities.
When users begin expressing on-chain needs through natural language, the wallet will no longer be just a signing tool. It will become the command center for users’ digital actions.
It needs to help users answer questions such as:
Can this DApp be connected?
What exactly will this transaction do?
Is this AI agent calling unnecessary data?
From this perspective, CROPS is not an abstract set of values. It will directly affect wallet product design and may help shape the next decade of Web3 interaction and the wallet space.
Final Thoughts
In the current market environment, many people may not be as interested in abstract ideas as they once were.
But in a quieter market, it becomes easier to overlook technical variables that may not look exciting in the short term, yet truly determine the long-term direction.
CROPS is worth paying attention to not because it creates a new narrative, but because it places Ethereum and AI’s long-term questions into the same framework:
As digital systems become increasingly powerful, can users still retain control?
After all, security and privacy cannot be treated as patches added after the fact.
From this perspective, in an era where AI is rapidly taking over the digital world, Ethereum’s real long-term value may lie in something more fundamental.
Being more understandable, more verifiable, more privacy-preserving, and more secure may be the real reason Ethereum remains worth building and using.