Lab
Short, playable thought experiments — each in 60 seconds — at the intersection of ML security, distributed systems, and trustworthy AI. They're not "fun for fun" — each one demonstrates an idea from active research, and you can open an issue to discuss or suggest a new puzzle.
The Two Generals' Problem
Two armies must coordinate to attack at dawn. Their only way to communicate is by messenger across enemy-held territory — where each messenger has a real chance of being captured. Click the buttons below and try to reach certain agreement.
What this shows
This is the Two Generals' Paradox. With an unreliable channel, no finite protocol guarantees that both sides are certain the other has agreed. The last messenger could always be the one that's captured — and without knowing the last one arrived, the receiver cannot safely commit.
The implication is foundational. Every distributed system that needs agreement — database commits, blockchain consensus, atomic broadcast — must accept a weaker safety property: agreement with high probability, never with certainty. It's also why "two-phase commit" is fragile and why production systems lean on three-phase, Paxos, or Raft variants tolerant to message loss.
Spot the Watermark
Each grid below is the output signature of a trained model — colored by per-cell activation. One of them has a watermark embedded: a faint, distributed perturbation only a verifier with the secret key can detect. Can you guess which?
What this shows
The watermark is embedded as a small, distributed perturbation across specific "key cells." Without the key, the patterns are statistically indistinguishable. With it, verification is fast — and any attempt to remove the watermark distorts model behaviour in ways a verifier can still catch.
This is the core idea behind feature-based model watermarking, the line of research I published in IEEE Access — Ural & Yoshigoe (2024) and SecurePoL (2025) — which integrates watermarking with proof-of-learning to defend against spoofing attacks on training claims.