Darkbloom: Eigen Labs' Plan to Turn 100 Million Idle Macs Into a Private Inference Network

In April 2026, Eigen Labs published Project Darkbloom — a research preview of a distributed AI inference network that runs on idle Apple Silicon machines. The claim: 100 million M-series Macs sit unused for most of the day, and Darkbloom wants to organize that idle capacity into a verifiable, privacy-preserving inference market.

This is not "we wrapped a CLI around a peer-to-peer file share." It's a cryptographic architecture that specifically prevents the operator of the Mac running your inference from reading your prompts or the responses.

The problem it's solving

The current AI inference supply chain has three layers of markup: GPU manufacturers (NVIDIA) → hyperscalers (AWS, GCP, Azure, CoreWeave) → API providers (OpenAI, Anthropic, Google) → end users. At each step, the price goes up and the privacy guarantees get weaker, because every operator in the chain has potential access to your prompt data.

According to the Darkbloom site, the rough markup from silicon cost to end-user API price is "multiples." The hardware utilization story is the flip side: M-series Macs are fast enough for serious local inference (see our oMLX coverage), but most of them spend 90%+ of the day doing nothing.

The bet: if you could route inference requests to those idle machines when their owners aren't using them, you'd get cheaper inference for the requester and a new revenue stream for the Mac owner. The hard part is doing it without letting the Mac owner read your data.

How Darkbloom actually works

The architecture has three roles:

1. Requester — the application sending the prompt. Could be an IDE plugin, a chat app, a developer tool.
2. Coordinator — a Go control plane running in a Confidential VM (CVM). Authenticates the request, picks a provider node, handles billing, relays the encrypted payload.
3. Provider — a Mac running the Eigen AI inference stack on idle Apple Silicon. Owns physical custody of the hardware.

The privacy claim is the interesting part. The coordinator does see plaintext — but it runs inside a hardware-encrypted CVM (Intel TDX or AMD SEV-SNP), and the plaintext is never logged or retained. It's transient: in-memory, encrypted at rest, immediately re-encrypted before being relayed to the provider.

The provider never sees plaintext. The provider runs the model on encrypted input and returns encrypted output. The model weights are encrypted at rest. The provider's machine is a black box from the requester's perspective.

The architecture document is careful about scope. The exact claim is not "the coordinator never sees plaintext" — it's "plaintext is exposed only inside the coordinator's hardware-encrypted CVM memory, is never logged or retained, and is immediately re-encrypted for the selected provider." This is a more defensible position than the marketing sometimes suggests.

What it can do today

Darkbloom launched in research preview in April 2026 with support for text, image, and speech-to-text inference. The code is open-sourced under the Layr-Labs/d-inference GitHub repo. You can:

• Use the inference API at console.darkbloom.dev
• Run a provider node at console.darkbloom.dev/earn to earn USD from idle compute
• Read the architecture spec, threat model, and economic model

The pricing claim — "some models served at roughly half the cost of major aggregators" — depends on model size, request volume, and operator earnings sharing. Treat the specific number as marketing until you've run your own benchmark.

Why this matters

Three reasons Darkbloom is worth tracking even if you never use it:

1. Apple Silicon as commodity compute. The narrative around AI compute has been "you need NVIDIA, period." Darkbloom is one of the first serious attempts to argue that the 100 million idle Apple Silicon machines are a real resource, not a hobbyist curiosity. If the economics work, it changes the supply curve for AI inference.

2. Confidential VMs as a primitive. CVMs are now real production hardware (AWS Nitro Enclaves, Azure Confidential VMs, GCP Confidential VMs). The fact that Darkbloom can build a service whose privacy guarantee rests on a hardware primitive — not a policy promise, not a "trust us" — is the actual interesting thing. If confidential compute becomes a standard layer, more services will look like this.

3. Eigen Labs' broader play. Darkbloom is a research initiative from Eigen Labs, the team behind EigenLayer (the Ethereum restaking protocol). The connection isn't direct — Darkbloom is centralized, not crypto-native — but the team has deep experience with cryptographic attestation and operator marketplaces. The next move is probably a more decentralized version.

Where it falls short

• Provider economics are unproven. Earning meaningful money from idle Mac time depends on inference demand, model availability, and price competition from cloud providers. The site has an earnings calculator, but the only proof is the network going live.
• Coordinator is a single trust point. Even if the CVM protects against memory inspection, the coordinator operator (Eigen Labs) is still a single entity that can refuse requests, change prices, or go offline. The "verifiable privacy" is about data, not about availability or censorship resistance.
• Latency and throughput are unknown. A distributed inference network has higher tail latency than a co-located cloud deployment. Whether that's acceptable depends on the use case. Real-time chat agents probably can't tolerate it; batch evaluation jobs can.
• Closed source coordinator. The d-inference repo is open source, but the coordinator is not (per the docs). That's the half of the system you can't audit.

The honest read

Darkbloom is one of the more interesting AI infrastructure projects of 2026. The technical bet — that Confidential VMs + cryptographic attestation + Apple Silicon can produce something cheaper and more private than the current cloud stack — is real and worth testing. The economic bet — that enough Mac owners will run provider nodes to make the network viable — is unproven and the only thing that matters long-term.

If you have an M-series Mac sitting idle for most of the day, running a Darkbloom node is a low-risk way to find out whether the economics work for you personally. The privacy guarantees on the requester side are concrete; the earnings side requires experimentation.

For everyone else, Darkbloom is a project to watch. If it works, it will look obvious in retrospect. If it doesn't, we'll learn something about the limits of distributed commodity compute for AI.

---