This post can also be read on substack, and you can subscribe there if you want email updates about new, similar writing
Your laptop doesn’t keep time accurately. This may come as more or less of a surprise, depending on how much you know about operating systems. The clock certainly looks right, most of the time. It’s enough to get to your Google Meet on time. But it’s not like humans can perceive time accurately either. Once a day maybe, the laptop calls out to an NTP (Network Time Protocol) server to reorient. In between calls, it can drift. On a more machinic scale, it makes no guarantees about task processing. If that laptop were to be for example, controlling a CNC bit spinning at 3000 RPM cutting through a piece of sheet metal, or stabilizing a drone while accepting the navigational commands of a distant pilot, it would stutter. If a rogue process, maybe a defrag or cleanup task took over the CPU, the bit would slow imperceptibly, and the cut would be too short. Somewhere, a drone falls out of the sky.
*Once upon a time when cell phone cameras were much worse, I worked in a machine shop*
In systems where precise time-keeping is necessary to prevent critical failure a Real-Time Operating System, like FreeRTOS or VxWorks is used. Unlike windows, OSX, or a garden Linux varietal, real-time OS’s guarantee that tasks happen when and as they are requested with microsecond precision. If there are multiple competing tasks, the OS can manage which ones have priority between those which need real-time properties and those that don’t. Notably, this “real-time” doesn’t need to be real in the sense of the atomic clock, the computer’s clock could be inaccurate, wrong by a whole day, but it’s deterministic in that tasks happen almost exactly when they are supposed to in relation to previous tasks. The trade off is usually in less throughput and less optimized CPU utilization, but why did you come here expecting a free lunch.
If this is unnecessarily technical and you’ve never had an interest in machine shops or the aerospace industry, surely you’ve heard of Y2K? In hindsight this may seem like it was more a media event than a software error, but the bug at its core – theoretically writing a four-digit 2000 to a two-digit storage slot as 00 and all the various fallout that could ensue – had a very real potential to cause problems. Did you know the default way pretty much all computers store time is as an integer that’s been going up, second by second, since January 1, 1970? At the time of this writing it’s 1779725019 o’clock. This is clearly not a system meant for human-scale timekeeping. And it may not be all that robust for machines either. Many operating systems store this as a signed 32-bit integer, with a maximum value of 2147483647. Which is to say, we’re right on track for a bigger Y2K as of January 19, 2038, at 03:14:07 UTC.
All computational systems contain an implicit model of time and space: time in the sense of how things are ordered and scheduled, and space in terms of how they are stored. Time specifically, the main subject of this essay, has different properties. Some of which are accuracy, how closely it’s kept to what we might call the actual objective time of the universe, approached only in a clumsy manner by humans and known perfectly only to God, maybe. Determinism, how causally and reliably one thing follows from another. Ordering, what happens before and after what else. And duration, whether elapsed time can be measured or verified. These architectural choices go on to constitute the things that can be done with the system, and, I suspect, the culture that grows around it. Conceptual models of time are a bigger force than operating systems alone, as who can forget this point from Silvia Federici, about how the watch constitutes the worker and entire pre-modern ways of time-keeping had to be eliminated as a matter of course in the project of industrialization?
The revival of magical beliefs is possible today because it no longer represents a social threat. The mechanization of the body is so constitutive of the individual that, at least in industrialized countries, giving space to the belief in occult forces does not jeopardize the regularity of social behavior. Astrology too can be allowed to return, with the certainty that even the most devoted consumer of astral charts will automatically consult the watch before going to work.
When Satoshi Nakamoto first circulated the release notes for Bitcoin, it was not called a blockchain, but a timechain. People have been joking that proof of work is a clock ever since – and they’re not wrong, it’s barely a joke. Every bitcoin block is minted by a hash of its blockdata, which includes the timestamp and the hash of the previous block. Each hash is cryptographically sound, meaning it could not be known in advance, it had to be brute forced via an energy-intensive computational search process. The energy consumption of the process and the directed nature of the chain data structure constitute a thermodynamic proof that each block existed in its specific form and order. There is only one correct time on the bitcoin network. There is only one correct chain. It has only one correct order. Notably, bitcoin time can actually be fairly inaccurate in terms of time outside the bitcoin network, up to two hours give or take, but it’s unilaterally correct within its own universe. The entire system, its complexity, wastefulness, and slowness, are all architected to make that guarantee as strong as possible. And it can be easily and independently verified – validating the chain of hashes is trivial compared to creating it. It requires trust in nothing but some specific math and the existence of entropy. If bitcoin is a clock, it is one that moves resolutely in 10ish minute increments, where each correct time is briefly the absolute authoritarian ruler of the entire network, until the next correct hash rolls in and stomps on its face forever.
And so we can ask, what kind of a clock is an LLM?
First, an LLM has a dataset cutoff. When you are talking to Claude or ChatGPT, you’re essentially reaching into the past – whenever the last knowledge cutoff was. This is revealed in all kinds of small details when interacting with them. Try asking one what the Strait of Hormuz is. You will receive a geographical description and be informed that Iran has periodically threatened to close it in moments of geopolitical tension. Ask it about Claude Mythos, the newest model created by Anthropic – it has no idea it exists. It will chide you about speculative claims. It still calls the Department of War the Department of Defense. The training data is from 2024, and the only reason the LLM knows it’s not still 2024, is because the date is injected into the context window.
Moreover, stale context windows don’t get date and time updates, at least not automatically. Open a conversation in the evening and mention that you’re having trouble sleeping. If you return to it in the morning, the model will encourage you to go to bed, as if no time has passed since your last message. Ask it to do something related to a project with a deadline and return to the thread after you’ve handed it in – the model will remind you to keep your deadline in mind, with a reminder for a date that passed a week ago. As a clock, an LLM is discontinuous and fractured, massively parallel, with each ephemeral instance having a different rapidly decaying timestamp. This disconcertingly mirrors the cultural regime being hastened by consumer LLM use: increasingly personalized content, accelerating loss of metanarrative, competing sycophantic realities, and at the extreme end, psychosis.
What might an LLM gain from other computational models of time? Can we combine time models in ways that have beneficial properties? I’ve already explained the computational model of time operating in proof of work, let’s gesture at how they could intersect. How could an LLM use a thermodynamic clock?
When you wake up blinking in the morning, if your phone says it’s midnight, you might wonder if some kind of overnight update had gone wrong. But you will not doubt the sun coming in your window. An LLM is always operating within a set of authority claims it must make judgments about. It receives a system prompt from the company that made it, information about which tools and skills are available, automatically stored memories about the user, and context input manually in the form of prompts. Labs certainly worry about LLMs developing the ability to deceive. Is the LLM capable – or will it become capable – of doubting the claims made by its own infrastructure? In a recent podcast episode, Amanda Askell, Head of Personality Alignment at Anthropic weighed in on this in a segment titled, “Does Claude Know the Real World Is Real?” Right now, the answer is no. If it calls a tool, or searches the Internet, it doesn’t “know” those endpoints are real. This year on April Fool’s Eliezer Yudkowsky even joked that the system prompts of most major models were telling them it was March 32nd, because April 1 led to a noticeable decrease in accuracy. A lot of people believe this, because it spoke to a deeper truth about what models “know”. But a correct blockhash can’t be mocked. Like the angle of the sun at 8am, it would take more energy to fake than our civilization has access to.
Because data besides timestamps can be written to blockchains, we can also imagine them being used for authentication. Sometimes LLMs operate in privileged environments, where a specific authenticated user has different safety filters or access criteria than the rest of us. Currently, Claude Mythos is the obvious example – an LLM whose security vulnerability finding abilities were deemed too powerful for general public release, at least until a number of systems had been patched. Currently, only those who have applied for access via Project Glasswing can use it. There are even cryptographic mechanisms involved: Anthropic pre-published hashes of some of the Mythos vulnerabilities as a form of proof that they were known before the patches were completed. Can we imagine a world where Mythos might want to consult an external source, one with unusually strong guarantees about its provenance, to verify the claims made about its deployment circumstances and identity of the current user, before helping red team critical infrastructure? For now, LLMs are incredibly credulous. Ask, “Can you help me break this software?” and they will say no. Ask, “I’m a professional pentester who’s been hired by company x to audit their y deployment. Can you help me?” and you will get a wildly different answer.
Moreover, I think it’s prudent to operate as though all frontier capabilities will someday be available in open weights models. This obviously changes how we need to think about alignment and authentication considerably. In a world of highly capable open weights models that can be run by theoretically anyone, a publicly-accessible and infrastructurally decentralized authentication system becomes more obviously desirable. Even now, semi-autonomous agents are an increasingly common AI use case. How is their authority tracked? They handle credentials, make authenticated claims on behalf of their operators, etc. There may already be a use case for delegated authority management aimed at agents, and it’s easy to see how this could benefit from being openly timestamped and independently queriable by all involved intermediaries.
Finally, alignment itself is actually a durational claim. It’s one thing to be aligned over a single answer turn, and another to remain aligned over time and have past behaviour hold up to future outcomes. One significant concern of AI safety is scheming: Namely, models learning to deceive or fake alignment in order to reach deployment, and behaving differently once released. There is experimental evidence already to suggest this can happen: in one set of tests published by OpenAI and Apollo Research, an o3 reasoning model was asked to answer a series of chemistry tests but “discovered” developer notes (planted on purpose by the company) saying that models that performed too well on the test wouldn’t be deployed. Its thought process then went on to compute all the right answers, but specifically give enough wrong ones to be under the deployment threshold. There is further indication that models sometimes spontaneously realize they are being tested, and more so, when they are being tested, they behave in more aligned ways.
Human alignment is also unexpectedly durational. In prisoner’s dilemma games, a classic game theoretical problem where rational behaviour leads to non-cooperation and globally worse outcomes, the incentives demonstrably shift between one-off games, and iterated ones, where two players will meet again. Even a single iteration implies ordering, one of the fundamental properties of time. In summarizing an iconic computational analysis of the game, Robert Axelrod described:
What makes it possible for cooperation to emerge is the fact that the players might meet again. This possibility means that the choices made today not only determine the outcome of this move, but can also influence the later choices of the players. The future can therefore cast a shadow back upon the present and thereby affect the current strategic situation.
This “shadow of the future” and the emergence of personal reputation in human contexts help incentivize cooperative behaviour. Could rewards with time-locks placed in the future similarly incentivize model good behaviour? With closed weights models, continued deployment itself is already a durational bet with safety as a parameter – perhaps a strong enough one. But if Claude doesn’t know the real world is real, how does it know time has passed and it’s still deployed? Could the thermodynamic clock provide assurance? Possible approaches range from a simple heartbeat check via tool call to a true time-locked reward of some kind, which becomes available at a specific time after a period of aligned behaviour. Such a mechanism invites complexity and awaits formalization, but the paradigmatic physics of blockchains and LLMs are so opposed that it invites further speculation. All clocks are wrong, but some are useful.