TLDR:Buterin defines security as minimizing divergence between user intent and actual system behavior at all times.Perfect security is impossible because human intent is too complex to capture in any single mathematical definition.Good security systems rely on redundant, overlapping specifications that approach user intent from multiple distinct angles.LLMs can approximate user intent as one layer of security but should never act as the sole decision-making authority.Security, as Ethereum co-founder Vitalik Buterin sees it, is not about adding more steps to a process. It is about minimizing the gap between what a user intends and what a system actually does. Buterin shared this perspective in a detailed post on X, connecting security directly to user experience. His framework draws on type systems, formal verification, and even large language models as tools to close that gap.Security and User Experience Share the Same DefinitionButerin argues that security and user experience are not separate disciplines. Both aim to reduce the divergence between user intent and system behavior. The only real difference is that security focuses on tail-risk situations — cases where divergence carries a large downside.These tail-risk situations become more dangerous when adversarial behavior is involved. A bad actor can exploit any gap between what the user intended and what the system executed. That gap, however small, becomes the attack surface.Buterin wrote, “Perfect security is impossible. Not because machines are flawed, or even because humans designing them are flawed, but because the user’s intent is fundamentally a complex object.” This framing shifts responsibility from pure engineering toward understanding human cognition itself.How I think about "security":The goal is to minimize the divergence between the user's intent, and the actual behavior of the system."User experience" can also be defined in this way. Thus, "user experience" and "security" are thus not separate fields. However, "security"…— vitalik.eth (@VitalikButerin) February 22, 2026The Problem of Representing Intent in Mathematical TermsA straightforward goal like sending one ETH to a contact named Bob already carries hidden complexity. Representing Bob as a public key or hash introduces the risk that the key does not actually correspond to Bob. Even the definition of ETH becomes contested in the event of a hard fork.More abstract goals make the problem even harder. Preserving a user’s privacy, for instance, goes well beyond encrypting messages. Metadata patterns, message timing, and communication graphs can leak substantial information even when content is fully encrypted.Buterin draws a direct comparison to early work in AI alignment, noting that robustly specifying goals is one of the hardest parts of the problem. The challenge of defining user intent in security is structurally identical to that challenge.Redundant Specifications as the Core Design PrincipleButerin’s proposed solution centers on redundancy. Good security systems ask users to specify their intent in multiple overlapping ways, and only act when those specifications align. This pattern appears across many existing tools.Type systems in programming require a developer to describe both what the code does and what shape the data takes at each step. Formal verification adds mathematical properties on top of that. Transaction simulations ask users to review expected outcomes before confirming an action.Post-assertions, multisig setups, spending limits, and new-address confirmations all follow this same structure. Each layer approaches intent from a different angle — action, expected effect, risk level, and economic bound. Together, they reduce divergence without any single layer being foolproof.How Large Language Models Fit Into This FrameworkButerin also addresses the role of LLMs within this redundancy model. A general-purpose LLM functions as an approximation of human common sense. A fine-tuned model can serve as a closer approximation of a specific user’s normal behavior patterns.That said, Buterin is clear that LLMs should never serve as the sole determinant of intent. Their value comes from the angle they offer — one that is structurally different from traditional, rule-based specifications. That difference increases the practical value of the redundancy.The broader takeaway is straightforward. Security should make low-risk actions easy and high-risk actions harder to complete. Getting that balance right, rather than adding friction across the board, is the actual engineering challenge.The post Vitalik Buterin Redefines Security as a Matter of User Intent, Not Clicks appeared first on Blockonomi.