Quantum computers are getting closer to Q-day — the day when they will be able to crack existing encryption techniques — as we continue to assign more infrastructure functions to artificial intelligence (AI). This could jeopardise autonomous control systems that rely on AI and ML for decision-making, as well as the security of digital communications.
As AI and quantum converge to reveal remarkable novel technologies, they will also combine to develop new attack vectors and quantum cryptanalysis.
How far off is this threat?
For major organisations and governments, the transition to post-quantum cryptography (PQC) will take at least ten years, if not much more. Since the last encryption standard upgrade, the size of networks and data has increased, enabling large language models (LLMs) and related specialised technologies.
While generic versions are intriguing and even enjoyable, sophisticated AI will be taught on expertly picked data to do specialised tasks. This will quickly absorb all of the previous research and information created, providing profound insights and innovations at an increasing rate. This will complement, not replace, human brilliance, but there will be a disruptive phase for cybersecurity.
If a cryptographically relevant quantum computer becomes available before PQC is fully deployed, the repercussions are unknown in the AI era. Regular hacking, data loss, and even disinformation on social media will bring back memories of the good old days before AI driven by evil actors became the main supplier of cyber carcinogens.
When AI models are hijacked, the combined consequence of feeding live AI-controlled systems personalised data with malicious intent will become a global concern. The debate in Silicon Valley and political circles is already raging over whether AI should be allowed to carry out catastrophic military operations. Regardless of existing concerns, this is undoubtedly the future.
However, most networks and economic activity require explicit and urgent defensive actions. To take on AI and quantum, critical infrastructure design and networks must advance swiftly and with significantly increased security. With so much at stake and new combined AI-quantum attacks unknown, one-size-fits-all upgrades to libraries such as TLS will not suffice.
Internet 1.0 was built on old 1970s assumptions and limitations that predated modern cloud technology and its amazing redundancy. The next version must be exponentially better, anticipating the unknown while assuming that our current security estimations are incorrect. The AI version of Stuxnet should not surprise cybersecurity experts because the previous iteration had warning indications years ago.
