SecurityWeek’s Cyber Insights 2026 examines knowledgeable opinions on the anticipated evolution of greater than a dozen areas of cybersecurity curiosity over the following 12 months. We spoke to a whole lot of particular person specialists to realize their knowledgeable opinions. Right here we discover quantum computing and its risk to present encryption, the place the usage of AI may shorten the timescale to highly effective quantum; and the unknown risk of highly effective quantum automated by superior AI.
It’s onerous to not have a dystopian view on the long run future impact of highly effective quantum computer systems wedded to superior synthetic intelligence. However at the very least we have now a number of years to organize.
Quantum computer systems are coming, with a possible computing energy virtually past comprehension. That’s a given. The recognized risk is to present public key encryption strategies, similar to RSA and ECC, which can each be crackable by Shor’s algorithm in brief timeframes. It’s believed that nation states and superior prison gangs are engaged in a widespread harvest now, decrypt later (HNDL) marketing campaign – steal and retailer knowledge and secrets and techniques in the present day, even when they’re encrypted, as a result of they are often decrypted later with quantum computer systems.
However the timing is unquantified. Quantum computer systems exist in the present day however are too ‘small’ to be a risk. Most projections don’t count on a robust quantum pc to be accessible inside the subsequent 5 years. However the fly within the ointment is the emergence of synthetic intelligence, which might be used to hurry the event of quantum (for instance, by creating extra environment friendly error correction modes), adopted by automating the usage of quantum energy when it arrives.
In actuality, no one aside from the main energy intelligence businesses is aware of the present state of quantum improvement inside different governments. We consider, and hope, that no adversarial nation is extra superior than ourselves.
The principle thrust of this dialogue will take into account the potential of marrying superior AI with highly effective quantum computer systems. We’ll most likely see little proof in 2026, but it surely might not be lengthy past that. Nonetheless, one factor is evident – we have to get thinking about the adversarial threats in addition to the home potential that may come from the wedding of quantum and AI.
There are two areas to contemplate: the recognized risk to present encryption, the place the usage of AI may shorten the timescale to highly effective quantum; and the unknown risk of highly effective quantum automated by extra superior AI sooner or later.Commercial. Scroll to proceed studying.
The expectation of PKC cryptanalysis
The approaching obsolescence of present public key cryptography brought on by more and more highly effective quantum computer systems isn’t information. In some unspecified time in the future within the comparatively close to future, quantum computer systems will be capable of run Shor’s algorithm and be capable of break present public key cryptography (PKC) “in hours relatively than millennia”.
That is the motivation behind the adversarial theft of encrypted knowledge (which just about by definition will embrace probably the most delicate knowledge) in HNDL campaigns; and the multi-year NIST endeavor to develop new publish quantum cryptography (PQC; or quantum-resistant encryption algorithms).
Present PKC is doomed. The one query is: When will this occur? This will probably be with the event of a cryptographically related quantum pc (CRQC), usually shortened to Q-Day.
John Farley, MD of cyber legal responsibility observe at Gallagher, suggests Q-Day is the polar reverse of Y2K. “With Y2K, all of us agreed on the precise date and time that it might happen – however we actually didn’t know what would occur. With quantum, we don’t have any actual consensus as to when Q-Day will happen – however there’s certainty that it’s going to have the flexibility to defeat encryption.”
This lack of a recognized timeline is necessary. It justifies, and even encourages, organizations to disregard the gravity of the risk and delay prioritizing the crypto migration to PQC – as a result of, as Farly provides, it’s not like flipping a swap, and can take time and assets.
“I perceive the hesitation: budgets are tight, timelines are anybody’s finest guess, and nobody desires to overspend earlier than the risk absolutely materializes,” provides David McNeely, CTO at Delinea.
Rob Hughes, CISO at RSA, takes a practical view of the hesitation, primarily based on attackers’ predilection for ample ROI. He highlights that quantum computing requires large funding and assets – after which factors to Scattered Spider who merely persuaded an IT assist desk to disable or reset MFA credentials, and launched a ransomware assault inflicting a whole lot of hundreds of thousands of {dollars} in losses.
“The overwhelming majority of assaults in the present day depend on, and succeed with, phishing, social engineering, password-based authentication, unpatched techniques, and patchwork entry provisioning. A risk-based strategy calls for that these dangers obtain organizations’ fast consideration, motion, and funding.” And it’s onerous to argue in opposition to that.
However that doesn’t change the truth that quantum is coming – nor that the projected timeline is shortening. It’s down from a few a long time to about ten years, and now…
Jordan Kenyon, senior quantum scientist at Booz Allen Hamilton
“Most trade roadmaps predict quantum computer systems might break present uneven cryptography inside the subsequent 5 years, and each {hardware} and algorithmic advances proceed to shift that timeline to the left,” warns Jordan Kenyon, senior quantum scientist at Booz Allen Hamilton. “As we glance forward, organizations that aren’t already inside the first part of their transition to post-quantum safety are going to be far behind the curve to guard their infrastructure.”
This can be a actual downside. Full PQC migration can now barely be accomplished earlier than Q-Day – so, 2026 is the deadline for getting began. “With federal businesses alone anticipated to spend over $7B on the transition, the urgency of adopting PQC can’t be overstated.”
Failure is daunting, she continues. “It’s necessary to acknowledge that after HNDL assortment unravels, it may be onerous to mitigate its affect. We might not perceive the total nationwide and financial safety implications for years.”
Matthew Harmon, chief technique officer at Merlin Group, provides, “This isn’t solely an information safety crucial – it’s a nationwide and financial safety crucial that might form the steadiness of world energy within the digital age.”
Nonetheless lacking from our quantum considerations is the advancing functionality of synthetic intelligence – and the potential for the 2 applied sciences to mix. Once we obtain the worldwide Q-Day, the world might be flooded by decrypted knowledge stolen earlier and weaponized by AI at scales by no means but seen; however we might imminently even have AI inside quantum computer systems to assist defend our networks.
“Quantum machine studying (QML) combines quantum computing and machine studying, focusing on complicated issues too resource-intensive for classical strategies,” explains Mike Wilkes, enterprise CISO at Aikido Safety. “Quantum offers with fuzzy values saved in qubits and machine studying offers with fuzzy values with regard to confidence scores on responses, so they really mix fairly effectively and naturally on this regard.”
He warns, nevertheless, that such a quantum pc might nonetheless be focused by the ‘front-end’ classical pc that’s wanted to organize knowledge appropriate for loading into the quantum pc. “Which means that cybersecurity professionals will stay troubled by ‘aspect assaults’ in opposition to the classical pc assets that interface with the quantum pc assets.”
When a quantum pc sufficiently highly effective for cryptanalysis arrives, will probably be prohibitively costly. Only a few organizations may have one – and the haves may have a significant cyber benefit over the have nots. The primary quantum pc will possible be owned, and maybe secretly developed, by a nation. We don’t consider any nation has but achieved so – however would we all know?
“There is not going to be very many QML environments at first and there will definitely be a large ‘first mover benefit’ with regard to stealthily breaking the trusted communications of governments, companies and the army,” continues Wilkes. “It would resemble the strategic pondering that the Allies needed to take into account after Alan Turing and his colleagues at Bletchley Park broke the Enigma code with an electromechanical machine referred to as the Bombe. They may learn the enemy’s communications. However to behave on this info would betray the truth that Enigma had been cracked.”
However sooner relatively than later after Q-Day, well-resourced adversaries may have entry to quantum energy. “Nicely-resourced attackers with on-demand quantum entry will maintain a bonus over corporations unable to afford it by cracking keys in minutes versus years, executing undetectable supply-chain assaults, and simulating defenses to bypass them, exacerbating inequalities until quantum-as-a-service fashions democratize entry,” explains Kevin Curran, IEEE senior member and professor of cybersecurity at Ulster College.
PQC is our main protection in opposition to this Armageddon. If migration hasn’t but began, it might already be too late – it’s price noting that some specialists consider we have now lower than 5 years. “Our expectation,” says Gary Mounsor, senior safety marketing consultant at e2e-assure, “is {that a} nation state will make inroads with the know-how into 2027 or 2028 after which Pandora’s Field will probably be open.”
Quantum and Synthetic Normal Intelligence
Synthetic Normal Intelligence (AGI) is outlined as a machine’s capability to outperform human intelligence at machine velocity. It’s successfully the flexibility for the machine to cause (that’s, assume) below its personal steam. Whereas many individuals consider will probably be not possible to attain, all the main foundational AI builders (OpenAI, Google DeepMind, Anthropic, xAI, Aleph Alpha and others) are working towards it. DeepMind defines it as ‘superhuman’ – techniques that outperform all people in all duties.
Timescales for achievement range. Musk is reported to have stated it might be as early as 2026; Altman that it might be in 2027 or 2028; and Demis Hassabis (DeepMind) has supplied 2030. It appears that evidently the emergence of AGI may coincide with the arrival of Q-Day; that’s, the emergence of early highly effective quantum computing.
Now take into account the impact of that stage of AI being powered by future quantum computer systems with a processing capability virtually past our present comprehension. Keep in mind that in 2023, necessary AI specialists and enterprise leaders, together with the CEOs of Google DeepMind, OpenAI and Anthropic, signed a joint assertion: “Mitigating the danger of extinction from AI must be a worldwide precedence alongside different societal-scale dangers similar to pandemics and nuclear conflict.”
We should always add that there’s a pure affinity between quantum and AGI. “The dimension of the house accessible for knowledge is exponentially giant in quantum computer systems, which is of serious significance for AGI,” says Professor Dr Frank Leymann, WSO2 know-how fellow. “Fashions will be way more complicated than classically potential, which is taken into account to be key for the cognitive capabilities of an AGI.”
You could possibly say that AGI will launch the total energy of quantum, whereas quantum will foster the expansion of AGI. However, not everyone seems to be frightened in regards to the synergy of quantum and AGI – some believing it received’t occur, and others believing any elevated threats will be countered by the improved protection it might supply.
“Combining quantum computing with AGI isn’t a critical danger for 2 causes,” says John Bruggeman, digital CISO at CBTS. “First, quantum computing is sweet for a number of issues however not a match for a lot of others. Conventional computing is not going to get replaced by quantum computing. Quantum computer systems are large, solely good for sure duties, devour a lot of power, and usually run at very, very, very low temperatures (assume -455 F or decrease).”
Second, he continues, “AGI is a long time away from being a actuality, if it will possibly even truly occur. LLMs and machine studying (ML) are nice, and the work being achieved on the LLM entrance is spectacular, with agentic instruments in a position to automate a whole lot of processes – however let’s not confuse that with intelligence.”
Equally unconcerned is Arjun Kudinoor, quantum safety advisor at Protegrity. “As soon as they’re considerably extra developed, quantum processors will start to speed up AI workflows, unlocking new potentialities in knowledge evaluation, optimization, and modeling. This rising suggestions loop between quantum applied sciences and AI is laying out the groundwork for digital safety that may be taught and evolve sooner than the threats it faces.”
Dario Perfettibile, VP and GM of European operations at Kiteworks
Nonetheless, the alternative view is extra prevalent. “The convergence of synthetic basic intelligence and quantum computing represents greater than an incremental technological shift; it’s a basic transformation in how choices are made, and conflicts are waged,” says Dario Perfettibile, VP and GM of European operations at Kiteworks.
“When quantum computer systems can break present encryption in hours relatively than millennia, and AGI techniques can autonomously determine vulnerabilities, exploit them, and reply to counterattacks sooner than human comprehension permits, we enter territory the place the standard human-in-the-loop turns into a legal responsibility relatively than a safeguard.”
He continues, “This convergence might unlock extraordinary advantages. But, the identical capabilities allow nightmare situations: autonomous cyber-weapons that adapt sooner than defenders can patch, or choice techniques that escalate conflicts past human intervention as a result of mission parameters override security constraints.”
It isn’t hypothetical, he warns. “Defenders will want quantum-enhanced risk detection merely to determine assaults designed by AGI and executed by quantum-accelerated strategies. With out quantum parity, organizations face adversaries who function in a special computational universe solely.”
Carlos Moreira, CEO and chairman of the board at SEALSQ, provides, “By 2026, quantum computing and superior synthetic intelligence will converge into a brand new computational order. Quantum processors, agent-based AI techniques, and rising AGI capabilities will work collectively at speeds and ranges of complexity that surpass human understanding. This convergence will amplify progress but in addition speed up danger. Battle has all the time pushed technological evolution; the distinction now’s that machines will more and more function sooner than people can comprehend or intervene.”
Professor Curran agrees with this. “Combining AGI and quantum computing might vastly speed up optimization throughout industries,” he says. “Examples embrace societal advantages (new medicines, environment friendly logistics) and harms (ultra-efficient offensive cyber instruments, opaque autonomous choice techniques). The velocity and scale of such techniques might outpace coverage and human oversight.”
The velocity and scale of quantum/AGI assaults is the overriding concern. “Choices and countermeasures will unfold sooner than people can course of, forcing defenders to depend on automation to maintain tempo,” says Morgan Adamski, cyber, knowledge & tech danger deputy chief at PwC US.
“Whereas this will likely enhance defensive effectivity, it raises profound questions on management, accountability, and unintended escalation. We’re approaching some extent the place know-how will function at a tempo that challenges human comprehension–and governance should evolve accordingly.”
Nigel Gibbons, director and senior advisor at NCC Group, continues, “If you happen to consider the timelines from main labs, AGI and quantum computing will arrive inside a decade, and automatic brokers are already right here. Mix them, and choice loops collapse from days and hours to seconds or microseconds. In cybersecurity, which means the attacker’s first strike might also be their last strike” he says. “Add into the combo the legacy tech and cyber debt each group is carrying, and also you notice AGI may have freedom to roam and entry to all areas.”
Retired lieutenant basic Ross Coffman, president at Ahead Edge-AI.
Retired lieutenant basic Ross Coffman, president at Ahead Edge-AI, expands on the assault versus protection state of affairs. “We’re approaching a convergence between synthetic basic intelligence and quantum computation that may remodel safety from a human-in-the-loop course of into an autonomous system of techniques,” he explains.
“Quantum acceleration will allow AI reasoning and studying to happen near-instantaneously. It would permit brokers to not solely react to knowledge however predict and preempt primarily based on probabilistic modeling that no human crew can match.”
The primary to safe it should decide who stays standing, he suggests. “The implications are binary: progress or peril.”
AI by itself is already problematic for defenders. Adversarial AI can probe hundreds of thousands of assault vectors per second, adapting in real-time to defenses as they’re deployed. By the point a human analyst acknowledges a sample, the assault has already developed past it. “This asymmetry turns into existential when quantum computing is launched into the equation,” he provides.
“When protection, finance, and infrastructure techniques function sooner than people can audit or override, ‘containment’ ceases to be a coverage. It turns into a technical limitation. A self-learning, quantum-accelerated community attacking a nation might, below the improper stimulus, escalate with out human authorization. The potential for a digital misfire – an algorithmic chain response – rivals the danger as soon as posed by nuclear command errors.”
However Coffman doesn’t consider all is essentially misplaced. “Defenders should battle velocity with velocity, deploying {hardware} and software program options able to autonomous response. The following period of deterrence is determined by putting in post-quantum cryptography mesh networks, embedding quantum-resilient encryption, autonomous key administration, and zero-trust architectures which might be proof against each human error and quantum assault. Techniques should safe themselves at machine velocity, with out ready for permission to behave.”
Aikido’s Wilkes takes a path by dystopian reasoning to at the very least one optimistic potential end result from the alliance of quantum and AI. “There’s a long-standing physics concept that if one might calculate the place and spin of each atom within the universe you’d be capable of predict the long run,” he muses.
“This verges on expressing a relatively dystopian philosophy that posits freewill and human alternative/company don’t truly exist. We’re merely chains of interactions with predictable outcomes. QML might be used to show (or disprove) such a concept.”
However on the very least, he provides, “Consider the case the place, if we knew the situation and intent of each risk actor and nation state attacker on the web, we might leverage QML to foretell their subsequent assaults and targets.”
Closing Ideas
Quantum computer systems will not be assured however are possible. AGI isn’t assured however is probably going. The mix of the 2, if and once they arrive, isn’t assured – however is nearly inevitable.
If or when that occurs, the synergy of the 2 is pure conjecture. Whereas the societal profit might be huge, the societal danger might be equally devastating. The ability and velocity of cyberattacks will probably be past human comprehension – and on this case, the primary minimize will actually be the deepest.
Will we be capable of defend in opposition to future assaults? In all probability not if cyber attackers or adversarial nations get there earlier than we are able to use related capabilities to defend.
Timing predictions for this new world order range wildly, from 2026, 2027 and 2028 by 2030 to by no means. The impact is equally debated, from quantum AGI versus quantum AGI largely cancelling one another (with an asymmetrical benefit to the adversary and a large benefit to the primary mover).
In the meantime, whereas we wait, we must always hope for the very best and put together for the worst.
Associated: Invoice Goals to Create Nationwide Technique for Quantum Cybersecurity Migration
Associated: MITRE Publishes Submit-Quantum Cryptography Migration Roadmap
Associated: IBM’s $150 Billion US Funding to Enhance Quantum Innovation and Nationwide Safety
Associated: Tech Corporations Wish to Construct Synthetic Normal Intelligence. Who Decides When AGI is Attained?
