The cybersecurity implications of quantum computing are often linked to cryptography, highlighting the urgent need to adopt post-quantum cryptography (PQC).
I addressed this topic in my previous blog, "Transitioning to Quantum-Safe Encryption," where I outlined Delinea's approach to incorporating PQC and our plans for transitioning it across our product lines.
However, a more pressing concern is the potential for quantum computing to significantly enhance artificial intelligence (AI), surpassing the capabilities of today’s classical high-performance computing (HPC) systems. The intersection of quantum computing and AI is leading to developments such as quantum machine learning (QML) and quantum-enhanced AI (QAI), which are poised to revolutionize the cyber threat landscape.
If quantum-enhanced AI poses such a risk, what steps can we take against emerging the cyber threats?
You might have wondered the same things I did when I began researching quantum-enhanced AI: who has the ability to use quantum computing for malicious purposes, and when might this become a serious threat? If quantum-enhanced AI poses such a risk, what steps can we take to prepare and defend against it?
That’s what this blog will explore.
Quantum computing and AI combine to create a Quantum Arms Race
Governments and nation-states are investing heavily in quantum computing and AI to access QML capabilities and gain an advantage in the digital world.
- NIST has been researching the effects of quantum computing on cryptography for quite some time, actively preparing for "Q-day" when a quantum computer could realistically break current encryption algorithms. This will be similar to cracking the ciphertext created by the Enigma machine of the 20th century.
- The United States Congress passed the National Quantum Initiative (NQI) Act to create the National Quantum Initiative and accelerate U.S. leadership in quantum information science, which now funds a budget of approximately $1B for research across many of the larger agencies of the U.S. Federal government.
- That pales in comparison to China's reported $15B budget for quantum research.
When will quantum AI transform cybersecurity?
Estimating when quantum-enhanced AI will become practically viable for cyber offense or defense is challenging. Forecasts vary widely. However, reputable sources provide some consensus on the milestones to watch.
Near-term (2020s)
In the remainder of this decade, experts anticipate continued progress but no decisive quantum advantage in cybersecurity yet. Quantum computers today are too error-prone and small-scale to outperform classical Machine Learning on meaningful security tasks.
Nonetheless, rapid advances are being made. IEEE experts warn of a possible "Y2Q" (Year to Quantum) moment (or NIST Q-day) within the next five years, where certain encrypted data could be decrypted by quantum means.
This aggressive estimate implies that by ~2028, a quantum computer might break some currently secure encryption, a claim reflecting optimism in error-correction breakthroughs.
Mid-term (2030s)
The 2030s are commonly viewed as the decade when quantum computing may achieve a practical impact on cybersecurity for both attackers and defenders. Multiple forecasts converge on the mid-2030s as a critical window.
The UK's National Cyber Security Centre (NCSC) has set 2035 as a deadline by which organizations must be quantum-ready, implying an expectation that quantum attacks (especially on cryptography) could materialize by then.
Similarly, some experts believe advances in quantum error correction could accelerate the timeline, making quantum decryption of certain ciphers possible by around 2035, much sooner than previously thought.
Quantum-enhanced AI (QAI) in cybersecurity
Quantum computing will redefine the way we think about computing by leveraging the unique properties of quantum qubits, such as superposition and entanglement, to solve complex problems more rapidly. The technology may also be combined with classical high-performance compute clusters as co-processors for specific tasks and problems that benefit from these advanced, unique capabilities.
Two fundamental quantum machine learning algorithms, Quantum Support Vector Machines (QSVM) and Quantum Neural Networks (QNN), enhance AI by enabling faster model training and improving optimization. This also allows AI to sift through massive datasets to identify quicker methods for attacking or defending against cyber threats.
- Offensive use cases for quantum-enhanced AI include:
-
Faster training of malicious AI models - Since quantum computing can drastically accelerate machine learning and model training through new QML algorithms, attackers may dramatically enhance the effectiveness of their attacks. They may optimize existing malware attacks, analyze vulnerabilities to discover new ways to access data, and develop improved AI-driven social engineering models.
-
Advanced deepfake and phishing attacks - Quantum-enhanced AI has the potential to generate ultra-realistic deepfakes or spear phishing emails. OpenAI's studies show that attackers are using GPT-style tools to craft spear phishing content. Quantum can accelerate the creation of realistic voice or video deepfakes for impersonation, which are typically used in business email compromise (BEC) attacks.
-
Automated vulnerability discovery- Quantum-enhanced AI has the potential to accelerate vulnerability discovery in binary code much faster than AI-based current tools used to help complete or suggest code changes. Hackers using this technology could more rapidly find zero-day vulnerabilities and weaponize them in a fraction of the time it currently takes.
-
- Defensive use cases for quantum-enhanced AI include:
-
Automated vulnerability remediation – Similar to how an attacker would use QAI to find vulnerabilities, those defending their assets can utilize the same technologies to identify vulnerabilities and address the problem before attackers exploit the vulnerability. This technology should be embraced by development and quality assurance teams as soon as possible to eliminate potential vulnerabilities in the code before it is published or pushed to production.
-
Advanced pattern recognition for threat detection – Organizations should start using AI-enhanced threat detection to pave the way for quantum-enhanced AI and ensure that they have the "sensors" in place to gather the activity and intelligence required for the analysis to actively find threats.
-
The path forward: Preparing for the quantum-AI security landscape
The cybersecurity community has faced many paradigm shifts, such as from mainframe to client-server, physical to virtual computing, and monolithic applications to microservices. What sets quantum-enhanced AI apart is the potential speed of transition and the fundamental advantage it provides to offensive operations. However, we must harness this new computing capability to bolster our defenses to ensure that the machines don't take over. (Perhaps I've watched too many sci-fi movies?)
You can take the following concrete steps today
1. Invest in post-quantum cryptography (PQC) services before it becomes an emergency. There is no way to reactively prevent a breach in a "harvest now, decrypt later" attack. The U.S. National Institute of Standards and Technology (NIST) has already selected and standardized new PQC algorithms between 2022 and 2024, and agencies are moving to implement them.
A joint advisory by CISA, NSA, and NIST urges organizations to "begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments, and engaging vendors." Delinea Secret Server's Quantum Lock is just the beginning as we invest in PQC research and integration.
2. Support research into defensive applications of quantum-enhanced AI. Begin cultivating knowledge in quantum basics and quantum-safe software development. The goal is to develop familiarity with QAI technologies early, through prototypes and pilots, so you can rapidly deploy quantum-enhanced solutions when more powerful hardware becomes available.
3. Implement AI security and risk management. While focusing on quantum, don’t ignore AI security basics. The emergence of QAI doesn't negate existing AI risks like model theft, data poisoning, or adversarial examples; in fact, quantum could amplify them. Therefore, adopting frameworks such as NIST's AI Risk Management Framework and MITRE's Adversarial ML Threat Taxonomy (ATLAS) is a recommended step.
Check out Delinea's Continuous Identity Discovery to find sanctioned and unsanctioned use of AI across your organization.
Read Gartner research: Start your quantum strategy now. If you’re not already, you should adopt a zero-trust mindset for all access management.
The creation of quantum-enhanced AI represents both an imminent threat and an advantage for cybersecurity. Offensively, it could empower threat actors with capabilities that surpass today's defenses, from cracking encryption to enabling adaptive AI-driven attacks.
Defensively, the same technologies promise to revolutionize threat detection and prevention if harnessed effectively. The race is on—essentially AI vs. AI at quantum speed, with critical infrastructure and data at stake. The quantum-AI security revolution won't happen overnight, but it’s coming. The organizations that prepare today will be the ones still standing tomorrow.
