Updated April 12, 2025
In the cybersecurity ecosystem, new developments always amplify risk. Technological advancements do much to build cyber preparedness and resilience, but they also bring new threats to the landscape. That’s where we are with cybersecurity for AI and quantum computing.
These hot topics are at such a high level that the federal government has made them a priority. AI’s role in cybersecurity is a more familiar topic, as we’ve already seen its impact as a tool for cyber professionals and hackers. The emergence of ChatGPT has been embraced for its benefits and denounced for its application in phishing and malware attacks.
Let’s review what the government agencies say and what it means for any cybersecurity team.
The Future of Cybersecurity for AI
Cybersecurity and Infrastructure Security Agency (CISA) alerted AI software makers to build security within systems from the beginning.
The proliferation of AI into applications that your employees use every day — automation, spam filtering, analysis, etc. — means the threat landscape has expanded.
This framework is already a practice in software development — DevSecOps, which emphasizes the need to be secure by design. Security should be part of the entire lifecycle. This aligns with guidance issued by CISA earlier this year.
As your organization adopts more AI across the enterprise, it has implications for your team and those you combat. Most things in technology have a double-edged sword, as the application defines it as being good or bad.
The story about quantum computing is less known but equally important.
Government Groups Issue Directives and Publish Quantum Factsheet
In August, three government agencies delivered an urgent message about these concerns. They urged organizations to create a roadmap to be ready for quantum computers to be able to break encryption, one of the biggest shields we have against data breaches.
CISA, the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) published a quantum factsheet as a resource to help with migration to post-quantum cryptography.
At its heart is being proactive about developing capabilities to secure critical data and infrastructure so that cybercriminals cannot compromise them with quantum computers.
The key component to achieving this is to replace or update public-key algorithms currently used in encryption. To do this, the factsheet recommends:
- Creating an inventory of quantum-vulnerability technology and assets
- Discussing this roadmap with vendors and partners
- Examining supply chains and how they are dependent upon quantum-vulnerable technology
- Testing and integrating planning with vendors
Many cite this factsheet as a precursor to NIST’s expected publication of post-quantum cryptographic standards in 2024.
The current administration also released a national standard document in May.
Key Points from the National Standards Strategy for Critical and Emerging Technology
The standards publication highlights the areas they should apply, including AI, machine learning, infrastructure, and quantum information technology. It lists four objectives:
- Investing: Increasing R&D funding and supporting defined standards to address risk, security, and resilience.
- Participation: Fostering cooperation between private and public sectors by removing and preventing barriers to private sector participation in standards development, improving communication between stakeholders, and working with like-minded nations.
- Workforce: Investing in education and training professionals to carry out this work will empower the new standards workforce and increase opportunities; this objective is timely and needed due to the cybersecurity talent gap.
- Integrity and Inclusion: Working with committed parties to promote integrity in global standards by deepening standards cooperation with allies to support governance and enabling broader representation in standards development.
What Do These New Threats and Guidance Mean for Organizations?
Those in the software industry aren’t the only ones to heed this information. It applies to any company, big and small. Everyone’s a target; most businesses use AI and encryption as cybersecurity tools.
These are very big-picture goals defined by the U.S. government, but they have context in what you’re doing as a cyber leader. Investments in standards and making them more accessible assist you in integrating them into your work. Improving opportunities and attracting more people to the field keeps the workforce growing, and we all benefit by being united against cybercrime.
Applying these to your cybersecurity framework isn’t something that happens overnight. The first thing to consider is the roots of your security culture and who is on your team. Are they ready and willing to adapt to new AI and quantum computing threats? Can they shift their mindset to encompass all these dramatic changes?
As much as those in the field embrace and rely on technology, it always comes back to the people behind it. All the new government guidance and standards emphasize these. They’re the best place to start to really achieve proactive cybersecurity.
AI and Quantum Computing FAQs
AI poses both opportunities and threats. Governments are concerned about:
- Autonomous decision-making in warfare
- Misinformation and deepfakes
- Bias in critical systems (e.g., law enforcement, healthcare)
- Privacy violations from mass data analysis
- Loss of control over high-speed AI-driven systems
Quantum computers could break current cryptographic algorithms, including RSA and ECC, which protect:
- Banking transactions
- Government communications
- Medical device data This potential future scenario is known as the "Quantum Threat".
Post-quantum cryptography refers to new cryptographic algorithms that are resistant to quantum attacks. Governments and standards bodies (like NIST) are actively developing and standardizing these algorithms in preparation for quantum-capable adversaries.
Yes. Governments are investing in both defensive and offensive AI and quantum strategies, including:
- AI for autonomous drones, surveillance, and cyber defense
- Quantum sensors for submarines and battlefield comms
- Potential “first-strike” advantage from quantum cryptanalysis
AI is increasingly used in diagnostics, monitoring, and decision support in medical devices. Regulatory bodies like the FDA are focused on:
- AI model explainability and bias
- Secure update mechanisms
- Postmarket surveillance Quantum threats could also impact encryption for PHI and telemetry in devices.
The U.S. has launched several initiatives:
- AI Executive Orders focused on transparency, fairness, and safety
- NIST AI Risk Management Framework
- National Quantum Initiative and funding for quantum-resistant research
- CISA and NSA guidelines on post-quantum transition planning
Some cooperation exists through groups like:
- OECD AI Principles
- Global Partnership on AI (GPAI) But currently, there is no binding global treaty, and AI/quantum arms races are already underway between major powers.
AI red teaming is a form of adversarial testing where security researchers simulate attacks on AI models to:
- Uncover bias
- Test robustness
- Discover potential misuse It’s increasingly required in AI assurance and regulatory compliance.
Encrypted data stolen today could be decrypted in the future once quantum computing becomes viable. This is called “store now, decrypt later” and poses serious national security and intellectual property risks.
- Start transitioning to post-quantum cryptography
- Audit current encryption methods and supply chain dependencies
- Monitor AI model governance and security (especially if models are customer-facing)
- Align with emerging government frameworks and best practices
