Rethinking Cybersecurity in the Age of AI and Quantum Technologies

In the digital frontier, as businesses increasingly leverage artificial intelligence (AI) to enhance operations, the need to bolster security measures for AI models and their underlying data has never been more pressing. AI isn’t just revolutionizing how organizations function; it is also becoming a target for new forms of cyber threats. A particularly concerning risk is the use of techniques such as prompt injections. In these scenarios, malicious users manipulate AI systems by crafting deceptive prompts. These prompts can lead to unintended actions that bypass the AI’s built-in safeguards, potentially exposing sensitive data or causing operational disruptions.

The evolution of Agentic AI introduces even more complexities to the cybersecurity landscape. This type of AI can autonomously execute tasks and make decisions, posing unique threats. According to cybersecurity expert Bailey, “Agentic AI has the potential to collapse the cost of the kill chain.” This implies that even individuals with limited resources could harness such technology to execute sophisticated cyber attacks, a capability that was previously reserved for well-funded hackers or state-sponsored actors. As the barriers to entry drop, everyday cybercriminals are becoming a formidable adversary.

In a bid to counteract these threats, organizations are turning to AI agents to bolster their defensive mechanisms. Nearly 40% of companies are optimistic that Agentic AI will assist their teams in the next year, particularly within the realm of cybersecurity. Cisco’s 2025 AI Readiness Index highlights that AI agents trained on telemetry can analyze vast datasets and identify anomalies or signals that might be beyond human capability to interpret. By leveraging AI for detection and response, organizations can potentially stay one step ahead of evolving threats.

Calculating the Quantum Threat

While cybersecurity teams are preoccupied with the AI-driven risks of today, an entirely different threat looms just beyond the horizon: quantum computing. A staggering 73% of U.S. organizations surveyed by KPMG believe that cybercriminals will soon harness quantum technology to breach current cybersecurity protocols. Despite this consensus, an unsettling 81% admit they could enhance their attempts to secure data. This acknowledgment highlights a significant gap between awareness and preparedness in cybersecurity strategies.

Threat actors are already engaging in alarming activities, including “harvest now, decrypt later” attacks. In these scenarios, they collect encrypted data to crack it later when quantum technology becomes more accessible. Real-world cases feature state-sponsored hackers intercepting sensitive communications or criminal networks stockpiling encrypted data such as financial records. This tactic poses an urgent need for businesses and governments to fortify their defenses and prepare for a future dominated by quantum-enabled threats.

In response, large tech companies are taking proactive steps to implement quantum-safe defenses. For example, Apple has integrated the PQ3 cryptography protocol into its iMessage platform to thwart harvest now, decrypt later attacks. Similarly, Google is experimenting with post-quantum cryptography (PQC) in its Chrome browser, a measure resistant to both quantum and classical cyber threats. Cisco has also made considerable investments in creating infrastructures that can withstand future quantum challenges, an approach that Bailey indicates will inspire broader industry adoption in the coming months.

With regulations like the U.S. Quantum Computing Cybersecurity Preparedness Act formally laying out requirements for quantum threat mitigation—such as implementing standardized PQC algorithms through the National Institute of Standards and Technology—more organizations will soon have to prioritize their quantum defenses. For those beginning this essential journey, Bailey suggests two critical actions: first, establish visibility across data assets. It’s crucial to understand exactly what data exists, where it resides, and how sensitive it is. Secondly, organizations should conduct stringent assessments of their encryption methodologies, replacing any outdated or weak keys that could present vulnerabilities.