Declared by the UN as the International Year of Quantum Science and Technology, 2025 has seen a series of significant developments in the field of quantum computing. While the technology has the potential to revolutionise entire industries, it also introduces a host of cybersecurity challenges. Notably, in an alarming strategy known as “harvest now, decrypt later”, attackers are silently stealing vast amounts of encrypted data, in preparation for a future when quantum computers will be powerful enough to break current encryption algorithms.
This threat isn’t a distant concern; it’s a reality fuelled by AI and the ever-growing attack surface. Coupled with a fragmented global response when it comes to standards and a deepening cybersecurity skills gap, many businesses are dangerously unprepared for the post-quantum era.
The technology behind the threat
Quantum computing has made significant progress in recent years, with big tech companies making major developments. Noteworthy examples include IBM introducing the 133-qubit Quantum Heron processor, designed to perform complex utility-scale calculations in chemistry, physics and material sciences with improved performance. Similarly, Google’s Willow chip, has demonstrated that it can complete advanced calculations in minutes. These breakthroughs aim to solve problems that might take classical supercomputers an impractical amount of time to perform through specialised computation.
Organisations are also investing in new types of qubits for quantum computing, to create scalable and reliable systems. Microsoft’s Majorana 1 chip, provides the foundational building blocks for a quantum computer. This innovation could bring about the realisation of a fully functional quantum computer in years rather than decades. Another example includes Amazon’s Ocelot chip, which focuses on error correction with cat qubits to achieve fault-tolerant systems.
Quantum computers are poised to complement classical systems and excel in niche tasks but their impact on cryptography is expected to prompt a worldwide transition to post-quantum encryption. The future of quantum computing is bright, yet there is still progress to be made, with many practical applications likely 15-20 years away. Challenges like the unreliability of qubits, difficulties in scaling systems, and the high costs of quantum infrastructure continue to hinder progress. These, along with scepticism about exaggerated claims, heightens overall concern.
The cybersecurity implications of the post-quantum and AI era
Similar to quantum technologies, AI offers transformative opportunities across industries, but both also pose significant cybersecurity challenges. Additionally, these two technologies can mutually enhance each other. AI improves quantum computing by optimising qubit control, reducing errors, and aiding algorithm design, as demonstrated by companies like IBM and Google. Similarly, quantum computing strengthens AI by accelerating the optimisation of tasks, solving linear systems more efficiently, and enabling quantum machine learning to uncover patterns in complex data, which is particularly beneficial in fields such as drug discovery and logistics.
Over the next five years, organisations will face increasingly sophisticated cybersecurity threats. AI-powered attacks will enable automated vulnerability detection and adaptive malware, necessitating equally advanced AI defences. At the same time, quantum may soon break traditional encryption, allowing bad actors to unlock encrypted data captured through “harvest now, decrypt later” attacks. This requires a shift to quantum-resistant cryptography amid complex migrations.
Vulnerabilities will increase as the Internet of Things (IoT) and cloud attack surfaces expands to billions of devices, particularly as IT and operational technology (OT) converge in critical infrastructure. With a focus on infrastructure and utilising commercial monitoring, geopolitical tensions may encourage state-sponsored attacks and grey-zone warfare, necessitating greater international collaboration.
The human-in-the-loop imperative
Against this backdrop of growing vulnerabilities and rising cybersecurity risk, AI can strengthen cyber defences in critical infrastructure by detecting threats in real-time and minimising disruptions, which can be further enhanced by quantum computing’s ability to speed up data processing. However, it cannot be trusted with complete autonomy.
For example, risks include adversarial attacks that deceive AI systems by inputting altered data that results in misinterpretations, and misinformed decision-making. If an organisation relies heavily on an AI system, it could result in errors that damage reputations or even legal issues. AI also struggles to rapidly respond quickly to novel threats and may become compromised or even weaponised by a bad actor. Hybrid systems with human oversight are more reliable, as they leverage AI’s speed while ensuring accountability and transparency.
Some vendors exaggerate an AI system’s capacity for autonomy, and in high-stakes situations, human-in-the-loop protection is crucial to counter sophisticated threats. Personal data is increasingly at risk of theft, which can lead to identity fraud or financial loss. Consumers should be vigilant about cybersecurity and secure communications. This has become especially critical as digital services continue to expand and traditional encryption faces increasing threats from quantum computing. With “harvest now, decrypt later” attacks already threatening privacy and AI deepfakes being used in phishing scams, many people would be surprised to learn their data has already been compromised and is widely sold on the dark web.
The new era of cybersecurity
Privacy threats will continue to grow as we see quantum and its applications evolve alongside AI-driven social engineering techniques. While we will benefit from these transformative opportunities and advancements, the risk of “harvest now, decrypt later” attacks means that sensitive information is at a serious risk.
To prepare for this, consumers and organisations must continue to prioritise basic cyber hygiene and be cautious of alarmist narratives that promote unnecessary solutions or surveillance. Business leaders must ensure they are future-proofing infrastructure, safeguarding data and addressing post-quantum and AI dangers. By preparing for the potential threats from quantum computing and AI now, organisations can ensure they are ready for the next era of cybersecurity.
Kevin Curran
Kevin Curran is Senior IEEE member and Professor of Cybersecurity at Ulster University. Prof Curran is perhaps most well-known for his work on cyber security evidenced by over 1000+ peer reviewed academic publications. His expertise has been acknowledged by invitations to present his work at international conferences, overseas universities and research laboratories. He is a regular contributor on TV & radio and in trade and consumer IT magazines with 2000+ interviews in recent years.
