AI, quantum, cybersecurity: Are we prepared?

The field of cybersecurity is adapting to two major technological shifts. First, the rapid evolution of artificial intelligence presents opportunities but also a dual challenge, as it is also being used to launch more sophisticated attacks and create convincing deepfakes for malicious purposes. Second, the steady progress in quantum computing means that new encryption methods will eventually have to be developed and adopted to ensure future data protection.

At the Synergy 2025 conference, a panel of experts explained what these developments mean for businesses and how corporations, governments and everyday users can better prepare to anticipate and deal with threats.

 “Our entire digital world is built on the trust we place in cryptography, from digital signatures to crypto assets," stated Christophe Bianco, Head of Sales & Bids of the Cyber Digital Solutions Business Line at Thales Luxembourg. "The issue is, tomorrow, those protections will no longer be reliable,” he added. This is because the immense processing power of quantum computing directly undermines the foundations of modern cryptography, rendering current encryption methods ineffective.

 The "harvest now, decrypt later" strategy, in which hostile actors, actively collect and store massive amounts of encrypted data awaiting the use of quantum computers to break these secrets, is a rising cybersecurity concern the panellists explored. "Think about all the harvested data that has been collected so far," Mr Bianco urged. "Think about the digital identity you rely on and think about all the trust that is in place in our digital economy. All these kinds of things will be challenged quite rapidly."

Many believe this problem is still a decade away. However, with massive state-level investments and claims from Chinese researchers about breaking military-grade encryption using a quantum computer, the panel concluded that the time for action is now.

How can organisations prepare?

Jean-Francois Mairlot, Customer Success Manager at IBM Luxembourg, laid out a practical, three-step methodology that businesses can adopt immediately based on its internal approach:

1. Assess: You cannot protect what you don’t know. The first step is to scan applications and systems to identify every instance of cryptographic algorithms in order to understand your exact exposure. “We have solutions that help to give you the list of vulnerabilities, and to create what we call a CBOM (Cryptographic Bill of Materials) so you know exactly what the risks and the vulnerabilities of your applications are.”

1. Prioritise: Based on the inventory, prioritise measures you need to take, based on systems with the most risks. This allows organisations to focus their efforts where they matter most. “There are also tools that look at the traffic and the network and gives you recommendation on which point to target first.”

3. Remediate: Mr Mairlot also explained that powerful solutions for remediation already exist in the form of new quantum-safe algorithms. “We contributed to three out of the four algorithms that were retained by the U.S. Department of Commerce’s National Institute of Standards and Technology in 2022.” Early in 2025, IBM also partnered with telecom giant, Vodafone, to protect against future smartphone security risks using its quantum-safe technolohgy.

Mark Tehrani, founder of the quantum cybersecurity startup Cyberseq, and Steven Maas, Sales Director Data & Application Security BeNeLux, added that the need for "crypto-agility" is paramount. New breakthroughs can happen at any time, meaning security systems must be designed to adapt and implement new cryptographic standards quickly.

AI security: a technical and human challenge

Shifting focus to the more immediate disruptor, artificial intelligence, the panel explored security issues surrounding its use. “We first need to differentiate between ‘AI for Security’ and ‘Security for AI’,” mentioned Mr Mairlot. While the former refers to using AI as a tool to defend our systems, the latter deals with protecting the AI models themselves from being attacked or manipulated. “All the key security products are now embedding AI. That's just the evolution. But that will not be the technology that will solve the other problem, which is AI security,” emphasised Mr Mairlot. 

He pointed to the OWASP Top 10 list, which highlights the most critical security risks associated with web applications. “I recommend people have a look at this, because it explains important risks and also provides some examples of use cases where it is possible to encounter these issues,” he advised.

Mr Bianco argued that the most significant AI-related risk may not be technical, but human. "Most of us don't understand the technology," he stated. "Because it was made so simple to use, we use it without understanding it." If users uncritically accept AI-generated outputs, they become vulnerable not just to misinformation but also to classic cyberattacks. "The number one level of fraud at the moment in Luxembourg is people paying an invoice based on a PDF where the IBAN numbers have been changed," Mr Bianco reminded the audience. “The threat isn't always a deepfake; it's often a failure of human verification — a weakness that over-reliance on AI could worsen.”