Will Conaway, President, Tuxedo Cat Consulting | Healthcare AI Strategist | Best-Selling Author | Cornell Teacher | MIT AI Certified.
For many organizations, the routine attempts to impersonate executives, manipulate employees, compromise suppliers and exploit cloud and software weaknesses have led to a ceaseless contest against bad actors over data, identities, payments, operations and trust.
Two technologies are accelerating the risk. AI can automate and personalize attacks at scale, and quantum computing is forcing organizations to rethink the cryptographic foundations that protect data.
AI changes the threat environment immediately by increasing speed, scale and realism. Quantum changes it more structurally by putting long-trusted encryption methods on a countdown and requiring a multiyear transition to post-quantum cryptography.
This shift is visible in familiar scams delivered at a new speed. A treasury team may receive an urgent request that appears to come from a senior executive, backed by polished language, accurate context and even synthetic voice or video. What has changed is how quickly attackers can produce credible variations and target the people most likely to approve a sensitive action.
Most organizations still treat these trends separately. In reality, they are converging into one resilience problem. AI makes attacks faster, cheaper and more convincing. Quantum pressure forces companies to identify where sensitive data and vulnerable encryption already live.
The convergence is operational as much as technical: The same weaknesses, limited visibility into data flows, weak identity controls, untracked dependencies and slow modernization leave organizations exposed to both AI-enabled attacks and delayed cryptographic migration.
AI As Both Sword and Shield
AI’s dual use is the core challenge. The same tools that help defenders detect fraud and triage alerts can help attackers automate reconnaissance, improve malware and personalize social engineering. AI security is therefore not a product category, but rather a governance, data controls and operational discipline.
AI also expands the data footprint companies must protect. Every dataset used to train or tune models, from customer chats to internal documents, can become a target for theft, misuse or manipulation.
The Rise Of Data Poisoning And Model Theft
Data poisoning occurs when an adversary corrupts training or update data so a model learns the wrong lessons, produces skewed outputs or contains a hidden backdoor that can be triggered later.
Model extraction or inversion is the attempt to recover sensitive details about a model or its training data by probing its outputs, potentially exposing intellectual property, personal information or internal business logic.
This matters because organizations increasingly use AI in decisions that affect money, safety and reputation. If a model is corrupted or reveals sensitive information, the damage can extend beyond a one-time breach to persistent, hard-to-detect errors.
Quantum Computing: The Ultimate Force Multiplier
Quantum computing raises a different kind of risk: It could eventually weaken widely used public-key encryption systems such as RSA and elliptic-curve cryptography, which protect data in transit and help verify digital identities.
The urgency comes from “harvest now, decrypt later” attacks: Adversaries can capture encrypted data today and try to decrypt it when quantum capabilities mature. In August 2024, NIST approved three post-quantum cryptography standards, FIPS 203, 204 and 205, signaling that migration planning should already be underway.
The point is not that quantum computers will break everything overnight. It is that cryptography upgrades take years because vulnerable algorithms are embedded in certificates, devices, applications and vendor products that are difficult to inventory and replace quickly.
Leaders should treat post-quantum readiness like any long-cycle infrastructure change: identify vulnerable algorithms, prioritize systems protecting long-lived sensitive data and require vendors to share migration roadmaps.
Why AI And Quantum Can No Longer Be Managed Separately
Why does this convergence matter? Because organizations now face two pressures at once. AI increases the pace, personalization and believability of attacks, while quantum risk forces encryption modernization across systems that are hard to inventory, update and govern.
The impact reaches beyond cybersecurity to fraud exposure, regulatory readiness, digital trust, third-party risk and long-term data protection. It also raises the cost of delay: Companies that do not know where critical data lives, how identities are verified or which vendors rely on outdated cryptography will struggle to respond to either risk.
That is why the same playbook increasingly applies to both risks: improve visibility into cryptography and data flows, prioritize long-lived sensitive information, secure AI development and deployment pipelines and strengthen identity verification for high-risk actions. In practice, resilience now depends less on managing AI and quantum as separate technology tracks and more on treating them as a shared governance, security and modernization challenge.
What Leaders Can Do Now
As AI and quantum risks converge, leaders should focus on the foundations attackers exploit most: weak visibility into cryptography, poor prioritization of long-lived sensitive data, weak controls around AI systems and an overreliance on trust signals for high-risk approvals. Here’s what this looks like in practice:
• Create a crypto inventory. Where do you use RSA/ECC across TLS, VPNs, code signing, device authentication and backups?
• Prioritize data by shelf life. Regulated data, M&A and trade secrets should move to the front of the post-quantum plan.
• Treat AI models like production systems. Control who can change training data, log updates and test unexpected behavior before release.
• Harden the human layer. Require phishing-resistant MFA, and use call-back procedures for payments or credential changes.
A Call To Action: Rethinking Cyber Resilience
Traditional controls still matter, but they now need AI- and quantum-specific safeguards. These include data integrity checks, model monitoring, tighter access controls and a clear path toward post-quantum cryptography. Reducing unnecessary data collection also lowers exposure.
The first steps are practical: Know where critical cryptography lives, modernize identity and access, protect the data that fuels AI and train people for a world where “seeing is believing” is no longer reliable.
The larger point is strategic: AI and quantum are reshaping cyber resilience together. One changes how quickly and convincingly attacks can be carried out. The other changes how long current defenses can be trusted. Organizations that act now will be better positioned to reduce risk and adopt both technologies with confidence.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
