Reimagining cybersecurity in the era of AI and quantum (www.technologyreview.com)

AI and quantum are forcing a rethink of cybersecurity: Cisco argues that generative and agentic AI are already automating and accelerating attacks—from mass-targeted phishing and voice‑cloning to autonomous attack agents that can reason and adapt—while emerging quantum computers threaten to break the math behind public‑key cryptography (RSA, ECC), enabling “harvest now, decrypt later” campaigns. The upshot: defenders must match machine speed with machine-scale defenses and plan now for post‑quantum realities, or risk routine breaches becoming catastrophic at industrial scale. Technically, the recommendations are twofold. Short‑term, organizations should modernize security operations with AI‑driven detection/response, harden models and pipelines against manipulation (e.g., prompt injections), and adopt a zero‑trust architecture for continuous verification and microsegmentation. Mid‑term, prepare for post‑quantum cryptography (PQC): inventory sensitive data and keys, rotate weak keys, and plan migration to NIST‑vetted quantum‑resistant algorithms. Industry examples include Apple’s PQ3 for iMessage and Google testing PQC in Chrome; Cisco reports active investments in “quantum‑proofing” infrastructure. Surveys cited show broad recognition of these risks (≈74% report current AI impact; 90% expect escalation; ≈73% expect quantum‑enabled attacks), underscoring that defenses combining AI analytics, automation, and quantum‑immune cryptography will be essential to stay ahead.