India AI Impact Summit Insights
All sessions

Responsible Quantum & AI: Exploring the Security Frontiers

Contents

Executive Summary

This panel discussion at an AI Impact Summit explored the convergence of quantum computing and artificial intelligence, with particular focus on cryptographic security risks and responsible governance frameworks. Speakers from Google, UK government cybersecurity, India's NITI Aayog, and DSCI outlined both the transformative potential of quantum computing (drug discovery, optimization, drug discovery) and the urgent need for post-quantum cryptography (PQC) migration to prevent "harvest now, decrypt later" attacks on sensitive data.

Key Takeaways

  1. Quantum computing is both a massive opportunity and an urgent security threat: It will unlock breakthroughs in drug discovery, optimization, and materials science—but will break current encryption. Organizations must act now on PQC migration, not after quantum computers arrive.

  2. Software-centric, library-based migration is the practical path forward: Rather than rip-and-replace approaches, use cryptographic libraries that upgrade encryption algorithms transparently, allowing organizations to maintain operational continuity while transitioning to quantum-resistant systems.

  3. India's proactive, vision-led quantum strategy (with national test beds, PQC mandates, and democratized access) offers a model for responsible technology adoption that balances innovation, security, and equity—avoiding the reactive governance mistakes made with AI.

  4. International collaboration on standards, threat assessment, and capability transparency is essential: No single country can solve quantum security alone. Standards bodies (NIST, IETF, ETSI) and cross-border partnerships are foundational to global security.

  5. Organizational action must start now with discovery and inventory: Even without certainty on CRQC timelines, all organizations—especially those in critical infrastructure, finance, and healthcare—must identify where cryptography is used, classify data by sensitivity/lifespan, and begin hybrid encryption and PQC testing.

Key Topics Covered

  • Quantum-AI Synergy: How quantum computing and AI can create complementary feedback loops—quantum simulating complex physical systems to feed AI models, while AI helps optimize quantum hardware design
  • Cryptographic Risk & Post-Quantum Cryptography (PQC): The threat posed by cryptographically relevant quantum computers (CRQCs) to current encryption; migration strategies and timelines
  • National Quantum Strategies: India's 10-year quantum roadmap; UK government's 2028–2035 PQC migration milestones; deployment in healthcare, defense, logistics, banking
  • AI Security Vulnerabilities: Data poisoning, prompt injection attacks, and other AI-specific cyber risks that must be addressed alongside quantum threats
  • Implementation Challenges: System inventory, hybrid encryption approaches, software-centric migration, and managing longer cryptographic keys
  • Industry Readiness: BFSI sector preparedness gaps; need for organizational awareness and discovery exercises
  • Governance & Standards: NIST standards, international coordination, and development of responsible quantum application frameworks
  • Digital Equity: Ensuring quantum technology benefits are not limited to wealthy nations or organizations; access democratization

Key Points & Insights

  1. Quantum-AI Flywheel Effect: Quantum processors can simulate complex physical systems (batteries, chemicals, drug molecules) at unprecedented speed, feeding high-quality data into AI models. Conversely, AI helps engineers optimize quantum hardware and stabilize quantum control systems, creating a reinforcing cycle of innovation.

  2. "Harvest Now, Decrypt Later" is an Immediate Threat: Attackers are already collecting encrypted data today, storing it for future decryption once quantum computers mature. This makes protecting "long-lived data" (sensitive information requiring secrecy for years/decades) critical now—not after quantum computers arrive.

  3. India's Quantum Vision is Proactive, Not Reactive: Unlike AI governance (which evolved reactively after problems emerged), India's national quantum strategy proactively addresses governance through: national PQC test beds, mandatory quantum readiness for critical infrastructure, India-specific benchmarks/standards, and democratized access to quantum resources for startups and researchers.

  4. PQC Migration is Software-Centric, Not Hardware-Centric: Organizations cannot replace all hardware. The recommended approach: use cryptographic libraries (e.g., Google's Tink) that can upgrade encryption algorithms behind the scenes without rewriting tech stacks or replacing infrastructure. Software updates can happen transparently while systems remain operational.

  5. UK's Three-Milestone Timeline is International Benchmark:

    • 2028: Define migration goals; conduct full discovery of cryptography usage
    • 2031: Complete early high-priority PQC migrations; refine migration roadmap
    • 2035: Complete PQC migration of all systems and services

    These timelines are based on expected international standards evolution, not a fixed quantum threat date (which remains uncertain).

  6. BFSI Sector Shows Severe Knowledge & Preparedness Gaps: In ISB's 2025 research involving 180 banks/financial institutions: 70% of CFOs/CTOs have low/moderate quantum knowledge; 87.5% are concerned about quantum-related cyber threats; preparedness to handle quantum attacks is rated 1/5. Yet 57.5% anticipate needing migration within 3 years.

  7. Longer Keys = Performance Risks: PQC algorithms require substantially longer cryptographic keys than current standards. Systems optimized for legacy key lengths may face throughput bottlenecks, latency increases, and bandwidth constraints. Organizations must audit and upgrade network infrastructure proactively.

  8. India Needs Quantum Algorithms & Software Ecosystem, Not Just Hardware: While India is building quantum hardware (6,500 crore National Quantum Mission; quantum computer in Srinagar by Sept/Oct 2024), the real value chain lies in algorithms and software. Indian organizations lag in developing quantum business applications compared to international peers (e.g., HSBC's quantum finance work vs. limited Indian banking adoption).

  9. International Standards & Collaboration are Non-Negotiable: NIST standards, IETF protocols, and ETSI (European Telecommunications Standards Institute) standards bodies require global participation from cybersecurity, cryptography, and industry experts. Standards compliance enables interoperability; national-level implementation details can vary based on market conditions.

  10. Responsible Quantum Governance Framework Needed Globally: Beyond technical migration, a "global responsible quantum application framework" is necessary to prevent misuse for destructive purposes, establish transparency on quantum capability development, and address geopolitical security implications.

Notable Quotes or Statements

Sachin Kakar (Google): "Creating a hybrid layered encryption where you already have a classic encryption of today followed by the post quantum resistant techniques on as a safety net" — describing Google's approach to avoiding the "big switch" fallacy in migration.

Sachin Kakar: "Quantum processor is a highly accurate, super powerful scientific calculator which can simulate a lot of complex things... able to handle a complex problem in under five minutes which can actually take 10 to 25 manual years."

Oliver (UK NCSC): "We simply do not know when a cryptographically relevant quantum computer will be developed... so our milestones are based on the timelines we expect for international standards to evolve."

Rama (NITI Aayog): "With quantum, we may not have that kind of window we have had for AI... it will be so quickly... that's why we want to mandate proactive steps, not reactive ones."

Rama: On rural healthcare vision: "A poor patient, a child patient somewhere in a remote village in Rajasthan suffering from a rare genetic disease... can get precision medicine delivered through a digital hospital via quantum-enabled drug discovery."

Panel consensus: "The real leadership challenge before us is not just quantum supremacy but having quantum applications more responsibly."

Speakers & Organizations Mentioned

SpeakerRole / Organization
Sachin KakarSite Lead, Privacy, Safety & Security, Google India; formerly India Site Lead for Trust, Microsoft/LinkedIn
OliverUK Government Cyber Security Technical Standards Team (FCDO, DSIT, NCSC)
RamaSenior Consultant, NITI Aayog (National Institution for Transforming India); formerly led IT & E-Communications Dept., Telangana
Vinayak / Vinayak AgarwalDSCI (Data Security Council of India)
Moderator: Ruthie/RituISB (Indian School of Business) & ISB Institute of Data Science

Organizations Referenced:

  • Google
  • Microsoft / LinkedIn
  • UK National Cyber Security Centre (NCSC)
  • NIST (National Institute of Standards & Technology, USA)
  • NITI Aayog (India)
  • DST (Department of Science & Technology, India)
  • RBI (Reserve Bank of India)
  • ETSI (European Telecommunications Standards Institute)
  • IETF (Internet Engineering Task Force)
  • FCDO (Foreign, Commonwealth & Development Office, UK)
  • DSCI (Data Security Council of India)
  • BFSI sector (Banking, Financial Services & Insurance)
  • HSBC
  • IBM, L&T, TCS (mentioned in Andhra Pradesh Quantum Valley partnership)
  • Volkswagen Group

Technical Concepts & Resources

Cryptographic & Quantum Security Concepts

  • Post-Quantum Cryptography (PQC): Encryption algorithms resistant to quantum attacks; undergoing NIST standardization
  • Cryptographically Relevant Quantum Computer (CRQC): A quantum computer powerful enough to break current RSA, ECC, and other widely-used encryption standards
  • "Harvest Now, Decrypt Later" Attack: Adversaries collect encrypted data today; decrypt it once quantum computers are available
  • Hybrid Encryption: Layering classical encryption with PQC-resistant techniques as a transitional safety net
  • Long-Lived Data: Sensitive information that must remain confidential for years or decades (e.g., state secrets, medical records, financial data)
  • Key Lengthening Problem: PQC algorithms require longer cryptographic keys than current standards (AES, RSA), creating throughput and latency challenges

AI & Quantum Concepts

  • Alpha Fold: Google's AI system for protein structure prediction (launched ~10-15 years ago, per transcript)
  • Transformer Architecture: Foundational AI architecture for large language models
  • Willow Chip: Google's quantum processor demonstrated in late 2024; solved complex problems in <5 minutes that would take classical supercomputers 10-25 years

Tools & Frameworks

  • Tink Library: Google's open-source cryptographic library enabling transparent encryption algorithm upgrades without rewriting tech stacks
  • Google Secure AI Framework: Published openly by Google for security integration in AI systems
  • NIST Standards: Foundational guidance for PQC algorithm deployment and system architecture
  • National Quantum Mission (India): 6,500 crore (~$750M USD) funding for quantum research and infrastructure development

Governance Frameworks & Standards Bodies

  • NIST Post-Quantum Cryptography Standardization: Multi-year competition selecting quantum-resistant algorithms
  • ETSI (European Telecommunications Standards Institute): Global standards body developing PQC implementation standards
  • IETF (Internet Engineering Task Force): Developing protocol standards to support PQC adoption
  • UK National Quantum Computing Centre: Acts as testbed for quantum technology development; informs UK government strategy
  • India's National Quantum Mission (NQM): Coordinated quantum research and capability development across 40+ institutions
  • DST Guidelines on Quantum-Safe Migration (India): Draft published during conference; final version to guide all sectors with distinct timelines for critical vs. general sectors

Industry & Academic Initiatives

  • Andhra Pradesh Quantum Valley Corporation: Partnership between Telangana government, IBM, NTCS, L&T
  • ISB-BFSI Quantum Study (2025): Survey of 180+ banks/financial institutions on quantum readiness (referenced data: 70% low/moderate knowledge, 87.5% concerned about quantum threats, 1/5 preparedness rating)
  • DSCI Quantum-Safe Migration Observatory: Monitoring sector-by-sector progress toward PQC migration milestones
  • Google's Internal Post-Quantum Resilient Systems: Already protecting Google's internal communications and data

Quantum Applications Identified

  • Drug Discovery & Pharma: Molecular simulation for disease treatment (cancer, rare genetic diseases)
  • Materials Science: Simulating battery chemistry and materials properties
  • Optimization: Traffic routing, logistics (India's Gatishakti project), financial portfolio optimization
  • Quantum Sensing: Improved navigation systems; radiotherapy optimization
  • Banking & Finance: Fraud detection, risk analysis, portfolio optimization
  • Defense & Aerospace: Quantum communications, quantum sensing for navigation systems