Is Your Company Ready for the Combination of AI and Quantum Computing?

It is probably safe to state that most companies are now using artificial intelligence (“AI”) tools or are seriously considering the use of AI tools. Indeed, many of your employees may be using shadow AI, the unapproved use of AI, similar to the use of shadow IT. The shadow AI train has already left the station and is likely at full speed. So, let’s talk about the train that is getting ready to leave the station—quantum computing!

Some have labeled the quantum computing problem as Q2K in reference to the year 2000 problem, Y2K. As an engineer in 1999, I was keenly focused on that problem as was the rest of the technical world. The issue was whether legacy systems would crash when the clock stuck midnight ushering in the year 2000 because many systems had the year hardcoded as 19xx. Systems do a lot of math calculations based on time and date. We spent a lot of time in 1999 looking for those hardcoded areas and pushing out new software versions to handle the Y2K issue. For many companies, the clock striking midnight was a nonevent because of the effort to prepare for that event. Now is the time for company boards to put Q2K on their 5- and 10-year plans because Q2K will be Y2K on steroids.

Nations and the private sector are pumping billions into enabling quantum computing. It is no longer a matter of if quantum computing will be viable, but when. The when is forecast to be in the next five to 10 years. Quantum computing is built on quantum mechanics, which is based on the behavior of subatomic particles. Today’s computers, known as classical computers, are built on the binary system where bits are either 1s or 0s. AI solutions will be limited by classical computer solutions. We don’t need to fully understand quantum mechanics, quantum computing or AI to talk about the risks that a post-quantum computing (“PQC”) world will pose to your encrypted data.

Encryption standards have evolved over the years as computing power has increased. Fortunately, the National Institute of Standards and Technology (“NIST”) has been working on the Q2K problem for years and has provided PQC encryption solutions for consideration and planning now.

Wait, what does this mean for my encrypted data that was exfiltrated from my company through a data breach? It was encrypted, so I did not have to report to individuals under a majority of state data breach notification laws. Well, we know that during ransomware attacks, large amounts of data are exfiltrated and we know that storage costs are cheap. The bad guys also know about Q2K and that with PQC they will be able to unencrypt that treasure trove of stored encrypted data. Plan accordingly.

In summary, we know the PQC world is inevitable. Now is the time to start planning for that world.

This document is intended to provide you with general information regarding quantum computing. The contents of this document are not intended to provide specific legal advice. If you have any questions about the contents of this document or if you need legal advice as to an issue, please contact the attorneys listed or your regular Brownstein Hyatt Farber Schreck, LLP attorney. This communication may be considered advertising in some jurisdictions. The information in this article is accurate as of the publication date. Because the law in this area is changing rapidly, and insights are not automatically updated, continued accuracy cannot be guaranteed.