As quantum computing rapidly shifts from research to reality, security teams must re-evaluate cryptography, risk management, and methods for long-term data protection. When combined with AI agents, quantum computing can fundamentally alter the cybersecurity landscape, offering substantial opportunities as well as heightened risks.
Asia-Pacific countries such as Singapore, India, China, Japan, and South Korea have made significant progress in advancing quantum hardware, software, and applications, contributing to the broader development of quantum computing. For instance, Singapore has pledged its commitment through a comprehensive National Quantum Strategy. At the same time, India’s Department of Telecommunications is actively investing in research and development initiatives to advance quantum communication networks.
The flip side of this is that Gartner predicts advances in quantum computing will make “traditional cryptography unsafe by 2029.” A team of Chinese researchers revealed last year that a method using a quantum annealing system was already able to crack a small 22-bit encryption key. While standard RSA keys are 2048 bits and this experiment didn’t threaten real-world encryption yet, it showed quantum methods making progress, underscoring the potential of quantum computing in addressing cryptographic challenges.
More recently, researchers at Google estimated that with about 1 million qubits, a quantum computer could crack a standard 2048-bit RSA key in about a week, roughly 20× faster than experts anticipated. In short, RSA isn’t defeated yet, but its days are numbered. This has compelled the Cyber Security Agency of Singapore to introduce quantum-safe encryption guidelines in 2025 that will help organisations prepare for the looming “Q-day,” when classical encryption falters. Security leaders should use this time window to transition to post-quantum algorithms and crypto-agile systems rather than panic. The race is on to upgrade cryptography before quantum computers race ahead.
This is why chief information security officers (CISOs) must take proactive steps to escalate quantum-safe encryption, rethink data privacy controls, and ensure data governance keeps pace with both quantum and AI breakthroughs.
The new frontline in cyber risk
Data encryption plays an essential role in cybersecurity. It transforms data into an unreadable format without the correct decryption key, safeguarding sensitive information from unauthorised access and exploitation. Through the conversion of readable information into unreadable ciphertext, encryption helps ensure that if data is captured, it stays private and inaccessible to harmful entities.
With quantum computing’s incredible capabilities, widely used encryption methods such as RSA and ECC (elliptic-curve cryptography) become less effective. It will therefore be crucial to prepare for migration to quantum-safe systems. This includes conducting quantum-safe risk assessments, identifying and securing key data assets, and cataloguing where cryptographic algorithms are used and what needs to be migrated.
Compounding the problem is the rise of AI agents, which can be deployed to automate and accelerate attacks. They can find vulnerabilities, create sophisticated malware, and generate convincing social engineering campaigns to bypass security controls.
Meanwhile, organisations’ own adoption of AI agents creates a proliferation of new machine identities, which also pose security risks. Amid the AI adoption race, unmanaged and unsecured machine identities are appearing across organisations.
Overburdened teams often lack the visibility to manage these super-powered bots that learn, decide, and increasingly act independently. This is having a transformative effect on operations across industries because many AI agents inherit the privileges of their human users, but not necessarily their ethics, common sense, or adherence to established rules and standard operating procedures.
The cybersecurity action plan
According to the World Economic Forum, quantum computing and AI agents are poised to be the “next global shock.” Is it even possible for organisations to protect their infrastructure and data from bad actors weaponising these technologies?
Yes, absolutely. These era-defining changes that are already underway also offer opportunities to rebuild trust, optimism, and resilience in institutions and societies.
But it will require a two-pronged approach. The first approach is a five-step action plan for a post-quantum future:
- Conduct a cryptographic analysis: Focus on a discovery process to accurately identify where and how public key encryption is utilised throughout the organisation.
- Look into post-quantum cryptography standards: The National Institute of Standards and Technology released encryption standards aimed at resisting decryption attempts made by a quantum computer. Investigate what works for your organisation and start the transition process.
- Apply encryption in multiple layers: If one-layer breaks, another layer will be there to maintain security.
- Prepare for crypto agility: Ensure your systems can quickly adjust cryptographic methods without interrupting the overall infrastructure.
- Change encryption keys regularly: Regular key and certificate updates minimise the risk period if a key is breached and compel organisations to automate their certificate management processes.
The second approach involves securing AI bots and agents. Organisations rushing to deploy AI assistants must not treat them as invisible users. These AI agents should each have a unique identity and strict privileges rather than simply borrowing a human user’s credentials. Today, many bots run with whatever access their owner has, but unlike humans, they lack judgement and will execute tasks without common-sense checks. This creates new risks. An unsupervised AI agent might consume or expose data in ways a conscientious employee never would. Security teams, already stretched thin, often lack visibility into how many AI-driven accounts exist or what they’re doing, creating a shadow identity sprawl.
To rein this in, companies should
- Discover, inventory and assign unique identities to AI agents: Every agent needs a distinct identification, authentication, and oversight, with the additional strictness necessary for machine-scale operations.
- Enable just-in-time access and zero standing privileges: Implement just-in-time access with credentials that are created for a particular purpose and duration, then automatically become invalid once no longer needed. No long-lived passwords if possible.
- Enforce the least privilege principle and apply access control frameworks: By 2028, AI agents are expected to be responsible for at least 15% of daily work choices, according to CyberArk’s 2025 “Identity Security Landscape” study. Implementing these access control models will be essential as more agents take decisions. Give each agent only the minimum rights needed.
- Implement runtime protections: This enables quicker and more precise detection of issues such as unusual behaviour and prompt injections. For instance, an AI agent gateway with monitoring features can be used to help safeguard operations performed by AI agents.
- Evaluate your AI agents: Conduct red team drills consistently. Even more effective is using AI agents to evaluate the robustness of other AI agents.
By applying the same identity-first security principles to AI agents as to human users and machine identities (unique IDs, least privilege, and oversight), CISOs can help ensure these digital coworkers remain useful tools rather than unmanaged liabilities.
With the quantum-AI collision accelerating, proactive CISOs must implement an identity-first, crypto-agile mindset. This means fortifying data governance and ensuring rapid adaptation as adversary capabilities surge. Waiting is no longer an option. The future’s strongest line of defence blends quantum-resistant encryption, pervasive identity controls, and AI-powered security operations to preserve trust and resilience.
