Quantum Computing vs Artificial Intelligence: What Security Teams Need to Understand

At most enterprise security conferences in 2026, quantum computing and artificial intelligence share a stage. They appear together in vendor pitches, in board risk presentations, and in procurement conversations. Occasionally they share a budget line. That conflation is costing organisations real money and leaving genuine risks unaddressed.

These two technologies are not adjacent parts of the same problem. They threaten different things, require different defences, and operate through completely different mechanisms. A security programme that treats them as a unified "emerging technology risk" produces neither adequate cryptographic migration planning nor adequate AI governance. This article works through what each technology actually does, where the security threats genuinely differ, and which specific procurement decisions fail when the two get confused.

What a Quantum Computer Actually Does

A quantum computer uses superposition and entanglement to process information in a way that has no classical equivalent. Where a classical bit holds a fixed value of 0 or 1, a qubit can exist in a superposition of both states during a computation. Entanglement allows correlated qubits to constrain each other's possible outcomes, enabling certain calculations to run across exponentially many states simultaneously. The word "certain" carries weight here. Quantum advantage is algorithm-specific. Most computational tasks gain nothing from quantum hardware. The speedups are narrow and mathematically precise (Preskill, J., "Quantum Computing in the NISQ Era and Beyond," Quantum, 2018).

Current quantum processors operate in what Preskill termed the NISQ regime: Noisy Intermediate-Scale Quantum. Error rates are high enough that fault-tolerant logical computation is not yet practical at the key sizes used in real-world cryptography. Google's December 2024 Willow paper demonstrated below-threshold error correction on 105 physical qubits, meaning error rates declined as the logical qubit was scaled up rather than increasing. That is a genuine milestone. It is not the same as a cryptographically relevant quantum computer (CRQC) capable of running Shor's algorithm against RSA-2048 in production. Thousands of physical qubits must be concatenated to produce a single fault-tolerant logical qubit for that task (Acharya, R. et al., "Quantum error correction below the surface code threshold," Nature 638, 2025).

The two quantum algorithms that matter to security teams are Shor's and Grover's. Shor's algorithm solves integer factorisation and discrete logarithm in polynomial time, breaking RSA, ECDH, and Diffie-Hellman. Grover's algorithm provides a quadratic speedup on unstructured search, which halves the effective bit security of symmetric algorithms and hash functions. AES-256 provides approximately 128-bit post-quantum security. For public-key infrastructure, RSA-2048 provides approximately zero security against a CRQC. This is the source of the urgency in post-quantum migration. Not speculation about quantum hardware timelines, but a mathematical fact about what Shor's algorithm does to the number-theoretic assumptions underlying classical PKI (Shor, P.W., SIAM Journal on Computing, 1997; Grover, L.K., ACM STOC, 1996).

What Artificial Intelligence Actually Does

Artificial intelligence, in the form that generates security risk in 2026, is primarily large-scale pattern matching running on classical hardware. A large language model predicts the most likely next token given a context window by performing matrix operations across a very high-dimensional parameter space. A fraud detection model classifies transaction patterns against a statistical model of historical fraud behaviour. An intrusion detection system labels network traffic using regularities learned from labelled training data. All of these run on GPUs and TPUs. None of them use quantum mechanics.

AI systems do not possess intent. They do not autonomously decide to break cryptography. The security risks from AI fall into four distinct categories: misuse (adversarial use of AI tools to generate phishing, deepfakes, or exploit code at scale), model attacks (prompt injection, adversarial examples, model inversion attacks on training data), supply chain risks (compromised training data, model poisoning), and governance failures (over-reliance on AI-generated decisions without human oversight). The NIST AI Risk Management Framework provides a four-function structure for addressing these: Govern, Map, Measure, Manage (NIST AI RMF 1.0, January 2023). None of these categories overlap with the cryptographic threat that a CRQC presents.

The Security Threats Are Different

A CRQC breaks the mathematical foundations of public-key cryptography. The defence is replacing vulnerable algorithms with post-quantum standards: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (Module-Lattice-Based Digital Signature Algorithm, FIPS 204) and SLH-DSA (Stateless Hash-Based Digital Signature Algorithm, FIPS 205) for digital signatures. NIST finalised all three in August 2024. Deployment is a multi-year programme involving cryptographic inventory, vendor assessment, hybrid transition, and full cut-over. AI tools do not perform this migration. AI governance does not address this threat.

AI risks require a governance response aligned to the NIST AI RMF, GDPR Article 22, which restricts solely automated decision-making with legal or similar effect on individuals, and the EU AI Act's risk classification framework (applicable to organisations placing AI systems on the EU market). Deploying ML-KEM for all key exchanges does nothing to reduce prompt injection vulnerability in your LLM-integrated customer service system. The risks live in separate layers of the stack and require separate responses.

Where They Converge (and Why the Band Is Narrow)

There are three genuine convergence points. Each sits at a different maturity level and carries a different operational weight.

The first is AI-assisted cryptanalysis. Machine learning has been demonstrated to improve lattice sieving efficiency, relevant to the Module Learning With Errors problem that ML-KEM is built on, and side-channel analysis of physical cryptographic implementations. NIST's parameter selection for FIPS 203/204/205 was deliberately conservative to account for algorithmic improvements in cryptanalysis, including those from machine learning (NIST FIPS 203, August 2024). AI-assisted cryptanalysis has not broken any NIST-selected PQC algorithm. The conservative parameter margins exist precisely to absorb this. It is worth monitoring. It is not a reason to pause PQC migration.

The second is quantum-assisted AI training. The vendor claim is that quantum computers could accelerate the training of neural networks, producing more capable adversarial AI. The technical reality in 2026 is that NISQ hardware cannot run quantum ML algorithms at a scale that outperforms classical GPUs on the training tasks relevant to security applications. The Biamonte et al. 2017 review in Nature, which remains the most cited paper on quantum machine learning, was cautious about near-term advantage claims. Subsequent dequantisation results showed that several proposed quantum ML speedups can be replicated classically under appropriate conditions (Biamonte, J. et al., Nature 549, 2017). This is an area to monitor across a three-to-five year horizon, not an immediate operational concern.

The third convergence point is the most operationally relevant right now: AI tools for cryptographic inventory. Automated code analysis and LLM-assisted scanning can identify deprecated cryptographic primitives in codebases, flagging RSA, ECDSA, and SHA-1 instances for replacement. This is a legitimate productivity tool for the first stage of a PQC migration programme. I have found it meaningfully useful for scoping cryptographic inventory work in large codebases. The output still requires human review, and the tool performs inventory, not migration. Confusing the two is one of the more common procurement errors I encounter (NIST IR 8547, Initial Public Draft, November 2024).

Assessing your organisation's quantum threat exposure is a distinct exercise from AI risk assessment. The Quantum Threat Exposure Assessment provides a structured framework specifically for the quantum cryptographic risk calculation.

Four Procurement Mistakes That Follow from Confusing Them

These are not hypothetical. Each represents a pattern I have seen repeated across organisations running parallel quantum and AI security programmes.

Mistake 1: Using an AI scanning tool as the quantum readiness programme. An organisation deploys AI-assisted cryptographic discovery, finds its RSA instances, and marks its quantum readiness work complete. Cryptographic inventory is Step 1 of a multi-year migration that includes vendor assessment, hybrid deployment, and full algorithm replacement. Knowing where your RSA is and replacing it are different operations. NIST IR 8547 makes the scope of required change explicit; the scope is not scanning.

Mistake 2: Waiting for AI to make PQC migration unnecessary. Two variants of this appear in board conversations. The first: perhaps AI systems will find efficient classical factoring algorithms, making the quantum threat moot. This reduces to the P vs NP problem, which has no known resolution path. The second: perhaps AI will find attacks on PQC before organisations commit to migrating, making migration premature. This is addressed by the conservative security margins in FIPS 203/204/205 (NIST FIPS 203/204/205, August 2024). Neither outcome is a planning basis. Both are forms of procrastination.

Mistake 3: Treating "quantum AI" as a single budget item. Several vendors co-brand quantum-inspired optimisation tools with AI workflow integration. From a security programme perspective, these represent separate risk lines. The quantum threat to cryptography requires a PQC migration programme with a named owner, a cryptographic inventory, and FIPS 203/204/205 deployment targets. AI risk requires an AI governance programme aligned to the NIST AI RMF. Bundling them produces neither.

Mistake 4: Assuming PQC migration addresses AI risk. Deploying ML-KEM for all key encapsulation and ML-DSA for all digital signatures hardens cryptographic infrastructure against a CRQC. It reduces your attack surface for the specific threat of public-key cryptography being broken by a quantum computer. It does nothing to address prompt injection in LLM-integrated systems, adversarial example attacks on ML classifiers, or AI governance failures. A security programme that has completed PQC migration is not thereby AI-safe.

What This Means for Your Risk Register

These are two separate risk lines. The first: quantum cryptographic migration. Owner should sit with the CISO or security architecture function. Measures include cryptographic inventory completion percentage, hybrid deployment progress across priority systems, and FIPS 203/204/205 deployment milestones. NIST IR 8547 (Initial Public Draft, November 2024) provides the deprecation timeline against which progress is measured.

The second: AI governance. Owner spans CISO, data science, and legal, depending on the AI Act classification of the systems in scope. Measures include NIST AI RMF maturity score, AI Act risk classification completion, and incident response coverage for AI-specific attack vectors.

They can share a board risk slide. They should not share a budget line, an owner, or a programme structure. The quantum risk requires people who understand cryptographic infrastructure. The AI risk requires people who understand model behaviour, training data governance, and automated decision-making liability. The Venn diagram has some overlap, but the professional competencies do not fully align. Conflating them in the programme structure means that neither gets the specific expertise it requires.

For the quantum migration: the starting point is a cryptographic inventory. The PQC migration guide covers how to sequence the work, and the NIST FIPS standards reference at FIPS 203, 204, and 205 parameter sets provides the algorithm specification detail. For the AI governance side, the NIST AI RMF is the most immediately deployable framework. QSECDEF members have access to practitioner-level PQC migration methodology documentation covering the full migration lifecycle, from cryptographic inventory through hybrid deployment to algorithm cut-over.


Steven Vaile is a quantum security consultant and Director at Quantum Security Defence. He advises organisations on post-quantum cryptography readiness, cryptographic migration planning, and quantum threat assessment. He is a regular speaker at international quantum security events.

View on LinkedIn | View Team | QSecDef Events