Securing the Next Generation: AI and Post-Quantum Security Trends in 2025

1. Summary

• As of December 10, 2025, organizations are grappling with the dual challenge of bolstering emerging AI systems against novel threats while simultaneously preparing their infrastructures for the quantum era. This report delivers an in-depth exploration of the contemporary quantum security landscape, emphasizing crucial components such as quantum networking technologies, federal cybersecurity strategies, and the transition to post-quantum cryptography. Notably, organizations are beginning to implement quantum key distribution (QKD) and quantum random number generation (QRNG) technologies, which are fundamental for ensuring cryptographic security that is resilient to future quantum threats. The National Cyber Security Centre (NCSC) outlines an ambitious National Quantum Strategy aimed for significant advancement by 2035, indicating a convergence of governmental and private sector efforts to secure the digital landscape against anticipated quantum computing capabilities.

• Furthermore, the report highlights significant steps currently underway, including the establishment of standardized post-quantum cryptography (PQC) algorithms and the integration of quantum-safe encryption solutions that enhance blockchain security. The adoption of these technologies serves not only to meet immediate security needs but also to set the groundwork for long-term resilience. In parallel, a thorough analysis of AI security and risk management trends reveals the growing importance of secure-by-design principles, zero-trust integration, and proactive risk management strategies that address vulnerabilities specific to agentic AI systems. This dual approach underscores the need for ongoing governance and standardization efforts, as epitomized by the Agentic AI Foundation and the NIST AI Risk Management Framework.

• Looking to the future, the convergence of AI and quantum security emerges as a focal point for innovation and strategic foresight. Organizations are expected to pivot towards integrated deployment platforms, enhancing operational efficiencies while addressing trust and compliance as board-level priorities. The necessity for agile frameworks capable of accommodating evolving threats underscores the importance of collaborative efforts across sectors in establishing secure architectures that bridge the gaps between AI capabilities and quantum resilience.

2. Quantum Security Landscape

• 2-1. Quantum networking technologies

• Quantum networking technologies represent a foundational aspect of the evolving quantum security landscape. The National Cyber Security Centre (NCSC) highlights significant advances in quantum networking, particularly in Quantum Key Distribution (QKD) and Quantum Random Number Generation (QRNG). QKD allows for the secure sharing of cryptographic keys by detecting eavesdropping attempts, thereby providing a level of security unmatched by classical methods. QRNG, on the other hand, leverages quantum mechanics to produce truly random numbers essential for cryptographic applications. As of December 10, 2025, the integration of these technologies into existing communication infrastructures has entered a critical phase, with practical deployments beginning to materialize. The NCSC's implementation of the National Quantum Strategy aims for substantial advancement in quantum networking capabilities by 2035.

• 2-2. Federal quantum cybersecurity strategy

• The United States has established a comprehensive federal quantum cybersecurity strategy, notably articulated in documents released by the Government Accountability Office (GAO). This strategy focuses on three main goals: standardizing post-quantum cryptography (PQC), migrating federal systems to these new standards, and ensuring all sectors of the economy prepare for potential quantum threats. As of now, implementation is in progress, although critiques highlight the need for enhanced coordination via the Office of the National Cyber Director. Given that a cryptographically relevant quantum computer could be developed in the next decade, the urgency to elevate this strategy is paramount as agencies continue to strengthen their defenses against both current and emerging quantum threats.

• 2-3. Migration to post-quantum cryptography

• The migration to post-quantum cryptography is a proactive response to the impending threats posed by quantum computing. Under the guidance of the Office of Management and Budget (OMB), federal agencies are currently conducting inventories of their cryptographic systems to transition towards quantum-resistant solutions. This initiative follows the directives outlined in National Security Memorandum 10, emphasizing the transition to PQC to mitigate risks expected by 2035. The focus on high-value assets and critical impact systems is crucial as these represent the most vulnerable points within government operations. As of now, agencies are expected to prioritize this transition, ensuring they remain secure against future quantum computing capabilities.

• 2-4. Standardizing quantum-resistant algorithms

• Standardization of quantum-resistant algorithms is central to securing communications against quantum threats. Following rigorous scrutiny, the National Institute of Standards and Technology (NIST) has begun to endorse specific algorithms intended for use in post-quantum cryptography. The recent endorsement of algorithms like ML-DSA, aimed at the automotive industry by organizations such as AUTOCRYPT, illustrates a growing trend toward readiness for quantum resilience. As of December 2025, the transition to these standardized PQC algorithms is in its initial stages, with industries starting to implement and adapt these solutions. The completion of this standardization process is set to significantly enhance the cryptographic landscape by providing consistent and robust defenses against quantum attacks.

• 2-5. Hardware extensions for PQC

• As organizations transition to post-quantum cryptographic systems, the necessity for compatible hardware has become crucial. This necessity is being addressed through the production of hardware extensions designed specifically to support PQC algorithms. Such enhancements are vital as they enable existing cryptographic infrastructures to accommodate new standards, ensuring a smooth transition while maintaining operational continuity. Ongoing collaborations between hardware manufacturers and cybersecurity entities aim to expedite the development of these hardware solutions, and their successful implementation is anticipated within the next few years.

• 2-6. Quantum-safe encryption layers

• The integration of quantum-safe encryption layers signifies a transformative shift in how organizations protect their data against advanced computation threats. Recent advances, particularly by companies like Global Trustnet, demonstrate a proactive approach to adopting quantum-resistant cryptography across their blockchain security frameworks. By establishing quantum-safe encryption, organizations not only bolster their defenses against potential quantum computing vulnerabilities but also enhance their overall risk management strategies. Such initiatives are tremendously important as they prepare critical infrastructures for the long-term realities posed by quantum capabilities.

• 2-7. Post-quantum PKI solutions

• Public Key Infrastructure (PKI) solutions are transitioning to support post-quantum standards, an essential development for maintaining trust in digital communications. The launch of solutions like AUTOCRYPT’s AutoCrypt PKI-Vehicles illustrates the immediate need for secure vehicle communications that are resilient against future quantum threats. This strategic move not only responds to the evolving landscape of cybersecurity but also aligns with global standards being established by NIST. As PKI systems begin adopting post-quantum algorithms, the automotive and other industries are paving the way for more secure, quantum-resilient infrastructure that meets the demands of tomorrow's cybersecurity landscape.

3. AI Security and Risk Management

• 3-1. Secure platforms for AI transformation

• As organizations increasingly embrace AI, the demand for effective and scalable security solutions has become critical. According to a report by Gartner, available early December 2025, enterprises face a paradox: the integration of AI into their transformation agendas can quickly become derailed by inadequate security measures. This report stresses that a modular integrated AI security platform (AISP) is essential for organizations to ensure the safety and compliance of their AI systems. The recommended approach includes two phases: first, securing the usage of third-party AI services, and second, expanding security measures to protect AI applications developed internally. By effectively understanding AI usage within organizations, leaders can mitigate risks associated with shadow AI and unmanaged agents, which often expose sensitive data and intellectual property.

• The need for specialized tools arises from the unique characteristics of AI systems—specifically, their probabilistic nature and tendency to evolve over time. Traditional security tools, designed for deterministic systems, struggle to provide sufficient oversight. Consequently, new tools capable of discovering AI models, assessing vulnerabilities, and ensuring compliance are being developed. For instance, ModelOps platforms can facilitate the lifecycle management of AI/ML models, offering functionalities such as cataloging, monitoring API calls, and tracking data lineage, thereby enhancing governance and risk management.

• 3-2. Emerging AI risk management trends

• AI introduces both transformational opportunities and substantial risk management challenges. Key trends shaping AI risk management include the application of predictive analytics, generative AI capabilities, and adaptive risk modeling. Predictive analytics utilize machine learning to detect patterns and predict future risks, enhancing threat detection capabilities in areas like network security and fraud prevention. Generative AI plays a dual role; it not only aids in analyzing risk factors but can also serve as a powerful tool for providing risk mitigation strategies.

• Adaptive risk modeling represents a paradigm shift from static approaches. By leveraging AI, organizations can create dynamic models that continuously update risk assessments based on real-time data inputs, in stark contrast to conventional methods reliant on historical data. This shift allows enterprises to respond proactively to evolving threats, a necessity acknowledged by federal agencies and contractors who are increasingly adopting AI solutions to enhance their risk management frameworks.

• 3-3. Secure by design AI systems

• Implementing 'Secure by Design' principles is paramount in developing AI systems that withstand and respond adequately to vulnerabilities. The focus is not solely on adding security as an afterthought but embedding it throughout the development lifecycle. The integration of AI-aware security tools is crucial to manage the complexities introduced by AI. These specialized tools can track the deployment and operation of AI models, assess their security posture, and ensure robust governance.

• Tools such as AI model scanners, vulnerability feeds, and code signing methods are instrumental in establishing a Secure by Design approach. AI model scanners not only analyze code for vulnerabilities but also assess models in real-time during operation, providing insights necessary for proactive defense strategies. Moreover, the application of AI-specific DLP (Data Loss Protection) solutions is critical in monitoring unintended data disclosures from AI outputs, establishing a comprehensive safety net against data breaches.

• 3-4. Vulnerabilities in agentic AI

• Agentic AI, representing the next frontier in autonomous systems, poses unique vulnerabilities that require specialized attention. Recent research has pioneered a safety and security framework tailored for these systems, revealing intricate risks associated with interactions between models, data, and utilities. Vulnerabilities linked to data poisoning, model inversion, and prompt injection necessitate robust mechanisms for both preemptive testing and ongoing monitoring during operation.

• The complexity of agentic systems stems from their nondeterministic behaviors, making traditional security assessments insufficient. Continuous evaluation methods—such as end-to-end traceability and the use of threat snapshots for monitoring specific workflows—are essential. This proactive approach allows organizations to identify and mitigate risks effectively, ensuring the security of AI-driven decisions and maintaining the integrity of operational control.

• 3-5. Zero Trust integration in AI workflows

• The Zero Trust security model has gained traction as a foundational principle in securing AI workflows. Zero Trust posits that no entity—users or applications—should be inherently trusted, necessitating verification at every stage of interaction. Implementing this model in AI settings fosters a comprehensive approach to minimize risks associated with data leaks and unauthorized access.

• Organizations are increasingly adopting Zero Trust principles to provide granular access controls and continuous validation of user interactions with AI systems. By leveraging AI's capabilities in monitoring and anomaly detection, teams can enhance their security posture against both external threats and internal vulnerabilities. As AI technologies evolve, combining Zero Trust strategies with AI system integrations will be critical to maintaining robust defense mechanisms.

4. Governance and Standardization Efforts

• 4-1. Agentic AI Foundation initiative

• As of December 10, 2025, the Agentic AI Foundation (AAIF) has emerged as a pivotal entity in the governance of AI agents, aiming to standardize protocols and ensure interoperability across various systems. Launched in December 2025 with contributions from organizations such as OpenAI, Anthropic, and Block, the foundation focuses on preventing the fragmentation of AI technologies into incompatible products. This initiative seeks to foster an open-source environment for AI agent development, where shared protocols such as the Model Context Protocol (MCP) and AGENTS.md are established.

• The AAIF's structure is intended to avoid proprietary frameworks that could lead to vendor lock-in, encouraging the development of a collaborative ecosystem instead. This aligns with the increasing need for transparent, interoperable AI systems that can operate across different platforms, thus promoting user trust and technological integrity in AI solutions.

• 4-2. NIST AI Risk Management Framework 1.0

• The National Institute of Standards and Technology (NIST) has published the NIST AI Risk Management Framework (AI RMF 1.0), which serves as a voluntary guidance tool designed to assist organizations in identifying, evaluating, and managing risks associated with AI technologies. Released in January 2023, this framework emphasizes building trustworthiness into AI systems from their inception rather than treating it as a secondary concern.

• The AI RMF comprises four key functions: GOVERN, MAP, MEASURE, and MANAGE, which together form a comprehensive approach to AI risk management throughout the lifecycle of AI systems. The framework invites organizations to customize its recommendations based on their specific contexts and needs, ultimately helping establish clear governance structures and instilling confidence among stakeholders.

• NIST's ongoing efforts include the development of sector-specific profiles and a focus on generative AI risks, ensuring the framework remains relevant amidst the evolving landscape of AI technologies.

• 4-3. AI governance frameworks and playbooks

• In addition to the AI RMF, NIST has introduced playbooks and resources that assist organizations in aligning with governance standards for responsible AI deployment. These documents provide practical examples and step-by-step guidance for organizations looking to implement the framework's principles effectively.

• Notably, the NIST AI RMF Playbook outlines actionable strategies for achieving trustworthy AI outcomes across various operational scenarios, reinforcing the importance of accountability and transparency. By emphasizing contextual adaptation of governance processes, NIST aims to empower organizations to respond proactively to the unique challenges posed by AI systems.

• 4-4. Compliance roadmap for trusted AI

• As organizations increasingly recognize the importance of compliance in AI governance, NIST's AI RMF serves as the cornerstone of a broader compliance roadmap aimed at fostering trusted AI practices. This roadmap encourages organizations to integrate risk management into their organizational culture and operational frameworks.

• To facilitate compliance, NIST emphasizes the significance of establishing clear policies, roles, and communication channels within organizations, thereby promoting a culture of ethical AI use. This structured approach not only aids in ensuring alignment with regulatory expectations but also enhances stakeholder trust and organizational resilience in navigating the complex AI landscape.

5. Emerging Integration and Future Directions

• 5-1. Benefits of AI deployment platforms

• As organizations look towards the future, the adoption of AI deployment platforms is expected to significantly enhance operational efficiency and innovation. These platforms are designed to streamline the integration of AI technologies into business ecosystems, minimizing the time and effort required to move from concept to full-scale deployment. The expected move towards automated model updates and user-friendly interfaces is likely to empower teams across various technical backgrounds, facilitating broader participation in AI-driven initiatives. Furthermore, these platforms promise to reduce operational costs while allowing resources to be allocated towards more strategic objectives, fostering an environment ripe for innovation.

• 5-2. Board-level trust risk in tech innovation

• The rising complexity of technology, particularly with the emergence of quantum computing and AI, has resulted in trust becoming a pivotal board-level risk. In this dynamic landscape, organizational leadership must now ensure that systems protecting sensitive data remain robust and resilient. Businesses are expected to articulate how they safeguard data access and the strategies they will employ to maintain security as threats evolve. With quantum advancements poised to disrupt current encryption methods, it's vital for organizations to proactively assess their existing controls and prepare for a future where data integrity is increasingly vulnerable.

• 5-3. Converging AI and quantum security strategies

• The intersection of AI and quantum security presents unique opportunities and challenges that organizations must navigate as they plan for the future. It is anticipated that security strategies will increasingly integrate AI-powered solutions to fortify defenses against quantum threats. This convergence will likely result in the development of more sophisticated quantum-safe cryptography techniques, which will be essential in protecting data as quantum computing capabilities advance. Furthermore, organizations are expected to prepare for potential quantum vulnerabilities by enhancing their existing AI frameworks and employing proactive measures that anticipate future risks.

• 5-4. Roadmap for next-gen secure architectures

• Looking ahead, enterprises are encouraged to formulate roadmaps for the development of next-generation secure architectures that account for the dual challenges posed by AI and quantum computing. This roadmap will likely include implementing quantum-safe encryption, developing standardized post-quantum cryptography algorithms, and embedding secure-by-design principles into AI lifecycles. Organizations must prioritize cross-sector collaboration and the sharing of best practices to cultivate resilience against evolving threats. A proactive approach will be essential, as the permanence of deployed systems requires an ongoing commitment to security that can adapt to future technological landscapes.

Conclusion

• In conclusion, the intersection of AI and quantum computing heralds a new era of security challenges and opportunities that demand a comprehensive and integrated response. As organizations rush to accelerate post-quantum migrations and adopt quantum-safe encryption, they must ensure that standardized PQC algorithms are not merely implemented but are ingrained within the development lifecycle. This requires embedding secure-by-design principles and zero-trust models into existing frameworks, fostering a culture of risk management that prioritizes both innovation and security. Governance bodies, such as the Agentic AI Foundation and NIST’s AI RMF, are instrumental in establishing essential guidelines and best practices; however, it is incumbent upon organizational leadership to elevate issues of trust and compliance to the highest levels of decision-making.

• Looking forward, the pathway to robust security against evolving threats will rely on ongoing cross-sector collaboration and continual refinement of established frameworks to address both the present landscape and emergent challenges. Investment in integrated AI-quantum platforms will be critical, enabling organizations to remain adaptive and resilient. As the technological landscape continues to evolve, organizations must commit to proactive strategies that not only safeguard against existing vulnerabilities but also anticipate and mitigate future risks. Only through such strategic foresight can organizations ensure the integrity of their systems and maintain trust among stakeholders in an increasingly complex digital world.

Glossary

• AI Security: AI security refers to the practices and technologies designed to protect artificial intelligence systems from threats and vulnerabilities. As organizations integrate AI into their operations, ensuring the security of AI-based applications becomes essential to prevent data breaches, unauthorized access, and manipulation of AI outputs.

• Post-Quantum Cryptography (PQC): Post-quantum cryptography comprises cryptographic algorithms designed to be secure against the potential capabilities of quantum computers. These algorithms aim to protect sensitive information as quantum computing technology advances, making traditional cryptographic techniques vulnerable to attack.

• Quantum Key Distribution (QKD): Quantum Key Distribution is a method of secure communication that utilizes quantum mechanics to securely share cryptographic keys. It enables the detection of eavesdropping attempts, ensuring that the keys used for encryption and decryption remain confidential and secure against interception.

• Secure by Design: Secure by Design is a principle that integrates security considerations into the entire development lifecycle of a system. Instead of applying security measures as an afterthought, this approach ensures that systems are built with security in mind from the outset, thereby minimizing vulnerabilities.

• Zero Trust: Zero Trust is a security model that assumes that threats could be internal or external and therefore requires verification from everyone trying to access resources within a system. This principle emphasizes strict authentication and authorization for every user and device regardless of their location.

• NIST AI Risk Management Framework (AI RMF): The NIST AI Risk Management Framework is a voluntary guideline developed by the National Institute of Standards and Technology to help organizations identify, evaluate, and manage risks associated with AI systems. Its functions include governance, mapping, measurement, and management of AI risks throughout the system's lifecycle.

• Agentic AI: Agentic AI refers to autonomous systems capable of making decisions and taking actions without human intervention. These systems pose unique security vulnerabilities due to their advanced capabilities and complexities, requiring specialized security frameworks to address potential risks.

• Quantum-safe Encryption: Quantum-safe encryption refers to encryption methods designed to protect data against the potential threats posed by quantum computing. These methods use algorithms that are resistant to attacks from quantum-enabled adversaries, ensuring long-term security for sensitive information.

• Hardware Extensions for PQC: Hardware extensions for post-quantum cryptography are physical enhancements designed to support new quantum-resistant cryptographic algorithms. These extensions aim to ensure that existing cryptographic infrastructures can seamlessly accommodate advancements in PQC technology.

• AI Governance: AI governance encompasses the frameworks, policies, and processes that govern the ethical and responsible use of AI technologies. It aims to ensure transparency, accountability, and compliance while addressing the risks associated with AI deployment and operations.

• Blockchain Security: Blockchain security involves the measures and protocols used to protect blockchain-based systems from attacks, fraud, and vulnerabilities. As blockchain technology gains traction, implementing effective security measures is essential to maintain the integrity and trustworthiness of decentralized networks.

Source Documents

• PDF Quantum networking technologies - The National Cyber Security Centrehttps://www.ncsc.gov.uk/pdfs/whitepaper/quantum-security-technologies.pdf
• Winning the AI Race Starts with the Right Security Platformhttps://www.paloaltonetworks.com/blog/2025/12/winning-ai-race-starts-with-right-security-platform/
• PDF Future of Cybersecurity: Leadership Needed to Fully Define Quantum ...https://www.gao.gov/assets/gao-25-107703.pdf
• PDF M-23-02https://www.whitehouse.gov/wp-content/uploads/2022/11/M-23-02-M-Memo-on-Migrating-to-Post-Quantum-Cryptography.pdf
• Global Trustnet Advances Quantum-Safe Encryption Layer as Blockchain Security Threats Evolvehttps://www.bitcoininsider.org/article/294650/global-trustnet-advances-quantum-safe-encryption-layer-blockchain-security-threats
• Autocrypt Launches PKI Solution Supporting NIST’s ML-DSA Algorithmhttps://quantumzeitgeist.com/autocrypt-pki-ml-dsa-pki-solution/
• Emerging Trends in AI for Risk Management | Carahsofthttps://www.carahsoft.com/blog/onspring-emerging-trends-in-ai-for-risk-management-blog-2025/
• Tools and Technologies for Secure by Design AI Systems - Palo Alto Networks Bloghttps://www.paloaltonetworks.com/blog/network-security/tools-and-technologies-for-secure-by-design-ai-systems/
• Infosecurity Magazinehttps://www.infosecurity-magazine.com/blogs/securing-ai-for-cyber-resilience/
• NVIDIA research shows how agentic AI fails under attack - Help Net Securityhttps://www.helpnetsecurity.com/2025/12/08/nvidia-agentic-ai-security-framework/
• Advancements in Post-Quantum Cryptography (2023-2025): What You Need to Know - Silicon Trusthttps://silicontrust.org/advancements-in-post-quantum-cryptography-2023-2025-what-you-need-to-know/
• PQCUARK: A Scalar RISC-V ISA Extension for ML-KEM and ML-DSAhttps://eprint.iacr.org/2025/2178
• How to Streamline Zero Trust Using the Shared Signals Frameworkhttps://thehackernews.com/2025/12/how-to-streamline-zero-trust-using.html
• OpenAI, Anthropic, and Block join new Linux Foundation effort to standardize the AI agent era | TechCrunchhttps://techcrunch.com/2025/12/09/openai-anthropic-and-block-join-new-linux-foundation-effort-to-standardize-the-ai-agent-era/
• The Benefits of Using AI Deployment Platforms for Businesseshttps://www.noobpreneur.com/2025/12/10/the-benefits-of-using-ai-deployment-platforms-for-businesses/
• Why trust is now a board-level risk - CEOWORLD magazinehttps://ceoworld.biz/2025/12/06/why-trust-is-now-a-board-level-risk/
• NIST Artificial Intelligence Risk Management Frameworkhttps://the-ai-alliance.github.io/trust-safety-user-guide/exploring/nist-risk-framework/
• Nist ai risk management framework | Roadmap to Compliancehttps://blog.rsisecurity.com/nist-ai-risk-management-framework-guide/
• AI Risk Management Frameworkhttps://www.nist.gov/itl/ai-risk-management-framework