Brief IA

Utimaco Warns of Quantum Threats to AI Security

⚖️ Regulation & Ethics·Tom Levy·

Utimaco Warns of Quantum Threats to AI Security

Utimaco Warns of Quantum Threats to AI Security
Key Takeaways
1Utimaco emphasizes that security is the main barrier to AI adoption, according to its eBook "AI Quantum Resilience."
2AI systems are vulnerable to training data manipulation and model extraction, threatening intellectual property.
3Current cryptography could be compromised by quantum computing within the next ten years, according to Utimaco.
💡Why it mattersThe security of data and AI models is crucial to prevent potential leaks and losses of intellectual property in the quantum era.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

Security Concerns Surrounding AI According to Utimaco

In an eBook titled “AI Quantum Resilience,” published by the company Utimaco, it is revealed that organizations view security risks as the primary obstacle to the effective adoption of artificial intelligence. This document highlights the challenges related to securing the data that companies use to develop their AI models.

AI derives its value from the data accumulated by organizations, but this data is vulnerable to various security risks. Indeed, building and training models on this data pose additional threats, particularly concerning the protection of intellectual property, which is often jeopardized by techniques such as prompt engineering.

Threat Management and Protocol Adaptation

The authors of the eBook emphasize the need for organizations to manage threats throughout the development and implementation of AI. They also highlight the importance of preparing companies to adapt their security protocols. These adjustments will become crucial if quantum computing-based decryption tools become accessible to cybercriminals.

Utimaco identifies three key areas where threats are particularly concerning:

  • Training data can be tampered with by malicious actors, subtly compromising model outcomes in ways that are difficult to detect.
  • The models themselves are at risk of being extracted or copied, infringing on companies' intellectual property rights.
  • Sensitive data used during training or inference may be exposed to leaks.

The Future Impact of Quantum Computing

According to the report, current public key cryptography could become vulnerable in the next decade, a period during which powerful quantum systems may emerge. Utimaco warns that some organized groups are already collecting encrypted data with the intention of decrypting it once quantum technology becomes available. Long-term sensitive data, such as that used for training models, financial information, or intellectual property, therefore requires protection against future decryption.

The transition to quantum-resistant cryptography will have repercussions on protocols, key management, system interoperability, and performance. This transition will likely take several years. The authors of the report recommend a ‘crypto-agility’ approach, which would allow for changes in cryptographic algorithms without redesigning the underlying systems. This approach relies on hybrid cryptography, combining established algorithms with post-quantum methods, such as those proposed by NIST.

Beyond Cryptography: Trusted Devices

The authors emphasize that cryptography alone is insufficient to cover all possible risks. They advocate for the use of hardware-based trusted devices capable of isolating cryptographic keys and sensitive operations from normal working environments.

For companies developing their own AI tools and processes, it is crucial to extend protection throughout the AI lifecycle, from data ingestion to production inference. Hardware keys can be generated and stored in a secure boundary, allowing for the verification of model integrity before deployment and protecting sensitive data during inference.

Hardware Enclaves and Key Management

Hardware-based enclaves isolate workloads, preventing even system administrators from accessing data being processed. Hardware modules can verify that the data enclave is in a trusted state before releasing keys, through an external attestation process. This helps create a ‘chain of trust’ from hardware to application.

Hardware-based key management produces tamper-resistant logs covering access and operations, to support compliance frameworks such as the EU AI Act.

Anticipating Future Risks

The inherent risks of AI systems are well-known and often exploited. However, the risk associated with quantum computing's ability to decrypt currently secure data is less immediate. Nonetheless, Utimaco emphasizes that the implications of this threat should influence current decisions regarding data and infrastructure. It is recommended to strengthen controls throughout the AI development and deployment lifecycle, introduce ‘crypto-agility’ to facilitate the transition to post-quantum security, and establish hardware-based trust mechanisms to protect high-value assets.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.