At the identical time, corporations must strengthen the safety of their AI models and data to scale back exposure to manipulation from AI-enabled malware. Such risks could include, as an illustration, prompt injections, where a malicious user crafts a prompt to govern an AI model into performing unintended actions, bypassing its original instructions and safeguards.
Agentic AI further ups the ante, with hackers in a position to use AI agents to automate attacks and make tactical decisions without constant human oversight. “Agentic AI has the potential to collapse the fee of the kill chain,” says Bailey. “Meaning on a regular basis cybercriminals could start executing campaigns that today only well-funded espionage operations can afford.”
Organizations, in turn, are exploring how AI agents may help them stay ahead. Nearly 40% of corporations expect agentic AI to enhance or assist teams over the subsequent 12 months, especially in cybersecurity, based on Cisco’s 2025 AI Readiness Index. Use cases include AI agents trained on telemetry, which might discover anomalies or signals from machine data too disparate and unstructured to be deciphered by humans.
Calculating the quantum threat
As many cybersecurity teams give attention to the very real AI-driven threat, quantum is waiting on the sidelines. Almost three-quarters (73%) of US organizations surveyed by KPMG say they consider it is just a matter of time before cybercriminals are using quantum to decrypt and disrupt today’s cybersecurity protocols. And yet, the bulk (81%) also admit they may do more to make sure that their data stays secure.
Firms are right to be concerned. Threat actors are already carrying out harvest now, decrypt later attacks, stockpiling sensitive encrypted data to crack once quantum technology matures. Examples include state-sponsored actors intercepting government communications and cybercriminal networks storing encrypted web traffic or financial records.
Large technology corporations are among the many first to roll out quantum defenses. For instance, Apple is using cryptography protocol PQ3 to defend against harvest now, decrypt later attacks on its iMessage platform. Google is testing post-quantum cryptography (PQC)—which is immune to attacks from each quantum and classical computers—in its Chrome browser. And Cisco “has made significant investments in quantum-proofing our software and infrastructure,” says Bailey. “You’ll see more enterprises and governments taking similar steps over the subsequent 18 to 24 months,” he adds.
As regulations just like the US Quantum Computing Cybersecurity Preparedness Act lay out requirements for mitigating against quantum threats, including standardized PQC algorithms by the National Institute of Standards and Technology, a wider range of organizations will start preparing their very own quantum defenses.
For organizations starting that journey, Bailey outlines two key actions. First, establish visibility. “Understand what data you’ve and where it lives,” he says. “Take inventory, assess sensitivity, and review your encryption keys, rotating out any which can be weak or outdated.”
