AI systems are becoming infrastructure, and infrastructure attracts attackers. For readers of a quantum-physics learning site, the AI security story is worth following for two reasons: the techniques are conceptually rich, and the field increasingly intersects with quantum technology through cryptography and sensing.

Adversarial inputs and prompt manipulation

Machine-learning models can be steered by inputs crafted to exploit how they generalize - from imperceptibly perturbed images that flip a classifier's answer, to instructions hidden inside content that a language model is asked to process. The defensive theme is the same in both cases: treat model inputs as untrusted data, constrain what the model is allowed to do, and validate outputs before acting on them.

The model supply chain

Modern AI stacks assemble pretrained weights, third-party datasets, open-source libraries, and plugins. Each element is a supply-chain surface: poisoned training data can implant behaviors, and tampered model files can carry executable payloads. Expect the discipline that software supply chains developed - provenance, signing, reproducible builds - to be replayed for models and datasets.

Data leakage and membership inference

Models can memorize fragments of their training data, and attackers can sometimes extract them or infer whether a specific record was used in training. This drives interest in privacy-preserving training techniques such as differential privacy, and in careful separation between public model capability and private data access at inference time.

The quantum intersection: post-quantum cryptography

Where does quantum fit? A sufficiently large fault-tolerant quantum computer running Shor's algorithm would break the public-key cryptography that today protects model APIs, update channels, and data in transit. That machine does not exist yet, but "harvest now, decrypt later" - recording encrypted traffic today to decrypt after quantum computers mature - makes migration urgent for long-lived secrets. Standards bodies have already published post-quantum algorithms, and the migration of TLS and code signing is underway across the industry.

Understanding why Shor's algorithm threatens RSA requires exactly the concepts taught here: superposition, interference, and measurement. Start with the quantum computers explainer and the theory library, and the security headlines become physics you can reason about.

What to watch

  • Standardized evaluations for model robustness, the way penetration testing matured for software.
  • Provenance and signing for model weights and training datasets.
  • Post-quantum cryptography rollouts in browsers, operating systems, and messaging protocols.
  • Quantum key distribution and quantum-safe networking research - covered as it appears in our research news room.
More from the blog Open the interactive lab