← Back to Blog
Post-Quantum CryptographyAgentic AIFinancial ServicesCybersecurityCloud Security

Post-Quantum Security Isn't a Someday Topic for Banks - It's a Today Topic

Notes from a workshop on harvest-now-decrypt-later threats and AI's expanding attack surface

Annie An Dongmei·January 2025·4 min read
No alternative text description for this image

🔐 Quantum computing isn't a "someday" topic for banks. It's a today topic. Yesterday I spent the day on post-quantum security with a bank and Jonathan Jenkyn. One idea reframed the room.

The Threat: Harvest Now, Decrypt Later

"Harvest now, decrypt later" - attackers can capture your encrypted data today and crack it once quantum hardware matures.

For a bank, that means account records, transactions, and customer data that must stay private for decades. The data you're encrypting today could be exposed tomorrow - or five years from now - when quantum computers reach maturity.

The clock has already started ticking. ⏳

It's a Today Topic, Not a 2030 One

Your longest-lived data is your most exposed. If you're a financial institution holding records that must remain confidential for 20, 30, or 50 years, the threat window opened the moment that data was encrypted with today's algorithms.

Post-quantum readiness isn't a future-year project. It's a planning priority for 2025 and 2026.

Your AI Footprint Just Widened the Surface

Every LLM and agentic AI workflow moves sensitive data across the wire - prompts, RAG pipelines, agents calling tools and APIs. 🤖

Post-quantum readiness and your AI roadmap are woven into each other. As you scale GenAI and agentic systems, you're expanding the attack surface for harvest-now-decrypt-later threats. The two conversations need to happen in the same room.

Know Your Shared Responsibility

AWS uses ML-KEM (the new NIST standard) in a hybrid handshake - already live in KMS, ACM, and Secrets Manager. ✅

Some protections are automatic; others need you to update TLS clients and SDKs. Start with a crypto inventory 🔍 - you can't migrate what you can't see.

🔹 Identify your longest-lived data - what must stay private for decades?
🔹 Map your AI data flows - where do prompts, embeddings, and tool calls travel?
🔹 Audit your cryptographic dependencies - which libraries, SDKs, and services need updates?
🔹 Plan your migration timeline - hybrid approaches let you transition without ripping and replacing.

You can read more in the AWS post-quantum cryptography overview.

The Planning Starts Today

🙏 Grateful to the bank's security and engineering team for the sharp questions and discussions. This is a multi-year journey - but the planning starts today.

The teams starting now will be the calm ones when the timeline tightens. 🚀

Is post-quantum readiness on your 2026 security and AI roadmap yet? I'd love to hear where you are in the journey.

#AlwaysDay1 #PostQuantumCryptography #AgenticAI #CyberSecurity #FinancialServices #CloudSecurity #AISecurity

The views and opinions expressed in this post are my own and do not necessarily reflect those of my employer or any organisation I am affiliated with.