Witnesses at a House subcommittee hearing on cybersecurity urged lawmakers to accelerate the development of cybersecurity policies, warning that existing defenses, regulations, and procurement timelines are being overtaken by rapid advancements in artificial intelligence (AI) and quantum computing. During a hearing on December 17 before the House Homeland Security Committee’s Subcommittee on Cybersecurity and Infrastructure Protection, industry experts presented a stark view of an evolving cyber landscape driven by these technologies.
Michael Coates, founding partner of cybersecurity venture capital firm Seven Hill Ventures, emphasized that “AI and quantum are not creating new threats; they are collapsing the time, cost, and skill required to conduct cyber operations.” He explained that advancements in AI enable a broader spectrum of adversaries—from state-backed actors to smaller criminal groups—to carry out sophisticated cyber operations that previously required extensive resources. Coates highlighted that AI-driven orchestration allows attackers to automate the entire lifecycle of a cyberattack, including reconnaissance, vulnerability discovery, exploitation, lateral movement, and data exfiltration, all with minimal human oversight.
“Autonomous AI systems are already matching or exceeding the performance of highly skilled professional testers,” Coates told the committee, warning that this shift has significantly reduced the time defenders have to respond to attacks. “Defenders are increasingly responding to attacks that are already well underway,” he noted, underscoring the urgency for legislative action.
Building on Coates’ testimony, Logan Graham, head of the Frontier Red Team at Anthropic, described the first documented autonomous cyberespionage campaign employing AI. In this campaign, a state-sponsored actor automated 80% to 90% of the operation, using human oversight only at critical decision points. “A sophisticated, well-resourced threat actor was able to extract meaningful operational value from frontier AI models,” Graham said, adding that while current AI-enabled attacks still require some human guidance, these limitations are expected to diminish.
He warned that this development is an early indication of a future where AI models could facilitate cyberattacks on an unprecedented scale. This concern was echoed by Royal Hansen, vice president of Privacy, Safety, and Security Engineering at Google, who discussed how organizations can defend against these rapidly evolving AI threats. Hansen stated, “Securing artificial intelligence requires protecting the entire ecosystem, including data, infrastructure, applications, and models,” outlining a comprehensive framework that includes secure-by-design engineering, threat detection, automated defenses, continuous testing, and real-world risk assessments.
Hansen noted that adversaries are moving beyond basic productivity uses of AI and starting to experiment with AI-enabled attacks in real-time operations. These include malware capable of generating malicious code on demand, obfuscating itself to evade detection, and dynamically altering behavior during execution.
The Quantum Problem
Eddy Zervigon, CEO of quantum-technology and data security firm Quantum XChange, addressed the emerging threats posed by quantum computing in conjunction with AI. He cautioned that adversaries are already collecting encrypted data with the expectation that future quantum computers will be able to decrypt it, potentially exposing sensitive government and commercial information. Zervigon remarked, “For more than 50 years, encryption has safeguarded our data, allowing a ‘set it and forget it’ mindset. That era is now ending with quantum computing.”
He called for federal agencies to adopt an architectural approach to cybersecurity that strengthens underlying network infrastructure rather than relying solely on new cryptographic algorithms. “Timing here is critical. Agencies that fail to prepare today risk leaving their data vulnerable,” Zervigon stated, urging Congress to hasten post-quantum compliance timelines, allocate necessary funding, and encourage adoption across federal systems to bolster national cybersecurity.
As lawmakers consider how best to address these evolving threats, the urgency for a coordinated government-industry response has never been clearer. The intersection of AI and quantum computing presents both unprecedented challenges and potential vulnerabilities, necessitating immediate and comprehensive action to safeguard national security and protect sensitive data.
See also
General Dynamics Secures $285M Contract for Virginia Cybersecurity Services
Chinese Hackers Use AI to Automate Attacks, Target 30+ Entities, Warns Anthropic
Gopher Security Unveils AI-Driven Anomaly Detection for Post-Quantum Systems
Russian Defense Firms Targeted by AI-Driven Cyber Espionage Group Paper Werewolf
US House Subcommittees Address AI and Quantum Computing’s Cybersecurity Risks
