By Lisa Lambert and Michele Mosca
This article first appeared in The Hill Times with the title “Security delayed is security denied.”
Ensuring Canada is cyber-resilient in the face of converging threats is a nation-building mission essential to our economic prosperity, national security, and global credibility
The Government of Canada’s new AI Strategy Task Force has an urgent job: to shape how artificial intelligence serves Canadians’ interests and values. Its success will depend on a single, often overlooked factor: security.
Cybersecurity can no longer be an afterthought in digital policy, but the foundation on which trust, reliability, and safety are built. That foundation is being tested in ways few governments or companies are prepared for. As AI becomes more autonomous and quantum computing moves toward maturity, the balance between protection and exposure is shifting faster than our policies are evolving.
AI and the rise of agentic AI is transforming the cyber-threat landscape by making attacks faster and harder to detect. These autonomous tools can scan for vulnerabilities, exploit them, and move through connected systems in seconds without human oversight. Combined with deepfakes and automated disinformation, agentic AI gives adversaries the power to overwhelm defences and manipulate information before humans can respond.
Quantum computing adds a second, equally existential risk, advancing faster than most realize. Unlike AI, quantum marks the rise of a new technological platform disrupting the digital backbone on which global economies, communications, and security systems rely. For decades, cybersecurity has depended on encryption standards such as RSA-2048, which would take a conventional computer roughly 300 trillion years to break. Google scientists estimate that a million-qubit quantum computer could do it in a week.
That kind of machine is no longer science fiction. The arrival of cryptographically relevant quantum computers may be much closer than many assume, with developer roadmaps converging on the 2030s, and some sooner. Even before they arrive, data is already at risk. Adversaries are engaging in “harvest now, decrypt later” tactics, stealing encrypted information today knowing they will unlock it later.
Combined, AI and quantum raise the likelihood of strategic surprise: an unexpected and potentially catastrophic breach or collapse of trust in the systems that power our economy and national security.
Governments and standards bodies are alert to this. The U.S. National Institute of Standards and Technology issued the first post-quantum encryption standards in 2024. The Government of Canada and the EU have accelerated their own timelines to migrate to quantum-safe cryptography, with key milestones set for 2026. Yet those deadlines apply only to government systems. Industry must move quickly to avoid becoming the weakest link. Companies must build cryptographic resilience: the capacity to evolve and adapt as threats change. The old “set it and forget it” approach to cybersecurity is over.
The AI Strategy Task Force must treat this intersection of AI and quantum computing as central to Canada’s digital future. Every recommendation on AI infrastructure, ethics, data governance, or innovation should begin with a single question:
Is it secure against the threats we can see — and the ones we know are coming?
Ensuring Canada is cyber-resilient in the face of converging threats is a nation-building mission essential to our economic prosperity, national security, and global credibility. It should be a pillar of Canada’s emerging Defence Industrial Strategy.
Cybersecurity and quantum readiness are competitive advantages to be cultivated. Both nations and companies that can guarantee data integrity and system reliability will dominate markets increasingly defined by trust.
Canada is uniquely positioned to lead, as one of the few countries with world-class strengths in AI, quantum, and cybersecurity, and a network of homegrown companies developing leading quantum-secure solutions. If we align these strengths, we can protect our infrastructure and export secure, interoperable technologies to allies who share our values.
Ottawa can start by embedding security and trust into policy across all of government as default features, not afterthoughts. That means integrating quantum-safe and cyber-resilient requirements into major infrastructure and procurement projects, buying made-in-Canada solutions wherever possible, and expanding training to build the workforce needed to secure and govern these systems.
Businesses shouldn’t wait for regulation. They can begin migrations now, pressing vendors to identify vulnerabilities, strengthening “defence-in-depth,” and ensuring the agility to evolve as threats do. Boards should treat this as enterprise risk management, not an IT issue.
The digital era taught us that security delayed is security denied. The convergence of AI and quantum computing compresses timelines and magnifies consequences. Policy cycles that move in years must now respond in months.
These technologies demand foresight, speed, and unity of purpose. Canada has the expertise and credibility to lead, but only if we act with the same urgency our adversaries do. The task before us isn’t just to keep pace, but to set the pace for the secure systems that will define this century.
Lisa Lambert is the CEO of Quantum Industry Canada (QIC).
Dr. Michele Mosca is a Co-founder, President and CEO of evolutionQ, a founding member of QIC.
