The video features Glenn Schmitz, former CISO of Virginia, discussing how organizations must proactively address the cybersecurity risks posed by agentic AI and quantum computing, including data breaches and the future threat to current cryptographic systems. He emphasizes the need for strong governance, cross-functional oversight, and early adoption of quantum-safe practices to maintain trust and prevent costly security incidents.
The video features a discussion between Jeff and Glenn Schmitz, a former Chief Information Security Officer (CISO) for the state of Virginia, focusing on the cybersecurity challenges posed by two major technological trends: agentic AI and quantum computing. Both technologies promise to revolutionize industries but also introduce significant security risks that organizations must proactively address. Glenn emphasizes that, especially in government, maintaining public trust by safeguarding sensitive data is paramount, but the lessons discussed are equally applicable to the private sector.
When it comes to agentic AI—AI systems capable of autonomously achieving objectives—key risks include data breaches involving personally identifiable information (PII), personal health information (PHI), and intellectual property. Glenn highlights the importance of ensuring that AI operates ethically and that its decision-making processes are explainable, not opaque “black boxes.” Just as with human employees, organizations must ensure AI agents adhere to ethical standards and that their actions can be understood and audited.
Quantum computing, while offering transformative capabilities such as advanced modeling and drug discovery, poses a unique threat to cybersecurity. The primary concern is that quantum computers will eventually be able to break current cryptographic systems, jeopardizing the confidentiality and integrity of sensitive data. Glenn points out that adversaries can already harvest encrypted data now and decrypt it later when quantum capabilities mature, making it urgent to address these risks even before quantum computers become mainstream.
To prepare for these challenges, Glenn describes the steps his organization is taking. For AI, they have established an oversight committee that includes not just technologists but representatives from across the organization to ensure comprehensive governance, risk management, and compliance. For quantum threats, they have formed a task force to inventory all cryptographic assets (a “cryptographic bill of materials”), assess risks, and prioritize which systems need to be upgraded to quantum-safe algorithms first. Vendor management is also crucial, as third-party suppliers must also adopt post-quantum cryptography to ensure end-to-end security.
In conclusion, Glenn advises CISOs to be proactive and get ahead of these emerging threats rather than reacting after the fact. He stresses the importance of translating technical risks into business terms for organizational leaders to secure necessary resources, and of training both leadership and staff to understand and support new security measures. Ultimately, he underscores that prevention is far less costly than remediation, and that the principles discussed apply not only to government but to any organization facing the dual challenges of AI and quantum computing.