Beyond The Hype: AI, Quantum, and Blockchain with Marin Ivezic

Show Notes

In this episode, Marin Ivezic , founder and CEO of Applied Quantum, discusses the implications of quantum technologies, particularly the potential threats posed by quantum computers to current cryptographic systems. He emphasizes the urgency for organizations to prepare for these threats through crypto agility and highlights the challenges of cryptographic procrastination. The conversation also explores the current state of artificial intelligence, its overhyped applications, and the risks of AI-driven disinformation. Finally, Marin shares insights on the evolving landscape of financial systems and the role of blockchain technology.

Takeaways

• Q-Day refers to the day quantum computers can break current cryptography.
• Current dependence on cryptography makes the quantum threat significant.
• We are not close to a quantum apocalypse yet.
• Nation-states are likely harvesting data for future decryption.
• Organizations need to prepare for quantum threats by 2030.
• Crypto agility is essential for transitioning to quantum-safe cryptography.
• Cryptographic procrastination is a challenge for decision-makers.
• AI is powerful but faces obstacles in the West.
• China's strategic approach to AI may give it an edge.
• AI-driven disinformation poses a significant risk to society.

Sound Bites

• "Cryptographic procrastination is a real issue."
• "China is much more strategic in AI deployment."
• "AI allows scams to scale exponentially."

Transcript

Francis Gorman (00:02.142)
Hi, everyone. Welcome to the Entry podcast. I'm your host, Francis Gorman. If you're enjoying our content, please take a moment to follow and like the show wherever you get your podcasts from. Today's guest, Marin Ivezic, is the founder and CEO of Applied Quantum, the first global consultancy dedicated entirely to quantum technologies, covering everything from computing and communications to commercialization and quantum resilience. He also invests in quantum ventures through quantum partners, is completing a PhD in quantum computing, and is the author of the upcoming book

practical quantum resistance. With over three decades in technology and cybersecurity, including senior leadership roles at IBM, Accenture, PwC, and KPMG, has helped organizations worldwide adopt emerging technologies while safeguarding critical infrastructures. His work spans early AI security research, blockchain, and cryptography. And now he has a deep focus on quantum threats and opportunities. Marin, it's an absolute pleasure to have you with me here today.

Marin Ivezic (00:59.672)
Francis, thank you for the very nice intro. Really love your podcast. I'm honored that you invited me here. So thank you.

Francis Gorman (01:09.115)
It's great to have you, Marin. I think after that intro, I've bigged you up now, so we'll have to get into the meat and gravy of the topics. what I want to talk about is I hear a lot of people talking that quantum computers will break the internet, and then they tune out because it sounds an abstract theorem. So I think the question is, how would you explain Q-Day in a way that would make non-technical CEOs or even your neighbors suddenly care about

Marin Ivezic (01:29.901)
Ha ha.

Francis Gorman (01:38.837)
what quantum means for the future of technology.

Marin Ivezic (01:42.58)
there's lots of noise about the Q-Day and quantum threat, isn't it? Well, simply speaking, Q-Day or quantum computers or what we call CRQC, cryptographically relevant quantum computers, are those quantum computers, which we don't have yet and we will have it in some time in the future, that are powerful enough to break our current

cryptography, which means that with the use of quantum computers, in theory, an attacker could log into your email, log into your bank account, transfer your money, decrypt anything. What maybe the general public doesn't quite fully appreciate is how much we depend on the current cryptography.

Everything that we do online, the internet, on mobile phones, everything is encrypted in various ways. Our communication is protected to an extent, bank accounts and so on. And even our critical infrastructure, the communications that tell big systems that control our utilities or power distribution or water or similar.

the commands sent to them are also encrypted and potentially could be broken by quantum computers. So the threat is significant because of our current dependence on the existing cryptography. But then again, just to make it clear to the listeners that might not be in this field, we are far away from that kind of

An apocalypse happening. We are preparing now, but it's nowhere close to any real impacts from quantum computers just yet.

Francis Gorman (03:44.553)
And I suppose on that point, and I've talked about this quite a bit in terms of the potential for a quantum cold war in the terms of Harvest Now decrypt later. Do you believe that we have nation states actively looking to steal or harvest data now so that they can break it into the future? Or do you believe that is another sense of fear mongering across the community? What's your take there?

Marin Ivezic (04:10.392)
Well, it's not really whether I believe it's whether we trust all of the different national security agencies and most of them have issued warnings about HarvestNow decrypt later or about adversaries currently trying to collect as much of a sensitive data as they could with the idea of decrypting it in five or 10 years whenever they get hold of quantum computers.

So I believe that the threat is real. Personally, I can't vouch one way or another, but I do trust when, you know, when every developed nation starts raising it to their critical infrastructure and to their government, this particular risk, we have to take it seriously.

Francis Gorman (04:58.951)
I that's very true. And when I look at it, I know we're about a decade away from a quantum viable scenario, but I also understand from working in industry that the complexities of the cryptographic estates in most companies are dense and unknown and the visibility is low and the transparency is low and the understanding and knowledge within certain environments.

is low. So I do think we potentially need 10 years of a head start to get on top of this problem and to start building out the proper structures and capabilities in-house. And a post you wrote on LinkedIn really resonated me. One, I thought it was humorous, but two, I thought it was really factual. And you said yoga for your crypto, the more flexible you are, the less it hurts. Can you talk to me a little bit about crypto agility and how that came to you? I did think that was a

a fascinating line and it also gave a sense of imagery about it that you could adopt to non-technical folk.

Marin Ivezic (06:04.666)
Francis, now you covered several things and I'd like to address all of them if you don't mind very briefly. The first one is about the prediction of the quantum computers or the CRQC, the cryptographically relevant quantum computers. There's lots of noise and lots of discussion about that. And personally,

I think it's five years away. That's my current prediction. But even that prediction is formed on the papers and the experiments that happened really in the last two or three months. So, you know, before that, I would give it a few years more. the industry is changing fast. But on that prediction timeline, I'd like to clarify something I think is important for your listeners.

It doesn't matter anymore. Who cares is it five years or 10 years away. The important thing is that the regulators are coming out with their requirements. There is a regulatory framework, roadmaps and even laws in some jurisdictions that are now demanding organizations to be ready by 2030. Most of them are for the critical systems around 2030 or

completely phase out vulnerable cryptography by 2035 or earlier. So there are regulations. Insurers are either carving out quantum impacts or trying to figure out how to evaluate their clients' quantum readiness. The clients are putting in their third party risk management, vendor management are putting requirements for quantum readiness.

So this theoretical discussion on when it will happen is almost irrelevant right now. The thing is, we now have to get ready for the quantum threat and we have to do it within very defined timelines. You said something else that is really important and I'd like to maybe stress that for the listeners. Quantum readiness projects or programs.

Marin Ivezic (08:25.486)
are going to or already are one of the largest and most complex IT transformation programs that any organization has attempted. Maybe we'll dig a little bit deeper into that later if we go that way. But with that in mind, we come to this concept of crypto agility, which really means that we can now start putting in place technical and

policy and procedural and skill set things in place that would allow us to switch cryptography easier at some point in the future. So the whole crypto agility concept is very important in this particular problem because it allows us to do this replacement of the classical cryptography with a quantum

safe cryptography. But even more, it prepares us for future changes in the cryptography. So when we now migrate from the classical cryptography to a quantum safe, that's not going to be the only migration. We can expect that we'll have to migrate in the coming years a few more times, in which case preparing everything to make that easier for us.

is a good investment in time and effort.

Francis Gorman (09:59.073)
And I think that's very true. when you mentioned the European guidance that high exposures close by 2030 and then everything else by 2035. that's your of your nine-ish year window now, the way things are going. But by the time you get buy-in and get funding and get expertise and all of these things lined up, that's going to be a headache in itself. And I think a lot of people are talking about cryptographic procrastination.

Marin Ivezic (10:25.887)
That's a good expression.

Francis Gorman (10:27.841)
It's the, need to do it, but I'm two years left in the CEO seat or I three years left in as an exec and I'm going somewhere else. So it's going to be some other guy's problem. And I think there's that, there's that struggle that organizations are going to have that the decision to act now may get pushed to the next, to the next person that's in the hot seat. And I think as an industry, the more awareness and

The more simplicity that comes around cryptography and agility and the more regulation and enforcement of regulation, the better for everyone in the long term, because this is a business killer. If you don't get it right up front, it will undermine the integrity and confidentiality of your organization potentially if it comes true. So I think that importance needs to come true strategically within organizations. Marin, you

You're doing a PhD on quantum and you're writing a book. You've a lot on your plate as well as all of your other commitments. there anything that surprised you on that journey that you've discovered in this space? I know it's a bit of an open ended question, is the, know, finally when you go into the weeds and then you start writing, it starts to make juices flow that you may not have known were there or our hypothesis appear that you hadn't thought of before.

Marin Ivezic (11:41.987)
Yeah.

Marin Ivezic (11:51.842)
Francis, how much time do we have? Look, I am currently trying to complete my PhD, but I think what didn't come clear from the introduction is I've been in the quantum computing space for a while.

So as part of my research of the emerging risk threats for the government and defence in 2000 and 2001, I got first exposure to the quantum risk at that time. I tried to build quantum computing companies. I founded Boston Photonics and PQ Defence some time later.

And well, either I wasn't very good at raising money or I was a little bit ahead of time, but that entrepreneurship failed. So I've been in this quantum world for a while and my first degree was in physics.

So the most surprising thing, obviously, for anybody who gets thrown into this world is the actual quantum computing and what does it mean and how the quantum mechanics works. why does it allow us to decrypt something that a classical computer might take billions of years? But we might not have time to dig into that one.

On the more practical side, now that I am working with various clients on their quantum readiness and trying to write a book, which is a very practical hands-on guide on preparing for the quantum threat, I think the biggest surprise for me was what you just stated as a granted, as an easily understood thing. But for me, that...

Marin Ivezic (13:40.618)
resistance to do the right thing or the cryptographic procrastination as you called it is probably the biggest surprise for me. I I've been in cybersecurity indices for quite a while, for almost three decades. And I know that it's hard to get people to move.

There is always that risk fallacy that this is going to happen to somebody else. And it's very hard to motivate some changes in the organization. But when we have this potentially the biggest threat to the organization, and still the people or decision-makers are so inert that they keep postponing it one year to another.

For me, that was probably the most frustrating and the most surprising thing.

But then again, I try to put myself in their shoes. For me, the threat is obvious. For the rest of our industry, I think there is a need for more awareness and more talking about this.

Francis Gorman (14:52.193)
Sure, hopefully forums like this can help. We can bring it to the fore. But it is an interesting problem. When I think back to Y2K and the mobilization that happened in the background to get everything up to a point that it wouldn't break, people widely say, well, it was a non-event, but it was a non-event due to the level of effort that happened in the background. So yeah, interesting times ahead.

Marin Ivezic (15:15.278)
Exactly.

Well, with Y2K we had something, we had a very clear deadline and that kind of that managed to move people into action. With the quantum threat, we keep going back to this discussion for years, for many years on the quantum computers are going to come in 10 years or in 30 years or never or tomorrow.

that the ambiguity around the arrival of quantum threat just complicates these things further or more than it was in the Y2K.

Francis Gorman (15:58.173)
It sure does. it's an interesting dilemma that we will watch unfold like a blockbuster over the next couple of years, I'm sure. Marin, I want to pivot slightly into something else that you're familiar with. it's the it's the area of artificial intelligence. And I'm just going to use that as an encapsulating term for now. When I when I read past the hype, now that we're kind of been in a bubble for a couple of years, I would suspect.

And a lot of POCs have taken off in different industries. The statistics coming out are not mind blowing in terms of improvement. you're seeing McKinsey reporting 80 % of POCs don't scale and, know, Karn Ferry reporting that 70 % of people fear losing their jobs to AI yet, you know, 60 % of AI projects never go anywhere and all of these different kinds of facts that are getting thrown around. And then I look at

the economics that are behind it in terms of venture capitalists pumping money into different startups, et cetera. Is artificial intelligence delivering to the expectations that people set out or are we bought into a bit of a bubble at the moment? Or is it a bit of both? It's delivering in some areas, but not in others. It's overhyped in some sense, but there's a real driver for change in others. And I know this is a complex area and there's

lots of value in certain areas, but if people bought into the wrong things and the wrong applications of artificial intelligence.

Marin Ivezic (17:29.742)
Wow, Francis, okay, you are exploring topics all over the place. Well, I mean, I appreciate you asking me for my opinion, but...

So to give a little bit of a background to you and to the listeners, as part of my focus on the emerging technology risks for last couple of decades, I built labs and I was working in AI risk since early 2000. And about 10 years ago, I wrote a book around predicting how AI is going to impact knowledge economy, knowledge base work and leadership and so on. So I have some...

some involvement in that AI and I have been analyzing how AI might impact our work specifically. But I don't have, I don't know what to say about these latest MIT and McKinsey and similar reports that came out. AI is extremely powerful. What I did see

is huge AI driven changes in China, for example. I've worked there for many years and AI and robotics driven replacement of the labor were massive already a few years ago. So I think that AI could do much more and

At least in the West, have few obstacles in using AI in the best way. And this is now going to sound really wrong and I hope you will give me time or a chance to smooth it out. But I'm afraid that some of these economies like China, where they are investing much more in these emerging technologies, but also have more freedom to...

Marin Ivezic (19:33.332)
implement these emerging technologies, whether it's the AI or any other of these emerging tech, they will achieve bigger effects on the overall economy. But while doing that, they will impact huge number of people negatively. And that's not a good thing. And I think in the West, we try to somehow balance it a little bit better, but we might lose

the edge eventually by trying to find that balance. So really in my book 10 years ago and in my discussions recently I am a big proponent of the UBI universal basic income. I think if we could redeploy the

productivity gains from AI to smooth out the impacts to the labor and to the society. We could have both. We could achieve benefits from AI and we could manage the impacts. And the reason why we don't do it is because, I guess, well, because of capitalism. So I'm looking forward to comments and emails about my common dishing capitalism.

Francis Gorman (20:52.209)
I'd, well, I think I think it's a fair observation. I think I would even simplify it a bit more. I would say China are very focused on where they want to apply artificial intelligence. And the West is very caught up in making it right emails better and bullet point outcome.

Marin Ivezic (21:10.094)
OK, I should have just left, I could have stayed at that level of comment because you are right. There is so many startups which are just a simple wrapper of our chat GPT offering the most basic functionality. That's not what AI should be. We should be looking at how do we embed

AI, not just generative AI, all the other flavors of AI into everything that it could do and it could take away from people. But we should do it in a way that protects the society from the negative impacts of those changes.

Francis Gorman (21:52.735)
And I think there's a lot to unwrap there. When I look at what China is doing, I find it quite impressive. I'm watching AI applied robotics for their change in their own battery packs, dark factories with no lights on because they don't need human workers anymore, autonomous vehicles that can drive on roads because there isn't a human to drive into them on those roads because they're all autonomous vehicles. And the concept of EV talent that's coming in around electric.

vehicle take off and land them because of the grid block that may come into play. So I think when I look at China, they've been quite focused in where they have focused their efforts on the technology. And then when I extrapolated back to kind of European companies that look at it, everyone's caught up in making collaboration smoothed out, you know, to summarize this and to write that and et cetera.

and it's all very sales-based and pitchy. I kind of, when I look at the chat GPT, you know, I'm kind of going to the, is this a good use case or as a recent MIT report pointed out on cognitive behavior, is this making Europeans a little less sharper when it comes to the end point? Cause we're offloading our cognitive load to these things. And I think there's there's probably a point where we need to look at artificial intelligence and go, we need to go past the hype, look at it's,

proper applications at a sector level and industrial level and understand where the value proposition is rather than it's this thing that does stuff for us. But the value proposition really isn't coming through because we haven't thought of what that value proposition is to start with. And, you know, it may be a confrontation or a bad way of looking at it. But when I peel back from what I've seen in the wider industry over the last kind of two years, three years,

Everyone comes with a tool and we can do this thing better without understanding what the value proposition and what the value add is going to be at the end of it.

Marin Ivezic (23:52.598)
I love this discussion, Francis. And yeah, you are right. I think we are a little bit too driven by hype and short-term returns. And again, I don't want to sound like some kind of a China advocate, but they were much more strategic. And if you just look at the discussion today about AI and the energy demands and how our...

the US infrastructure will have to invest over the next couple of decades, huge amounts of money to be able to provide the energy for all the planned AI uses. China has been very strategic in that. China's investment in smart grid and the energy infrastructure over the last few decades means that this is another angle where or how they could take a significant advantage over the West.

So yeah, we are not very strategic in how we decide on where to put AI, how to deploy it. We don't look at the benefits over the next couple of years. We look at the next quarter or maybe within this year. And I'm afraid that we will pay a price for that.

Francis Gorman (25:11.873)
And again, another interested watch item for me over the next couple of years to see how it all ends, but we'll stay tuned there. Marin, you've talked on LinkedIn and your social platforms about AI-driven disinformation, the existential challenges to democracy. What do you see as the underappreciated vector? Is it deepfakes, algorithms, echo chambers, real-time AI alignment? you have a view on what's happening in the disinformation space?

at the moment with artificial intelligence really driving that on steroids I would suggest.

Marin Ivezic (25:48.12)
Francis, thank you so much for doing all this research about my previous writing. AI disinformation, again, is something that if you noticed, I wrote about that almost 10 years ago. Did some research again for the government on that pre-CHED GPT and pre-generative AI. Interestingly enough, even my son got so interested, so he finished his master's on

AI driven disinformation at the King's College. So it was a little bit of a family effort and I spent lots of time in Washington DC and various other places, uh, NATO and NATO aligned countries on trying to help them prepare for what's coming with AI and like quantum, nobody listened to it until it became too late. Um,

Today, as much as I'm or as little as I am still involved in that particular topic, we do see obviously AI driven spearfishing and some of the attempts at better generating traditional cyber security or social engineering attacks. The biggest threat that I see is from the AI's ability to personalize whatever

the attack is happening, whether it's a spear fishing or any other kind of fraud or a deep fake calling of old people to try and defraud them out of their money to rescue their son from, I don't know, from being arrested or whatever other frauds are going on. The AI just allows

all of that to scale exponentially and to be extremely personalized. And you know, you are in cybersecurity, know that vast majority of users are still falling even for the most basic type of scams and Nigerian prints emails and so on. Imagine now when they get a very personalized email or voicemail or phone call or video call.

Marin Ivezic (28:11.387)
from somebody they know, how they don't have the ability to filter this out and to detect that something is wrong.

Francis Gorman (28:23.325)
It's going to be one of those things that gets more powerful. I suspect it's the luring someone into a false perception of reality is its biggest power in the spear fishing and the vision space with.

Marin Ivezic (28:41.742)
Well, I didn't want to go in that direction, but of course the manipulation en masse, which is what we saw even in 2016 US election and so on, that's going to become bigger and scarier. And obviously it's already working in various ways to create division. But that's a completely different set of problems.

Francis Gorman (29:10.049)
It is, and I think I've explored them on this podcast in the past and it's it's a whole, it's a whole other area to get into. Um, Marin, I, I want to, I want to talk a little bit about you've, you've got some experience across blockchain and a post, I think a week or two ago by Professor Bill Buchanan drew my attention kind of into this with a sharp focus and the stuff in America with the genius act that, um, Mr. Trump has signed off, et cetera.

And the post was something to the extent that I think it was either Visa or MasterCard have now adopted stable coins in the background. And this will eradicate the need for Swift and it's going to change the financial system completely. And I kind of thought about it, I actually, I might have a point there. I'm not sure if you've seen any of the kind of shift in the stable kind space that's kind of been subtly happening in the background, but it's been building momentum over, say, the last

eight to 10 months specifically. And if you have a view in terms of what the future financial system may or may not look like, do you think fiat currency will be in some way removed and we'll all end up on some type of blockchain or have you any views in that space at all?

Marin Ivezic (30:26.83)
Okay. Yeah, some great questions. I do have, so the company that I started some time ago, CryptoSec, is focused on the crypto and blockchain security. Obviously I'm back to my quantum entrepreneurial waters, but the CryptoSec still operates in the background. It's doing well and I'm still an owner, part owner.

So I do see a little bit more of what they are working on. And there is definitely a bit of a move towards institutional adoption of crypto and blockchain. So especially over the last year, we see lots of traditional finance organizations adopting crypto in various ways, whether it's a stable coin or just some block consortium blockchain or similar.

So for the crypto community, think things are working, going in the right way. Crypto hedge funds are opening. The ETFs have been approved over the last year and a half. then, know, things are happening for the adoption of cryptocurrencies, which is a good thing. Now, stable coins and whether they would replace

The government issued stable coins. That's more of a political than a technical decision. So central bank digital currency or CBDC is being either issued or experimented on by vast majority of countries by now. I don't know what's the latest statistics, but...

It's the same technology as other cryptocurrencies or a stable coin, but in this case they are under control of the government in the same way as fiat is. So whether the government would allow or relinquish or any government would allow relinquish that control over the monetary system to purely distributed technology.

Marin Ivezic (32:47.212)
That's a political decision and I think it's unlikely or it's unlikely in the short term. It might take many more decades for that to happen. What are most of what we are going to see more likely is adoption of growing adoption of CBDC or the government owned cryptocurrency because that's what

That's what the technology allows, but it still maintains the same regulatory government system.

Francis Gorman (33:19.635)
I again, it's another space to watch. I see China as we're talking about China a lot today. I believe they recently announced their own stable kind as well that's government managed. I think I saw something like that in the last week or two. it's definitely taken up a bit of momentum. But I think as you say, you'd have to get the old institutions to relinquish their control. that might be

Marin Ivezic (33:25.294)
you

Francis Gorman (33:45.397)
Might be easier said than done, technically very feasible, realistically, however, I don't know if that's something that will get an easy pass through.

Marin Ivezic (33:55.166)
Exactly. Your question was about the technology and the technology works and it's proven and I trust cryptography the same way as the professor does. think cryptocurrencies can be made despite all of their previous noise about the crypto fraud and so on. I think they can be made safer and more useful than any other model.

But it becomes really a political decision.

Francis Gorman (34:28.669)
It sure does. Máire, look, it was lovely to have you on. think we're just up on time, but really great information. Lots of insights there and I'm totally enjoyed it.

Marin Ivezic (34:38.84)
Francis, thank you so much for having me on. I enjoy your questions. You definitely challenged some of the things that I've not been working on for a while, but it's always interesting to discuss these huge topics.

Francis Gorman (34:54.155)
was great to have you on. Thanks, Marin.

Marin Ivezic (34:57.134)
Thanks, Francis.