The Entropy Podcast

When AI, Crypto, and Quantum Collide with Dinesh Nagarajan

Francis Gorman Season 2 Episode 25

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 35:24

In this episode, Francis Gorman speaks with Dinesh Nagarajan, Global Partner with IBM Consulting Cybersecurity Services and IBM’s global lead for data and AI security and quantum-safe security, about the collision of three major enterprise shifts: AI adoption, cryptographic modernisation, and post-quantum readiness. Dinesh argues that AI will likely be the most consequential transformation because securing AI at enterprise scale depends on trust, and that trust ultimately depends on cryptography. 

The conversation explores why many organisations still treat AI security, cryptography, and quantum readiness as separate programmes, even though they are becoming deeply interconnected. Dinesh explains that AI has captured attention from the boardroom to engineering teams in a way few previous technology waves have, which gives it momentum, budget, and organisational visibility. But that same momentum creates risk if security, cryptographic resilience, and post-quantum planning are not built into transformation programmes early. 

The discussion then moves into sovereign AI, geopolitical dependency, and the enterprise risk of building core workflows on platforms that may become unavailable due to political, regulatory, or commercial decisions. Dinesh frames this as a strategic consideration for businesses, especially when AI tools become central to software development, automation, and competitive advantage. 

The second half of the episode focuses on post-quantum cryptography. Dinesh outlines how organisations should approach quantum readiness: start with awareness, assess exposure from the board level down, establish a centralised programme or centre of excellence, and embed post-quantum requirements into procurement, legal, supply chain, architecture, and existing digital transformation initiatives. His core message is that PQC is not a one-off technical remediation exercise; it is a multi-year business transformation that must be governed as a strategic risk. 

Key takeaways

  1. AI security is becoming a cryptography problem
    AI at enterprise scale requires mechanisms to validate, verify, and trust agents, applications, and workflows. That trust layer depends on cryptography. 
  2. AI, crypto modernisation, and quantum readiness cannot stay separate
    Many organisations currently treat them as three different programmes, but Dinesh expects them to converge quickly as AI infrastructure becomes dependent on cryptographic trust. 
  3. AI has unusual organisational momentum
    Unlike previous technology waves, AI has captured attention from the C-suite down to engineers. That visibility can help fund and accelerate security work, including parts of the post-quantum journey. 
  4. Sovereign AI is becoming a serious boardroom issue
    Enterprises need to consider what happens when a critical AI platform is restricted, withdrawn, or affected by geopolitical decisions. 
  5. Quantum readiness is not just an IT issue
    PQC affects contracts, procurement, suppliers, cloud strategy, infrastructure, applications, data, and long-term transformation plans. 
  6. Boards need business-risk language, not cryptography language
    Dinesh’s recommendation is to frame quantum exposure as strategic risk: revenue disruption, transformation risk, cost escalation, technical debt, and operational fragility. 
  7. The first move is not scanning; it is understanding exposure
    Crypto inventory matters, but Dinesh argues the starting point should be a top-down view of how exposed the business model is to quantum-related disruption. 
  8. A centralised PQC capability is essential
    Organisations need a programme team or centre of excellence that can create awareness, set direction, advise functions, and coordinate action across the enterprise. 
  9. Existing transformation programmes should pay the “quantum tax”
    Rather than spinning up everything from scratch, organisations should embed PQC requirements into cloud migrations, digital modernisation, procurement cycles, and supplier renewals. 
  10. PQC is a five-to-six-year journey for many enterprises
    Dinesh describes quantum readiness as a long-running transformation, not a vulnerability patching exercise. 

Soundbites

These are polished for promotion and clips rather than strict verbatim transcript pulls.

“AI security is ultimately a trust problem and trust still comes back to cryptography.”

“The organisations that treat AI, crypto, and quantum as separate programmes are going to feel the collision later.”

“AI has done something unusual: it has captured the imagination of the boardroom and the engineer at the same time.”

“If every employee is going to use AI, then cryptography has to scale to that same level of adoption.”

“Post-quantum readiness is not a technology change. It is a business transformation.”

“The board does not need a lecture on algorithms. It needs to understand exposure, disruption, and strategic risk.”