New executive order pushes agencies toward quantum-ready AI security

Gettyimages.com/ akinbostanci

Find opportunities — and win them.

EO 14409 sets a high bar for protecting AI models and training data — and agencies can't do it alone; they need help from their vendors, writes Gina Scinta, CTO of Thales Trusted Cyber Technologies.

Earlier this month, the White House issued Executive Order 14409, “Executive Order: Promoting Advanced Artificial Intelligence Innovation and Security” to lay out expectations that agencies at least begin a framework for fulfilling the requirements within 30 days.

That timeline points to the beginning of July. At its heart, EO 14409 carries with it an implicit expectation that important data both at rest and in transit, like what is found in covered frontier models, must be protected through a combination of AI and post quantum cryptography (PQC).

To accomplish the requirements of the executive order, agencies are expected to work closely with the private sector. This is not only to “modernize government and private sector information systems and harden them against external threats,” but also to “cultivate America’s advanced AI-enabled capabilities.”

In what follows, we’ll take a closer look at EO 14409’s requirements and the solutions agencies need to look for from the private sector.

Accelerating responsible AI

EO14409 establishes a federal strategy to accelerate adoption of secure, trustworthy, and responsible artificial intelligence across government agencies and critical infrastructure sectors. It emphasizes the development of AI systems that are safe, auditable, and resilient while ensuring innovation and competitiveness.

The EO directs federal agencies to implement improved safeguards, promote AI modernization efforts, protect sensitive datasets, and develop governance structures for model integrity, provenance, testing, and secure cloud adoption. It elevates requirements for zero-trust architectures, cryptographic assurance, and quantum-resilient modernization aligned with emerging federal cybersecurity and AI risk-management frameworks.

Where this order specifically intersects with data security is in Section 4 titled Protection Against Criminal Actors. The attorney general will be prioritizing the enforcement of federal criminal laws against the use of AI to illegally access a federal computer without authorization, or to use AI for illegal access when committing any other crime. The order says “illegal access” includes breaching public or private information technology systems.

So, there are several aspects of this executive order that are important to understand in the context of cryptography and the protection of data in transit and at rest.

First, it clearly increases demand for high-assurance cryptography for AI systems, and zero-trust access controls for AI data pipelines. It elevates the need for secure cloud and hybrid infrastructure to run AI workloads.

Most importantly from a security perspective, it rightly drives federal agencies toward quantum-ready cryptographic modernization, requiring protection of training data, models, and system credentials.

What agencies need in their arsenal

The clock is ticking. With many requirements of this executive order coming due at the beginning of July, what should agencies be looking for from the vendor community?

Here’s a very brief overview of the requirement areas of EO 1449, along with the expectations the administration has of its agencies:

  • Secure AI Training Data: Encryption, access control, and protection from data poisoning
  • Protect AI Models:  Prevent model theft and ensure controlled access
  • Authentication and Identity: Zero-trust identity for model operators and services
  • Model Integrity and Provenance: Verification of lineage and authenticity
  • Secure Cloud AI Workloads: Compliant secure cloud operations for AI
  • Auditability and Monitoring: Logging and monitoring of AI data and model access
  • Quantum-Ready Modernization: PQC-aligned modernization expectations
  • AI Red-Teaming and Testing: Secure environments for testing and evaluation

Clearly, much of this may be beyond the in-house capabilities of the affected agencies, which is one of the reasons why EO14409 underscores the need for collaboration with the private sector. That said, there are certain capabilities that are must-haves for any vendor providing agencies with the kinds of services required to fulfill the expectations of the order.

If they have not already begun implementation post-quantum cryptography, this order clearly prompts such forward-looking modernization initiatives and hybrid PQC transitions.

Hardware security modules should be gaining the attention of federal agencies. These are among the best solutions to protect AI credentials, signing keys, model integrity, and enforce secure access.

Similarly, data security platforms go a long way to encrypting and governing AI training data and sensitive model outputs. Confidential computing integrations will be essential to protect model inference and training from manipulation or unauthorized access.

We are seeing an increasing confluence of the disrupting technologies of AI and post-quantum cryptography. As one technology gains in popularity, there will be a commensurate need to increase the accelerated adoption of the other.

This executive order ensures not only that AI innovations can continue to improve service to American citizens, but that it is simultaneously preventing any misuse of data that might undermine the security of the nation’s IT infrastructure.

Gina Scinta is Deputy CTO of Thales Trusted Cyber Technologies.