AI is transforming enterprise security on two fronts at once, forcing organizations to protect existing estates even as they race to embed AI into operations.

The urgency extends beyond just today’s software. Quantum computing is approaching a tipping point that could undermine the cryptographic foundations of the modern enterprise, according to Mark Hughes (pictured), global managing partner of cybersecurity services at IBM Corp. That makes this a defining moment for cybersecurity leaders, who can no longer afford to treat AI and quantum risk as tomorrow’s problem.

“My first piece of advice is don’t panic, because there’s a lot that we know how to do already, which intrinsically underpins the safe use and introduction of AI into enterprises. But notwithstanding the ‘don’t panic’ thing is ‘get busy and get moving very fast,'” Hughes told theCUBE. “The same principles [around governance and deployment] apply when it comes to how we do that with AI and how you get that into the enterprise, but we need to speed up.”

Hughes spoke with theCUBE’s Christophe Bertrand and Dave Vellante at the RSAC 2026 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed enterprise security strategy, autonomous threat operations and post-quantum cryptography readiness. (* Disclosure below.)

Enterprise security at the intersection of AI and quantum risk

IBM is building an “autonomous security program,” stitching together families of AI agents across security operations, identity and risk into a unified orchestration layer, Hughes noted. Rather than confining outcomes to the security silo, the agents now work natively into the broader information technology estate, teeing up remediation — and increasingly executing it — without human intervention, he explained.

“We’ve built AI to really help in certain known areas of security. Let’s think about the security operations center — we think about identity, think about risk and how we’ve now really used AI to make that work against known regulations,” Hughes said. “Now, we’re stitching those together, and what we now see is the ability for the security activity to be autonomous between traditional boundaries that used to be there.”

A parallel urgency to AI is the imminent quantum threat. Quantum-vulnerable public-key algorithms are headed for deprecation and eventual removal by 2035, with some higher-risk uses expected to transition sooner. While mainstream utility is projected for the 2029-2030 window, the catalyst for executive action is the vulnerability of asymmetric encryption to Shor’s algorithm, Hughes explained. IBM has developed four quantum-resistant algorithms and is urging enterprises to begin a discovery exercise now to inventory where vulnerable cryptography resides.

“Getting organized around cryptography now is essential. Not just because of the quantum event, although that is absolutely a necessity,” Hughes said. “You need to be doing that now, so we can get to a state of what we’re describing at IBM [as] ‘crypto agility’, where we move away from how we’ve traditionally managed crypt, which is hard-coded crypt. It’s worked, and it’s worked really well for us, but that’s not relevant now in today’s environment.”

The quantum threat is clearly more than a looming cryptography problem, and should push enterprises to get far more disciplined about how they manage certificates, keys and broader cryptographic workflows, Hughes said. Done right, that work does more than prepare organizations for post-quantum risk — it also removes a growing bottleneck to AI adoption.

“Everything that goes around that crypt landscape, that’s what foundationally needs to be better,” he said. “Get that right and I think it’s going to unlock a whole load of other benefits in the organization to become more agile, and [then] that doesn’t become a bottleneck for organizations in transforming their businesses to really embrace AI.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2026 Conference:

(* Disclosure: TheCUBE is a paid media partner for the RSAC 2026 Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE