For years, the phrase “AI and quantum computing” mostly meant speculation about quantum machines one day accelerating machine learning. That future remains distant. The relationship that actually matters in 2026 runs in the opposite direction, and it is already changing how seriously the world’s largest technology companies take their own encryption.
Artificial intelligence is now being used to design, calibrate, correct and operate quantum computers. A comprehensive review published in Nature Communications in December 2025, authored by researchers from NVIDIA, Oxford, Toronto, NASA Ames and others, surveys this shift across the entire quantum stack and reaches a striking conclusion: many of quantum computing’s biggest scaling challenges may ultimately rest on developments in AI, and AI “might be the only tool with the ability to both solve these problems effectively and do so efficiently at scale”.
That sentence deserves attention from anyone responsible for cryptography. Every forecast about when quantum computers will threaten today’s encryption has implicitly assumed human-paced engineering. If AI is now doing a growing share of that engineering, the assumption breaks. The evidence from the past eighteen months suggests it already has.
A quiet role reversal across the quantum stack
The Nature Communications review documents AI at work in places most security professionals never think about. Reinforcement learning agents have designed multi-qubit couplers for superconducting chips that were then built and validated experimentally. Google DeepMind’s AlphaTensor-Quantum optimises quantum circuits by minimising the count of T-gates, the most expensive operations in fault-tolerant computing, by recasting the problem as tensor decomposition (Ruiz et al., 2025). Generative pre-trained transformers now write quantum circuits the way language models write sentences: the GPT-QE approach samples circuit sequences from operator pools and trains against computed energies, producing compact circuits for chemistry problems.
Perhaps most telling is what happened in the laboratory itself. In 2025, researchers demonstrated an agent-based AI framework, built on large language models and vision-language models, that autonomously calibrates transmon qubits, a task that normally occupies teams of quantum physicists, with performance comparable to human scientists (Cao et al., 2025). Machine learning classifiers already tune semiconductor quantum dots from a cold start, convolutional networks have cut readout errors on neutral-atom qubits by up to 56 percent, and Bayesian methods characterise qubit environments in real time to extend coherence.
None of these results makes headlines individually. Together they describe something significant: the bottleneck in quantum engineering is shifting from scarce human expertise to machine learning throughput. And machine learning throughput has been compounding fast.
Error correction: the battleground that decides the timeline
The single hardest obstacle between today’s noisy devices and a cryptographically relevant quantum computer is quantum error correction (QEC). Logical qubits must be woven from hundreds or thousands of imperfect physical qubits, and a classical decoder must infer where errors occurred from syndrome measurements arriving roughly a million times per second. Decode too slowly and errors pile up faster than they can be fixed.
This is precisely where AI has made its most consequential advances.
In December 2024, Google’s Willow chip demonstrated error correction below the surface code threshold for the first time: each increase in code distance roughly halved the logical error rate, confirming that scaling up genuinely suppresses errors rather than amplifying them. Weeks earlier, Google DeepMind had published AlphaQubit in Nature, a recurrent transformer decoder trained first on simulated data and then fine-tuned on real Sycamore processor data. It identified errors more accurately than the best conventional algorithmic decoders, making about 6 percent fewer errors than slow but accurate tensor-network methods and 30 percent fewer than the fast correlated-matching decoders used in practice (Bausch et al., 2024).
The remaining problem was speed. AI decoders were accurate but too slow to run inside the microsecond feedback loops of a live superconducting processor. That gap is now closing through infrastructure. In October 2025, NVIDIA announced NVQLink, an open interconnect that couples quantum processors directly to GPU supercomputers with microsecond-scale latency, adopted by seventeen quantum hardware builders and, initially, nine US national laboratories. A month later, Quantinuum and NVIDIA demonstrated the first real-time, scalable decoding of quantum low-density parity-check (qLDPC) codes on the Helios processor, achieving a decoder reaction time of 67 microseconds against a two-millisecond budget, a thirty-twofold margin.
Honesty requires the counterweight, and the Nature Communications review provides it. AlphaQubit needed two billion training examples to outperform conventional decoders at code distance 9, and the authors estimate that distance 25, the scale practical algorithms require, would demand on the order of ten trillion to one hundred trillion examples. Training data requirements grow exponentially with code distance, and classical simulation of quantum systems is itself exponentially costly. AI has not solved error correction. What it has done is convert a physics problem into a machine learning engineering problem, and the recent history of machine learning engineering problems is that they fall to scale and money.
The falling cost of breaking cryptography
While AI was accelerating the machines, algorithm researchers were shrinking the target. In 2019, Craig Gidney and Martin Ekerå estimated that factoring a 2048-bit RSA key would require 20 million noisy physical qubits running for eight hours. In May 2025, Gidney revised that estimate to fewer than one million noisy qubits running for under a week, a twentyfold reduction in hardware requirements under identical physical assumptions, achieved through better arithmetic, denser logical-qubit storage and cheaper magic-state preparation. Two decades of “quantum computers need tens of millions of qubits” intuition evaporated in a single paper.
Elliptic curve cryptography fared no better. In March 2026, Google researchers and collaborators published new resource estimates showing that 256-bit elliptic curves, the mathematics protecting most TLS connections and essentially all cryptocurrency, could be broken with far fewer qubits and gates than previously assumed, with published analyses placing the requirement below half a million physical qubits, roughly a twentyfold improvement.
Then came the clearest signal yet. On 25 March 2026, Google’s VP of Security Engineering Heather Adkins and senior cryptographer Sophie Schmieg announced that Google is setting its own post-quantum migration timeline to 2029, explicitly citing progress in quantum hardware, error correction and factoring resource estimates. A company that operates both a frontier quantum lab and one of the world’s largest cryptographic estates looked at its internal evidence and chose a deadline three years ahead of the regulatory consensus. Long-time sceptics have moved too: Scott Aaronson wrote in May 2026 that experts he trusts on hardware and error correction now consider a cryptographically relevant quantum computer possible around 2029.
Correlation is not causation, but the causal chain here is explicit. Google’s own announcement links its accelerated timeline to error correction progress, and its error correction progress is inseparable from AI. The technology compressing the quantum timeline and the technology raising the alarm are the same technology.
The arithmetic that matters: Mosca’s inequality
Michele Mosca’s well-known inequality states that if the time needed to migrate your systems plus the time your data must remain confidential exceeds the time until a cryptographically relevant quantum computer exists, you are already too late. AI-driven acceleration attacks the right-hand side of that inequality while most organisations have barely begun working on the left.
The regulatory milestones are already fixed:
NIST IR 8547 (November 2024 draft) deprecates RSA-2048 and ECC P-256 class algorithms after 2030 and disallows all quantum-vulnerable public-key cryptography after 2035.
The EU’s Coordinated Implementation Roadmap (NIS Cooperation Group, June 2025) requires all Member States to begin the transition, including cryptographic inventories and national plans, by the end of 2026, to complete migration of high-risk use cases and critical infrastructure by the end of 2030, and everything else by 2035.
Both frameworks were finalised before Google’s 2029 announcement. If the organisation with arguably the best visibility into quantum progress is planning for 2029, then 2030 should be read as a hard ceiling, not a comfortable target. And for confidentiality, the deadline effectively passed years ago: adversaries conducting harvest-now-decrypt-later collection are recording encrypted traffic today precisely because they expect to decrypt it within the retention window of the secrets it protects. Any data that must stay confidential into the 2030s, which describes most defence, diplomatic, health, industrial and space-segment data, is already exposed if it travels under RSA or elliptic curves.
Where Decent Cybersecurity stands
At Decent Cybersecurity, this convergence is not an abstraction. We build our solutions on the NIST-standardised post-quantum algorithms, ML-KEM (FIPS 203), ML-DSA (FIPS 204) and SLH-DSA (FIPS 205), and we work with the sectors where Mosca’s inequality bites hardest: critical infrastructure, defence and space.
Space illustrates the problem in its purest form. A satellite launched this year will still be operating in 2040, and its cryptography cannot be recalled for a hardware upgrade. That is why post-quantum protection of space communications, the focus of the EU-funded COSMOS-SECURE project that Decent Cybersecurity coordinates, has to be designed in before launch, not patched in afterwards.
The convergence cuts both ways, and defenders should treat it that way. The same class of models that decodes quantum errors for an adversary’s future machine can, today, help a defender discover every cryptographic asset hidden across a legacy estate, one of the most labour-intensive steps of any migration. AI compresses the attacker’s timeline; used deliberately, it can compress the defender’s too. Our practical guidance has not changed, only its urgency: complete a cryptographic inventory now, build crypto-agility into procurement so algorithms can be swapped without redesign, deploy hybrid classical-plus-post-quantum schemes during transition, and prioritise systems protecting long-lived secrets and long-lived hardware.
What to watch next
The Nature Communications review closes with what its authors call a grand challenge: using AI to discover entirely new quantum algorithms. Today’s quantum applications rest on a small set of algorithmic primitives that has barely grown in decades. Generative models that design circuits backwards from a problem statement could expand that set, which would reshape not only what quantum computers are useful for but what they are dangerous to. Quantum-specific foundation models and tightly coupled quantum-GPU supercomputers, the architecture NVQLink prefigures, are the infrastructure bets being placed now.
The limits are real and worth stating plainly. Classical AI cannot efficiently simulate large quantum systems; the exponential cost of quantum mechanics does not yield to clever training. Data scarcity, exponential training requirements for decoders, and the absence of statistical guarantees in AI-based error mitigation are open problems, not footnotes. AI does not make quantum computing easy.
What it does is make quantum engineering compound. Each AI advance in design, calibration or decoding shortens the path to the next one, and the past eighteen months, from AlphaQubit to Willow to real-time qLDPC decoding to a twentyfold collapse in attack resource estimates, show the compounding at work. The question that should anchor security planning is no longer “when will a quantum computer exist?” It is “how fast can AI remove the remaining obstacles?” The honest answer, on current evidence, is: faster than most roadmaps assumed. The organisations that internalise that answer before 2030 will be the ones for whom the quantum era is an engineering milestone rather than a breach notification.
References without online links
Bausch, J. et al. Learning high-accuracy error decoding for quantum processors. Nature 635, 834-840 (2024).
Ruiz, F. J. R. et al. Quantum circuit optimization with AlphaTensor. Nature Machine Intelligence 7, 374-385 (2025).
Cao, S. et al. Automating quantum computing laboratory experiments with an agent-based AI framework. Patterns 6, 101372 (2025).
The post When AI Builds the Quantum Computer: A Convergence That Is Rewriting Security Timelines appeared first on Decent Cybersecurity.



