IBM says it has reached a major step forward in making quantum computing more practical and affordable.
In a research paper set for release today, the company told Reuters that one of its core quantum algorithms can now run in real time on chips made by Advanced Micro Devices (AMD).
The algorithm is designed to tackle one of quantum computing’s biggest challenges: high error rates that can overwhelm calculations before they produce meaningful results.
By running the algorithm on a widely available AMD field-programmable gate array (FPGA) rather than a costly, custom-built chip, IBM says it’s paving the way for more accessible quantum hardware.
Jay Gambetta, vice president of IBM Quantum, told Reuters the achievement proves the company’s error-mitigation algorithm “not only works in the real world, but can operate on a readily available AMD chip that is not ‘ridiculously expensive.”
“Implementing it, and showing that the implementation is actually 10 times faster than what is needed, is a big deal,” Gambetta said.
Ahead of Schedule
The breakthrough also puts IBM ahead of schedule on its quantum roadmap. The company aims to build a large-scale quantum computer, codenamed Starling, by 2029. Gambetta said the new work delivers on goals originally planned for next year.
Quantum computers, unlike traditional machines that use binary bits, rely on quantum bits (or qubits) to represent multiple states simultaneously.
This allows them to process complex problems, such as simulating how trillions of atoms interact, far faster than classical systems ever could. But qubits are notoriously unstable, and even tiny disturbances can cause computational errors.
In June, IBM unveiled an algorithm designed to detect and correct these quantum errors in real time. The newly released research shows that algorithm running directly on an AMD FPGA, a key milestone toward integrating error correction and control systems into more standard, scalable hardware.
The findings suggest IBM is closing the gap between experimental quantum systems and practical, deployable computing power. If the approach scales as expected, it could mark a turning point in the race to make quantum computing commercially viable.
A Concerning Development
Philip George, Executive Technical Strategist at Merlin Cyber, says: “This development is concerning as it showcases a path towards relevancy, addressing the stubbornly persistent engineering challenge of error-handling for quantum computing. “]The critical difference here is the potential solution utilizes FPGA chips that are largely available and do not require new fabrication processes.”
If this method proves viable, George says we could be looking at an even closer deadline for cryptographically relevant quantum computers, which are available for both nation-states and commercial usage alike. “This means both the government and industry could be out of time to make meaningful progress towards adopting the new quantum safe standards, FIPS 203, 204, and 205, respectively.”
According to him, organizations should move their plans to execute a comprehensive automated cryptographic inventory forward today. “While ensuring the subsequent remediation and migration follows in short order. Due to the nature of regular technological change and improvement, delaying remediation and migration actions after completing an automated inventory lessens the accuracy and overall effectiveness of remediation efforts, thus it is critical to keep both actions closely paired with one another.”
Lowering the Barriers for Scale, Reproducibility
Jason Soroko, Senior Fellow at Sectigo adds that running a real time quantum error handling loop on off the shelf AMD FPGAs signals that the classical control stack for quantum systems is maturing and getting cheaper. “That lowers barriers for scale and reproducibility, pulls these systems closer to regular data center practices, and spreads the hardware supply chain across widely used components. It is encouraging for short term progress toward more stable qubits and for IBM hitting its roadmap, yet it does not change the near term risk picture for breaking today’s encryption. “
However, the security story shifts quickly once control moves to commodity gear because the attack surface grows beyond bespoke electronics into firmware, drivers, orchestration software, and the physical interfaces that bind racks to cryogenic devices, he explains.
Soroko poses several questions: “Which protections secure the FPGA bitstream and configuration flow, including secure boot, code signing, and JTAG lockdown? How is the supply chain for boards, IP cores, and toolchains vetted and monitored for tampering? What network boundaries isolate the quantum control plane from user workloads and from vendor remote access? How is time synchronization enforced and audited so that an attacker cannot inject timing jitter into feedback loops? What telemetry is collected to detect drift, fault injection, or abnormal calibration patterns and how long is it retained? Are side channel risks from power, RF emissions, or temperature sensors assessed and mitigated in shared facilities?”
He also asks whether the systems use post-quantum cryptography for management traffic and for data at rest, and how key material is protected. “What is the patch and rollback plan for FPGA firmware, drivers, and orchestration services that must meet strict latency guarantees? How are physical ports and maintenance modes controlled during install and service windows? What incident scenarios have been tabletop tested, including denial of service on real time loops, spurious pulse generation, and compromise of vendor tooling?”
All food for thought.
Transitioning to Quantum-Resistant Cryptography
Adam Everspaugh, Cryptography Expert at Keeper Security describes this latest breakthrough as another milestone in a race to fundamentally upend computer security as we know it. “Quantum computers will render the public-key encryption that currently safeguards personal data, financial transactions, healthcare systems, cloud platforms, government operations, and critical infrastructure obsolete once they reach sufficient scale.”
The immediate concern for Everspaugh, isn’t what quantum systems can do today, but what they will be capable of in the near future, a scenario that cybercriminals are actively preparing for. “Sensitive information stolen today will be exposed and weaponized years from now if organizations fail to prepare.”
He says transitioning to quantum-resistant cryptography is not a theoretical exercise, it’s a strategic imperative. “Governments and regulatory bodies are increasingly recognizing the urgency of the threat. Across industries, organizations are being directed to audit their cryptographic assets, plan migration paths and implement crypto-agility frameworks that enable rapid adaptation to the new standards.”
Quantum-Resillent, Rather Than Quantum-Proof
Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck, says the promise of quantum computing to decrypt harvested data may become a reality. “However, the value that an attacker might get from older harvested data is only justifiable for the most valuable and targeted data. This is one reason why various governments have quantum-resilient efforts underway rather than “quantum-proof” solutions.”
Since we are talking about a future state for cryptographic capabilities in applications, performing a risk assessment focused on cryptographic usage within an application should be a priority for any organization working with the most sensitive of PII. At a minimum, that risk assessment should focus on what the impact to the system might be if weak encryption were used. Such an assessment would then become a gap analysis covering where sensitive data isn’t being properly managed and help identify where quantum resilient approaches to system design and deployment should be employed.
Awareness, Cost, and Complexity
Casey Ellis, Founder at Bugcrowd, adds that quantum will force organizations to embrace cryptoagility—essentially the ability to swap out cryptographic algorithms quickly and efficiently. “Humans write algorithms and software, and just as cryptographic algorithms seen as unbreakable for 30 years have since been found to be flawed, it’s reasonable to assume that this trend will exist in QRC algorithms as well. This isn’t just a quantum problem, it’s a broader resilience strategy. The shift to post-quantum cryptography (PQC) will highlight the importance of flexible, automated cryptographic management systems.”
Ellis adds that the biggest hurdles are awareness, cost, and complexity. “Many organizations underestimate the threat or lack the resources to inventory and update their cryptographic infrastructure. Standards bodies like NIST are making progress with PQC algorithms, but adoption will require significant investment and coordination.”
In the short term, Ellis says quantum readiness builds trust with customers and partners. “Medium-term, it reduces the risk of catastrophic breaches. Long-term, it ensures operational continuity in a post-quantum world. The cost of inaction far outweighs the investment in preparation.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.