Quantum computers are often described as the future of computing.
They promise enormous speed and power that could transform medicine, finance, materials science, and many other fields.
But according to new research, these powerful machines may also open the door to entirely new cybersecurity risks—ones that today’s security tools are not ready to handle.
In a recent paper published in the Proceedings of the IEEE, researchers from Penn State University warn that quantum computers face serious security vulnerabilities, not just in their software, but deep inside their hardware.
The study was led by Swaroop Ghosh, a professor of computer science and electrical engineering, along with researcher Suryansh Upadhyay.
To understand the risks, it helps to know what makes quantum computers so different. Traditional computers work with bits, which are like tiny light switches that are either on or off, represented by ones and zeros.
Every program, photo, email, and bank transaction ultimately breaks down into long strings of these bits.
Quantum computers, by contrast, use quantum bits, or qubits. A qubit can be a one, a zero, or both at the same time—a strange property known as superposition.
Qubits can also become linked through entanglement, meaning the state of one qubit can instantly affect another. Together, these features allow quantum computers to process huge amounts of information far more efficiently than classical machines.
This power could be revolutionary. For example, in drug development, quantum computers could rapidly simulate how new molecules behave, dramatically reducing the time and cost needed to discover new medicines.
But that same power creates new security challenges.
According to Upadhyay, many quantum systems rely on software, compilers, and programs developed by third parties, and there is currently no efficient way to verify that these tools have not been tampered with.
This creates risks of data theft, manipulation, or even hidden backdoors that could expose sensitive information.
Quantum algorithms often contain valuable intellectual property directly embedded in their circuits. If attackers gain access to these circuits, they could extract proprietary algorithms, financial data, or even information related to critical infrastructure. There is also a uniquely quantum problem called crosstalk. Because qubits are so interconnected, unwanted interactions between them can accidentally leak information or disrupt calculations, especially when multiple users share the same quantum processor.
Unlike classical computers, quantum systems cannot simply reuse existing cybersecurity methods.
“Quantum machines behave fundamentally differently,” Upadhyay explained. As a result, many commercial quantum providers are currently focused on making their systems work reliably, rather than securing them against future attacks. For now, hackers have little incentive to target quantum computers, but that will change as these machines become part of everyday business and industry.
Ghosh argues that security must be built into quantum computers from the very beginning. At the hardware level, engineers need to reduce noise and crosstalk that could leak information. At the circuit level, data must be scrambled and encoded to make it harder to steal. At the system level, sensitive information should be compartmentalized so users only access what they truly need. New software tools will also be required to detect and defend against quantum-specific threats.
The researchers hope their work will spark broader collaboration across computer science, engineering, physics, and mathematics.
As quantum computing moves closer to real-world use, the question is no longer whether these machines will change society—but whether we can protect them before attackers catch up.
