Will quantum computing attacks undermine the promise of AI-native telco networks?

The 105,000 visitors who descended on Barcelona for Mobile World Congress 2026 were left in no doubt about the theme of the show. Almost every stand logo featured the same word: AI.

In fact, the official tag line for the huge telco expo was “The IQ Era – focusing on the convergence of AI, intelligent infrastructure, and next-generation connectivity.”

This interest in telco AI is not new. Carriers have embraced machine learning tools for decades. But now there’s drive towards a more ambitious goal: building the AI-native network.

This might be understood as an attempt to embed artificial intelligence into connectivity itself. Today’s networks rely on automated systems that use rule-based logic to handle predefined scenarios. The AI-native network is different. It is goal-oriented rather than script-driven. Instead of waiting for analyst approval, AI agents will detect anomalies across traffic, configuration and device behaviour, while evaluating risk in real time.

Looked at another way, this marks a change from automation to autonomy. From networks "doing AI" to networks "being AI”.

Multiple announcements at MWC confirmed this evolution is happening. For example, chip giant Nvidia secured commitments from telcos to build next-generation networks around open AI-native platforms. Its partners included BT Group, Deutsche Telekom, Ericsson, Nokia, SK Telecom, SoftBank, T-Mobile and more.

The transition to AI-native networks is a positive step. It should deliver operational efficiencies for telcos – and give enterprises the ability to build new services on top of intelligent connectivity.

AI will also change how telcos secure their networks. Operations centres will use machine learning models to analyse network telemetry and operational data. The models will detect anomalies and respond to threats in real time. Instead of reacting to incidents, these systems will predict and prevent them.

New networks, new vulnerabilities

But this growing reliance on automated decision-making raises a critical question: how secure are the foundations on which these AI systems operate? As networks evolve into hyper-autonomous systems, traditional security operations will no longer be able to keep up.

And one fast-developing technology – quantum computing (QC) – will make the security threat even more urgent. QC takes advantage of the ability of a sub-atomic particle to be a zero and a one at the same time. This paradoxical quality enables QC processors to solve ‘impossible’ problems in minutes.

The consequences for telcos are obvious. Autonomy is only safe if its underlying systems are mathematically immune to quantum decryption. An attacker with QC could break the encryption methods that protect everything from SIM provisioning and device onboarding to API calls, encrypted tunnels and signalling. This will put mobile communications, personal data and critical infrastructure at risk.

The lesson is clear: if AI agents start running network operations, they must be able to combat this threat. Frédéric Leclercq, CTO of Thales Mobile Connectivity Solutions, summarises the challenge. “In the AI-native network, security operations will shift from detection to prevention,” he says. “AI systems will identify attacks before they are publicly known. This is a positive step. But it will require quantum-safe AI. If security systems rely on vulnerable cryptography, adversaries with QCs will be able to manipulate AI defences. That's why post-quantum cryptography (PQC) and the AI network aren't separate – they’re interdependent."

The importance of planning

The QC threat to telcos is theoretical for now. No one can predict exactly when QC will strong enough to break today’s asymmetric cryptography. But security experts such as the cyber agency BSI believe it’s a question of ‘when’ not ‘if’ and that “preparations for the post-quantum era must begin today.”

Action is also needed because of the ‘harvest now, decrypt later’ threat. Frédéric Leclercq explains: “Quantum Computing is only being deployed in some specialist areas – like chemical simulation and long term weather forecasting or example. Cyber attackers can’t access the technology yet. But there is evidence that they are already harvesting unreadable encrypted data they think they can decrypt later. Telcos need to prepare for this.”

To resist quantum attacks, telcos must replace existing public key cryptography algorithms with new PQC algorithms. This presents three significant challenges.

• Performance and resource constraints

PQC algorithms make higher demands on processors and power. This is problematic for legacy IoT devices running on coin batteries.

• Migration without disruption

You can’t turn off billions of connected devices to make upgrades. Migration must be carefully planned and invisible to users.

• Undefined standards

Telco specifications for PQC in mobile networks are not finalised. For the moment, insiders are working with standards developed by the National Institute of Standards and Technology (NIST). FIPS 203 (CRYSTALS-Kyber) is now the standard for public-key encryption, while FIPS 204 ML-DSA (CRYSTALS-Dilithium), FIPS 205 (SPHINCS+) and FN-DSA (FALCON) are standards for digital signatures.

Audit, review, prioritise

To get ahead of the QC threat, experts recommend that telcos start with an audit of every cryptographic asset including network elements, SIMs, eSIMs, IoT endpoints and PKI infrastructure. Leclercq says: “After they have completed their reviews, telcos should prioritise the most sensitive data to protect, and then move on to the transport layer and the applications.”

The phased upgrade rollout should start with device provisioning. Telcos should make every new SIM or eSIM quantum-ready, but also modify existing devices with over the air updates and maintain hybrid crypto modes for legacy devices until it’s time for a hardware refresh.

Stakeholders are already working hard on solutions to the looming threat. Thales collaborated with carrier SK Telecom to trial new 5G PQC SIM cards that deploy the Crystals-Kyber algorithm to protect user identity and privacy against QC attacks. And in March 2026 the company demonstrated a way to remotely download PQC algorithms directly onto SIM and eSIM cards already in use. This is called crypto agility, and it allows telcos to upgrade security protections without having to introduce new product generations.

The QC threat should be on every enterprises roadmap. NIST advises that security teams should complete the full transition to PQC by 2035. Making AI-native networks quantum safe will be a huge challenge. But it is achievable with knowledge and preparation. 

The work starts now.