Australia’s next decade of digital growth will be defined by two converging forces. The first is the rapid spread of AI systems across the public and private sectors, where models, GPUs, and cloud workloads now operate alongside traditional enterprise infrastructure. The second is the rise of quantum computing, which is accelerating faster than many anticipated. Together they reshape the security baseline for every organization and bring the Essential Eight into sharper focus as the practical guide for resilience.

 

The Dynamic Nature of AI Workloads

AI’s influence is already visible across federal agencies, critical infrastructure, universities, healthcare networks, and commercial enterprises. Yet AI workloads behave nothing like traditional assets. A model that runs on GPU clusters today might be containerized tomorrow and deployed in a lightweight inference service the day after. These systems create dynamic and sometimes opaque interactions across networks, data stores, and APIs. They demand visibility and governance that adapts at the speed of change.

 

Protecting What You Cannot See

You cannot protect what you cannot see. Devices running AI frameworks, endpoints serving inference models, and experimental testbeds introduce new behaviors that need to be governed from the moment they appear on the network. These environments often shift between research and production and create uncertainty around what is allowed to execute, what data can be accessed, and how workloads are configured. The Essential Eight provides a structure to manage that uncertainty by constraining what can run, minimizing privilege, tightening patch discipline, and enforcing strong authentication for anything that handles sensitive workflows.

 

Network Awareness and Operational Visibility

AI workloads also require deeper network awareness. Increased data movement, heavier API traffic, and parallelized processes on GPUs raise the likelihood that anomalies will hide within normal-looking flows. Models that interact with cloud services, external APIs, or internal repositories can expose an organization to data leakage, crypto mining, adversarial inputs, or model tampering. Continuous inspection, behavioral baselining, and runtime monitoring become essential to detect drift, interference, and other signals that suggest a compromise. This level of visibility is not optional for organizations working toward maturity across the Essential Eight, because it supports application control, patch oversight, least-privilege design, and recovery planning.

 

The Quantum Computing Threat

While AI reshapes the operational threat surface, quantum computing disrupts it at the cryptographic level. The timeline is tightening. Recent industry studies show that manufacturers expect customers to begin operational use of quantum capabilities around 2026. Some predict useful quantum applications even earlier. Processing speeds in this class of computing are many orders of magnitude higher than classical machines. They make brute force decryption feasible for today’s commonly used PKI systems, including those that secure most Australian enterprise communications today.

Forescout’s research has shown that most OpenSSH installations still run older versions that do not support quantum-safe encryption and that many servers fall back to older cipher suites even when newer options exist. This is the type of silent regression that an attacker can exploit. 

Go deeper: Watch our experts dig into the latest data on post-quantum cryptography:

 

This shift places long-term confidentiality at risk. Sensitive records that remain valuable for years, including government communications, research datasets, and proprietary business information, may be harvested now and decrypted later. The Essential Eight does not reference quantum directly, yet its principles map cleanly into the actions organizations must take. Patch cycles for legacy OT and IoT systems remain slow. Custom applications sit on old crypto libraries. A small percentage of devices use TLS 1.3. Only a fraction of global systems have adopted post-quantum cryptography. These gaps create a window where quantum-level computation can undermine the integrity of communications even when the organization believes its PKI controls are sound.

 

Take Action Now

Australian organizations cannot wait for quantum to become mainstream before strengthening defenses. The Essential Eight already addresses the operational realities behind this problem. It enforces patch currency, limits what applications can execute, tightens control of administrative privileges, and requires regular backup processes that preserve data and configurations. These controls have always mattered. Quantum simply raises the stakes.

Innovation will continue to accelerate. The challenge for security leaders is keeping governance, resilience, and trust at the same pace. The Essential Eight remains the most practical foundation for that effort. Australian enterprises, agencies, and critical infrastructure providers can start now:

  1. Establish continuous discovery for AI systems.
  2. Validate how assets communicate.
  3. Detect unsafe cipher usage.
  4. Map AI deployments to Essential Eight maturity objectives.
  5. Build governance that keeps the organization ready not just for today’s threats but for what quantum computing will introduce tomorrow.

The future is coming fast. With the right visibility, controls, and compliance-aligned strategy, Australia can adopt AI with confidence and prepare for quantum without falling behind.

See how the Forescout 4D Platform™ aligns to the Essential Eight: continuous AI asset visibility, behaviour monitoring, and automated compliance enforcement from a single integrated solution.

SECURING AI SOLUTION BRIEF