Securing AI Infrastructure for Defense: A Post-Quantum Encryption Approach

AI systems process some of the most sensitive data in existence. Medical records flow through diagnostic models. Legal strategies are refined by AI assistants. Classified intelligence is summarized by language models. Financial projections, trade secrets, and personal communications all pass through AI APIs every second of every day.

Today, this traffic is protected by TLS -the same encryption that secures web browsing. But TLS was designed for a pre-quantum world. The cryptographic algorithms it relies on (RSA, ECDH) will be broken by sufficiently powerful quantum computers. This is not speculative. NIST has already finalized post-quantum cryptography standards specifically because the threat is real and the timeline is shrinking.

The most dangerous attack is already underway: harvest-now, decrypt-later (HNDL). Nation-state adversaries are recording encrypted network traffic today, storing it until quantum computers can break the encryption. Every AI API call made over standard TLS is a potential future plaintext.

DARPA has consistently prioritized secure communications and cryptographic innovation through programs in its Information Innovation Office (I2O) and other divisions. Programs like ASEMA (Assured Secure Encrypted Messaging Application) target the fundamental challenge of ensuring end-to-end encrypted communications remain secure against evolving threats, including quantum computing.

DARPA's priorities align directly with the post-quantum transition: building systems that are secure today and remain secure as computational capabilities advance. The emphasis is on practical, deployable solutions -not theoretical research.

Key areas of DARPA interest that intersect with AI security include:

• End-to-end encryption that resists quantum attacks
• Secure high-bandwidth data channels for AI/ML workloads
• Zero-trust architectures where no intermediary has plaintext access
• Cryptographic agility -the ability to swap algorithms as standards evolve
• Dual-use technologies applicable to both defense and commercial sectors

NovaQore AI has built and deployed a quantum-encrypted LLM infrastructure platform. Every API call is protected by a fresh cryptographic handshake using NIST-approved post-quantum algorithms. This is not a roadmap item -it is operational and serving production traffic today.

The encryption stack:

• Kyber1024 (ML-KEM / FIPS 203) -NIST-approved post-quantum key encapsulation mechanism. Each API request generates a fresh Kyber keypair, the server encapsulates a shared secret, and both parties derive a symmetric session key. No persistent keys. No key reuse across requests.
• AES-256-GCM -The derived session key encrypts the actual request and response payloads using AES-256 in Galois/Counter Mode. Authenticated encryption ensures both confidentiality and integrity.
• Per-request isolation -Every single API call receives an independent quantum handshake. Compromising one session reveals nothing about any other session. There is no session state to attack.

The result: AI prompts and responses are encrypted before they leave the client application, travel through the network as quantum-resistant ciphertext, and are only decrypted at the LLM compute layer. No intermediary -no CDN, no proxy, no cloud provider -ever sees plaintext.

NovaQore's technology aligns with several defense priorities simultaneously. The existing platform can be adapted and extended for defense and intelligence use cases through a phased approach.

NovaQore is not proposing to build post-quantum encrypted AI infrastructure. It already exists. The platform is live, serving production traffic, with real users. The core encryption and AI serving layers are operational. The remaining work is adaptation, hardening, and certification for defense environments.

• Operational today -Not a prototype, not a simulation. Live production API with quantum encryption on every call.
• NIST-approved cryptography -Using FIPS 203 ML-KEM (Kyber1024), not experimental or proprietary algorithms.
• Custom hardware -We build our own GPU compute units. No dependency on cloud providers. Full control of the hardware stack.
• Architecture designed for isolation -Encryption and compute layers are already separated. Moving to hardware air-gap is an engineering step, not a research project.
• Dual-use by design -The same platform serves commercial, healthcare, legal, and defense customers. Defense investment accelerates capabilities that benefit all sectors.

• FIPS 203 -Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). Finalized August 2024. The post-quantum standard NovaQore implements for key exchange.
• FIPS 197 -Advanced Encryption Standard (AES). AES-256 in GCM mode for authenticated symmetric encryption of payloads.
• FIPS 140-3 -Security Requirements for Cryptographic Modules. NovaQore's target certification for the encryption module.
• NIST SP 800-208 -Recommendation for Stateful Hash-Based Signature Schemes. Reference standard for post-quantum digital signatures.
• CNSA 2.0 -NSA Commercial National Security Algorithm Suite 2.0. Mandates transition to post-quantum algorithms for national security systems by 2035.

NovaQore LLC is a US-based company building quantum-encrypted AI infrastructure. We welcome discussions with DARPA program managers, defense contractors, and government agencies about adapting our platform for defense and intelligence applications.