Securing AI Inference: The Overlooked Security Frontier in 2026

Insider Brief:Most of the public conversation around AI still centers on training, be it bigger models, better performance, more compute. But in enterprise environments, the real exposure often begins after the model is built.During a recent webinar hosted by The Quantum Insider in partnership with 01Quantum, leaders from financial services, cybersecurity, and consulting examined a growing blind spot: AI inference. Titled Securing AI Inference Against Adversarial Threats in 2026, the discussion centered on the present-day reality that inference has become a high-value attack surface. It also marked the official kickoff to the 2026 Year of Quantum Security, demonstrating a shift from general quantum awareness toward practical adoption strategies across enterprise environments.As Tyson Macaulay, COO of 01Quantum, explained, inference is “AI working.” It is the operational moment when a model is queried, when questions are asked against a trained system. And that is precisely where risk accumulates. The panel characterized inference deployments as the emerging “weakest link” in modern cybersecurity architecture, not because models are inherently flawed, but because execution layers have scaled faster than the controls surrounding them.Inference models often contain the distilled intellectual property of an organization. In expert systems especially, the model itself reflects proprietary training data, domain knowledge, and internal logic. In some cases, models can be reverse engineered to reveal insights about their training dataBut the exposure runs both directions. Prompts themselves reveal information about individuals, about businesses, and about strategy. A medical query reveals personal health data. A corporate query may signal product development direction or operational weakness In short: the question can be as sensitive as the model.Yet according to Macaulay, roughly half of emerging AI security standards discussion, including those from NIST and ISO, now focus on prompt and inference model security. The industry is only beginning to recognize the scale of that exposure.Subin Alexander of CGI noted that CISOs and CTOs are already confronting this reality. Organizations are dealing with shadow AI, unclear visibility into agentic systems, and growing regulatory pressure around responsible usageNation-state actors are targeting cloud AI systems to extract intellectual property, blueprints, and personally identifiable information. Agentic identities introduce new complexity: autonomous agents operating within enterprise systems can be difficult to control, and when compromised, can exfiltrate data at scale.There is also the more subtle threat of unintended exposure. Terms-of-service agreements may allow model hosts to use prompt data in ways organizations did not fully anticipate. Inference traffic becomes data exhaust — valuable, analyzable, and potentially exploitable. For mid-market organizations, recovery from major incidents can take months, often at far greater cost than preventative investment would have required.Audience polling during the session spoke to the urgency. Nearly half of attendees (46.2%) admitted they are not confident their current AI systems meet anticipated 2026 standards, while complexity of implementation remains the primary barrier to action. Notably, “harvest now, decrypt later” concerns have overtaken model drift as the leading digital trust risk among infrastructure leaders.From the financial sector perspective, Kristin Milchanowski, Chief AI and Data Officer at BMO, framed the issue differently. For banks, trust cannot be optional; it must be structural.Financial institutions operate under some of the strictest regulatory regimes globally. That reality forces early adoption of privacy controls, third-party risk governance, and responsible AI frameworks. BMO’s approach reflects a deliberate stance by bringing large language models in-house where possible, ensuring that additional training using proprietary data remains contained.Milchanowski emphasized a principle that may become foundational to enterprise AI governance: innovation without empathy is efficiency without trust. Responsible AI is a cultural transformation and board-level priority. She also pointed to the equally important issue of hallucination. Recent research suggests that hallucinations may stem more from data layer drift than purely algorithmic design. If true, this shifts defensive focus from model mechanics to data governance, which is another inference-adjacent vulnerability.The webinar also addressed quantum security directly. The “harvest now, decrypt later” risk, where encrypted data is collected today to be broken once quantum capability matures, remains a major concernAlexander stressed that organizations must inventory cryptographic dependencies and begin migration planning now. Transitioning to post-quantum cryptography (PQC) is not a flip-of-a-switch event; it is a multi-year roadmapMacaulay added that minimum viable PQC readiness begins with core systems: identity and access controls, encrypted network traffic, and vendor procurement requirements that mandate cryptographic agility. Embedding PQC expectations into contract renewals may be one of the most practical accelerators available today.One of the more nuanced arguments of the session was that post-quantum security does not require wholesale infrastructure replacement. The focus is on embedding cryptographic resilience into existing workflows, which reduces disruption while strengthening long-term viability. 01Quantum is exploring the use of fully homomorphic encryption (FHE), a lattice-based post-quantum technique that allows encrypted data to be processed without decryption Applied to AI inference, this would allow models and prompts to remain encrypted during execution, ultimately mitigating model extraction and prompt leakage simultaneously. If deployed effectively, such approaches could reduce reliance on complex guardrail systems and open new business models for securely exposing high-value expert systems.Inference, not training, is emerging as the critical battleground. Prompts, agentic identities, model extraction, data drift, and post-quantum preparedness are converging into a single operational question: how do you preserve digital trust while accelerating AI integration?The message from the panel was consistent. Start with the fundamentals. Build inventory. Embed cryptographic agility into procurement. Align innovation with governance. And treat AI inference as infrastructure versus functionality.Because in 2026, AI inference is operational critical infrastructure, and critical infrastructure must be secured before it is tested by failure. To explore the full discussion in detail, access the complete webinar replay and hear directly from the panelists shaping the 2026 AI security agenda.Share this article:Keep track of everything going on in the Quantum Technology Market.In one place.