The transition to Post-Quantum Cryptography in the #Tor network’s #TLS layer is making progress! 😎 We are now at 44.57% of relays supporting the X25519MLKEM768 hybrid handshake. This number is up from 34.65% in March.

I’ve uploaded a list of relays and their scan results from yesterday on https://ahf.me/tor-tls-pqc/2026-06-18/ and wrote an email to the tor-relays@ mailing-list summarising the results in https://lists.torproject.org/mailman3/hyperkitty/list/[email protected]/message/IY7FJU5XDSZ2O4SKUTN5VJFRLBRHYZ6W/

#cryptography #postquantumcryptography #pqc

The Breach That Changes the Model

We have spent a decade learning to defend the inputs to artificial intelligence and almost no time defending the model itself. Weight tampering is the breach you will not detect, because the system keeps answering and the answers look fine. The only durable defence is a record of what the model was and what it did, signed before it acts and…

https://mickai.co.uk/articles/the-breach-that-changes-the-model

#modelintegrity #AIsecurity #weighttampering #postquantumcryptography #sovereignAI

You Cannot Prove a Negative Without a Record

When an artificial intelligence system is accused of misuse, the only defence is a tamper-evident account of what it actually did. Ordinary logs fail at exactly that moment because the operator who keeps them can change them. This essay argues that provable innocence is an account, not a state, and that the record has to be signed…

https://mickai.co.uk/articles/prove-a-negative-without-a-record

#AIaccountability #auditrecord #tamperevidence #AIgovernance #postquantumcryptography

The clause most AI logging will fail

The EU AI Act's high-risk record-keeping obligations contain a quiet requirement most logging stacks will fail: not whether you logged, but whether you can prove the record was never altered, without asking anyone to trust you. Tamper-evident, post-quantum, independently verifiable logs are the missing piece, and the clause will bite in the…

https://mickai.co.uk/articles/the-clause-most-ai-logging-will-fail

#EUAIAct #AIcompliance #auditlogging #tamperevidentrecords #postquantumcryptography

The Training Data Is a Liability You Cannot See

Most artificial intelligence systems carry a hidden liability: nobody can prove what data trained them. I argue that data provenance and poisoning are the real exposure, that you cannot defend outputs you cannot trace to inputs, and that the only honest answer is a signed, hash-chained record you can verify offline…

https://mickai.co.uk/articles/training-data-is-a-liability-you-cannot-see

#dataprovenance #datapoisoning #artificialintelligencesecurity #modelauditing #postquantumcryptography

The Signature Has To Outlive the Signer

Most artificial intelligence systems are designed to be trusted in the present tense. But a model can run for decades, and the record of its actions has to be verifiable long after the keys, the company, and the author are gone. This is an argument for signing today for a verifier who has not been born yet.

https://mickai.co.uk/articles/the-signature-has-to-outlive-the-signer

#keycustody #postquantumcryptography #AIgovernance #sovereignty #auditability

When the log is the product, not the exhaust

Most systems treat logging as exhaust, smoke routed away from the real work. I argue the opposite: in artificial intelligence systems, the trustworthy record of what happened is the actual product. Audit-first design builds that record first, signed before the act, sealed into a chain, and verifiable offline by anyone who trusts no one.

https://mickai.co.uk/articles/log-is-the-product-not-the-exhaust

#auditfirstdesign #AIgovernance #tamperevidentlogging #postquantumcryptography #EUAIAct

Keccak is at the core of ML-KEM and ML-DSA. One fault and your entire PQC stack is compromised.

On July 7th, we show exactly how. Live demos, real targets.
🕙 10:00 CEST: https://zoom.us/meeting/register/LygBfRjdS3Orn_SJW8QM7w
🕔 17:00 CEST: https://zoom.us/meeting/register/GUt6VmXdRneVK0zlYVzqnA

#PQC #HardwareSecurity #hardware #hardwarehacking #postquantum #postquantumcryptography #webinar #live #cybersecurity

Join us to exploit Keccak's physical vulnerabilities in ML-KEM and ML-DSA implementations live, via side-channel analysis and fault injection.

🕙 10:00 CEST: https://zoom.us/meeting/register/LygBfRjdS3Orn_SJW8QM7w
🕔 17:00 CEST: https://zoom.us/meeting/register/GUt6VmXdRneVK0zlYVzqnA

#PQC #hardwarehacking #nist #hardware #postquantum #postquantumcryptography

Security Leaders Scramble to Accelerate Post-Quantum Cryptography Transition

The pressing question isn't when quantum computers will crack today's encryption, but whether organizations will be prepared to make the switch to post-quantum cryptography before it's too late. With only 8% of SSH servers currently making the transition, experts warn that the time to act is now.

https://osintsights.com/security-leaders-scramble-to-accelerate-post-quantum-cryptography-transition?utm_source=mastodon&utm_medium=social

#PostquantumCryptography #CryptographyTransition #QuantumComputing #EmergingThreats #Encryption