Certifying the Uncertain: Cryptographic Assurance in the Age of AI-Augmented Security Systems (A21c)
As artificial intelligence becomes deeply embedded in security-critical systems-from AI-accelerated cryptographic implementations to machine learning-based threat detection in hardware security modules-the global cybersecurity community faces an unprecedented assurance challenge: how do the speakers certify systems whose behavior is probabilistic rather than deterministic? This talk addresses the critical gap between traditional cryptographic module certification frameworks (FIPS 140-3, Common Criteria, EUCC) and the emerging reality of AI-augmented security functions. Drawing from recent implementations and regulatory developments under the EU Cyber Resilience Act, the speakers examine three fundamental questions: Can neural networks be trusted in cryptographic operations? How do the speakers test systems that learn and evolve post-deployment? What new assurance paradigms are required when the “security boundary” includes trained models with billions of parameters?
The speakers present a forward-looking framework that bridges conventional cryptographic assurance with AI-specific evaluation criteria, introducing concepts such as “adversarial certification,” “model provenance chains,” and “continuous assurance for adaptive systems.” The talk synthesizes insights from recent NIST AI initiatives, ENISA’s work on AI cybersecurity certification, and real-world case studies where AI has both enhanced and compromised cryptographic implementations. Industry leaders will gain actionable insights into: preparing for AI-related requirements in upcoming certification schemes, implementing hybrid assurance approaches that accommodate both deterministic and probabilistic components, and positioning their organizations ahead of inevitable regulatory evolution.
As quantum computing threatens current cryptographic paradigms while AI promises post-quantum solutions, establishing robust certification frameworks for AI-augmented cryptographic systems is not merely academic-it is existential for global digital security. This talk charts a pragmatic path forward, balancing innovation velocity with the rigorous assurance that cryptographic modules demand, and positions the international cybersecurity community to lead rather than react to this transformation.