With powerful quantum computers just a few years away from breaking the encryption used in today’s online transactions, more organisations are starting to get their digital systems “quantum ready” to counter the threat.
This means having better visiblity, governance and controls over the sofware they deploy across their stack, which is already a huge challenge for today’s software development and deployment.
“Before thinking about quantum, organisations must first secure their software supply chain,” says Yashaswi Mudumbai, senior director of solution engineering for Asia-Pacific at JFrog, which provides tools for software developers to manage and deploy their applications.
AI can help in automating the compliance process for many new software that is being developed in digital-first companies, he explains.
However, AI is also a “double-edged sword” because it could be potentially abused by hackers to insert malicious code. For developers, the old mantra of “trust, but verify” has become “verify, verify, and then maybe trust”, he tells Techgoondu, in this month’s Q&A.
NOTE: Responses have been edited for style and clarity.
Q: Organisations are being told to be quantum ready but their current systems are far from ready for today’s cybersecurity challenges, especially when it comes to supply chain issues. What should their priorities be?
A: Being “quantum ready” stems from the idea of a quantum shift. This is driven by rapid AI advancements and new security demands requiring a fundamental change in how software is built, secured, and scaled. But before thinking about quantum, organisations must first secure their software supply chain.
Software supply chain attacks have surged more than 300 per cent, and regulators like the European Union and National Institute of Standards and Technology (NIST) already hold organisations accountable for release integrity. This means organisations should include end-to-end visibility, governance, and evidence-based controls across the software development lifecycle.
Consolidation is equally important. Instead of siloed tools, organisations should move toward a unified platform as a single source of truth for software and AI development. This ensures consistency, simplifies compliance, and strengthens collaboration. By doing this, companies can address today’s challenges while building the foundation for quantum readiness.
Q: There’s been talk about AI automating compliance for supply chain security efforts. Are we seeing real-world results from this?
A: Yes, we are seeing real-world results. Companies are already applying AI to automate compliance efforts in several ways, from banks in Singapore using AI-powered systems for fraud and anti-money laundering detection, or natural language processing to review regulatory documents.
For instance, fintechs like Zeta and the Bank of Singapore have adopted AI-driven approaches to strengthen oversight and reduce manual compliance workloads. AI algorithms analyse supplier data, predict risks, and streamline compliance reporting, while AI-driven monitoring tracks suppliers continuously against regulatory changes and contractual obligations.
AI is also helpful in detecting anomalies, such as unusual shipping or sourcing patterns, which could indicate security or compliance issues. Importantly, these systems can integrate different regulatory frameworks across jurisdictions, reducing manual effort while keeping companies audit-ready.
The result is faster, more accurate compliance with reduced operational burden. However, human oversight remains essential to manage complexity and ensure ethical use.
Q: Would AI itself not be a vector for cyberattacks in future, for example, through AI poisoning?
A: AI is a double-edged sword. While it accelerates productivity, it also widens the attack surface. We’ve already seen malicious “AI-branded” packages and backdoored models uploaded to public repositories like Hugging Face to lure developers.
In this new era, the old mantra “trust, but verify” has shifted to “verify, verify, and then maybe trust”. Organisations need verifiable audit trails, rigorous code reviews, and security testing to validate AI outputs before release. Simplifying and securing the software supply chain is critical for consistency, record-keeping, and risk assessment.
In Asia-Pacific, regulators in Singapore, Australia, and Japan are already pushing responsible AI practices. Automated guardrails that continuously verify and govern AI use will be essential to mitigate risks while enabling innovation.
Q: Given all various challenges faced by organisations today, which quantum-ready initiatives should they get started with today?
A: To prepare for the quantum shift, companies should establish a unified platform that serves as the system of record for the software supply chain. This enables teams to manage and control everything entering their software, including AI models.
Equally important is building a connected ecosystem, where industry leaders integrate workflows that accelerate AI and machine learning development, prevent supply chain attacks, and drive governance. This reduces the manual burden of compliance while strengthening confidence in every release.
Fostering collaboration across cross-functional teams also ensures software is delivered securely. Organisations have to focus on streamlining processes, enhancing visibility, and embedding continuous security.
