Dr Anupam Tiwari
The Terms We Once Feared & Now Take for Granted
There was a time, not very long ago, when terms like GPS, Biometrics, Cyber warfare, and Satellite communication belonged entirely to the vocabulary of specialists, scientists, and select defence operational commands. A senior official reviewing a defence budget or a military General planning a joint operation had little discernment to engage with their fundamental mechanics. It was technical and thus it was someone else’s problem.
None of that is true any longer. These terms have reshaped our doctrine, our procurement, our threat judgments, and our absolute conception of what modern battles look like. The changeover happened gradually, then abruptly, and those who adapted early held the advantage. Those who waited paid a heavier price.
We are standing at exactly that kind of moment again. Only this time the terms are different: Differential Privacy, Federated Learning, Privacy Budget or Post–Quantum Cryptography. And this time, the price of containing is not assessed in years of attaining but in compromises that cannot be undone.
This article is written for the strategic mind. Technical terms will appear where essential with plain explanations in brackets. The aim is not to make the reader a technologist; it is to ascertain that these concepts enter the strategic vocabulary, appear in procurement specifications, and are asked about in briefings. India has been REACTIVE before. The argument here is simply that it cannot afford to be REACTIVE again.
The Machine Is Already in the Room
There is a consistent leaning in policy circles to speak of defence AI as something on the horizon, a potentiality being moulded, and a future to be coped with. That framing is no longer accurate and indulging it is genuinely dangerous.
AI is not drawing close. It is here and gaining prominence fast. ISR systems process satellite imagery at speeds no human analyst team could match. Logistics networks are anticipating equipment failure before it manifests. Cyber operations are running pattern recognition in milliseconds. Sovereign drone platforms are making real-time adjustments mid-mission. Decision-support systems discreetly determine the options that reach a commander’s desk, long before a human hand influences the final choice.
Just to emphasize the power already at the frontier, an Anthropic model named Claude Mythos is considered too eventful for public release. It engages under a limited programme called Project Glasswing, which is accessible only to a few organisations. That constraint reflects genuine responsibility, but it also makes it clear that the technology is already at a level that even its creators treat with exceptional caution.
The most capable AI systems globally are now being deployed under restricted-access frameworks, reflecting growing recognition of their strategic implications.
If we take this as the beginning, as one of the known cases of responsible and ethical deployment of AI, what could be a scenario in the times ahead, with a vicious adversary way ahead in the overall AI race and research?
The First Blind Spot: When AI Learns the Wrong Secrets
Every AI system deployed in defence settings inevitably learns and is trained on data. In defence, that data is never neutral; it carries the tell-tales of operations, movement patterns, mission timelines, communication doings, equipment functioning and performance under op conditions and the decision-making signatures of the humans behind these systems.
What most strategic planners have not yet ingested is that AI systems can learn sensitive and classified data during training and later leak it. This has been demonstrated repeatedly in research: POCs and video models prompted deliberately reproduce shards of their training data.
The formal solution to the above is Differential Privacy (a mathematical framework for carefully inserting fine-grained noise into the training cycle, ensuring that no individual record, operation, or data point can be reverse-engineered from the model’s responses). It is the assurance that AI learned the pattern without memorising the secret.
Closely associated with Differential Privacy is the Privacy Budget (a finite allowance in which every access to data during training incurs a quantified mathematical debit). Per se, in India’s context of AI systems, the question is stark: Does this system train with Differential Privacy, and is its Privacy Budget actively supervised? If the answer is uncertain, the blind spot is open and has likely been open to an adversary for long enough to worry us.
The Privacy Budget: A Concept Every Strategist Must Own
Each classified document has an addressing protocol that specifies who Reads it, how Many Times, under what Conditions, when it is Destroyed and alike. The Privacy Budget is the functional equivalent for data feeding into an AI system, and so it is exhausted. And when not addressed with the same earnestness as document classification, the consequences can result in sensitive information reaching those who should not have it.
This becomes especially decisive in Federated Learning (where AI models are trained across distributed military nodes, with raw data never leaving any node) and in upholding data sovereignty. Sensitive information never rides through a central server. But if each node is not operating under a strictly enforced Privacy Budget, the overall model becomes a vulnerability.
Who has the Privacy Budget in defence deployments? Which office monitors its use? What is the defined SOP when it draws near depletion? These are command-and-control options, technically draped. They belong to the same table as rules of engagement and a data classification policy, and right now, in most cases, they belong to NOBODY.
The Second Blind Spot: The Quantum Clock Is Already Ticking
If the privacy dilemma brings out what AI is subtly exposing today, developments in quantum technology reveal what adversaries are subtly collecting today to read tomorrow. This quantum threat is called Harvest Now, Decrypt Later (HNDL). Potent and tech-defining state actors are tapping and siphoning away encrypted defence communications, satellite transmissions, and classified data exchanges today. Not because they can decrypt the encryption today, but they are convinced they will soon have sufficiently powerful quantum computers to realise this. Operational plans, procurement negotiations, defence tenders, formation actions, OSINT, defence personnel profiles, and strategic communications will become readable, and the dots that connect them will provide invaluable information [retroactively]. Without Warning. Without any further action required on the adversary’s part.
The mathematical weapon on which the above-mentioned HNDL rides is known as Shor’s algorithm, which was developed in 1994 by the American mathematician Peter Shor. The only restriction to date is the realisation of the true quantum machine. This restriction is gradually fading while the global progress moves from NISQ (Noisy Intermediate-Scale Quantum computers that can execute utilitarian computations but are still subject to errors due to quantum noise) towards CRQC (Cryptographically Relevant Quantum Computerthat can break widely used public-key cryptography.) or more simply, an expedited transition from current, error-prone quantum computer devices to future machines that threaten cybersecurity and break encryption in place today.
In Aug 2024, NIST USA released the world’s first post-quantum cryptography (PQC) standards, including FIPS-203 (encapsulation-decapsulation), FIPS-204/205 (Digital signature algorithms), and FIPS-206, which is currently on track for formalisation. Why is this happening? Why is the global force expediting efforts to migrate from classical cryptography to future-proof, i.e., PQC? The answer does not need some complex justification; it is simple. CRQCs are happening sooner than the world anticipates and we should be future-proof ready.
The Quantum Race: What Is Already Happening
In June 2026, Microsoft introduced Majorana 2, its second-generation topological quantum chip. Its qubits (the fundamental units of quantum information) now live an average of 20 seconds to a full minute. The erstwhile first generation handled only up to 12 milliseconds, representing a 1,000-fold improvement in about 16-17 months. The more interesting thing about this synthetic qubit is that it was developed riding on a Microsoft agentic AI platform. This shows that AI is now actively accelerating the pace of quantum hardware development. The next target is a scalable quantum computer by 2029, cutting its previous timeline in half.
And it is not just Microsoft; IBM has its own 2029 quantum roadmap. Amazon has revealed its Ocelot chip. Globally, multiple physical pathways- superconducting circuits, trapped ions, photonic systems, and topological qubits are being developed in parallel and expedited.
Besides Microsoft, IBM, and Amazon, leading global quantum players like China and Russia are expanding city-scale quantum communication networks, focusing on quantum magnetometers, gravimetric sensors, and quantum navigation while moving to ditch conventional GPS. China is examining seabed quantum sensors to track submarine movements. DARPA has established the QBI (Quantum Benchmarking Initiative 2026), aiming to achieve utility-scale quantum computers capable of surpassing supercomputers by 2033.
India too has the National Quantum Mission (NQM), a Government of India mission launched with INR 6,003.65 crore to develop indigenous quantum technologies, secure communications, and advanced computing.
India’s Specific Exposure
India’s defence modernization is impressive in its aspirations and increasingly in execution, but, like other nations, it carries specific vulnerabilities that make the above AI-Quantum twin threats particularly acute. Military satellite communications ride on NIST encryption that antecedes the quantum threat framework; those transmissions remain vulnerable to HNDL archives. The rapid induction of drone platforms across border surveillance and maritime patrol is generating vast operational data in AI training pipelines that, without differential privacy guarantees, silently surrender route patterns, behavioural signatures, and operational rhythms with every training cycle. The Indian defence drone ecosystem has already marked its arrival, focusing on secure “quantum-safe” drone-to-ground communications.
The Twin Shield: Differential Privacy Meets Post-Quantum Cryptography
Defence preparations mostly reduce threats to clear-cut classes, often assigning them separate, parallel mitigation strategies. That approach is efficacious when risks are independent and identified. However, today the vulnerabilities are not cleanly separable; all tech-riding weapons intersect, especially while we await the true duo power of AI+Quantum, which interact at the level of system guarantees.
While we prepare to migrate to future-ready PQC infra around us, which is an already difficult endeavour otherwise, just migration is not going to help if it lacks an embedded differential privacy component. Either we prepare ourselves, keeping in mind today’s threats, and get ready by tomorrow to brace for future threats, or we align more to prepare today with future-proof deployments of solutions that befit a safe tomorrow.
Thus, Differential privacy monitored with privacy budgets must become a compulsory specification in every defence AI system, in RFPs, Tender Specs, acceptance testing criteria, and operational scrutiny. Federated Learning suits India’s panoramic defence architecture well, but only when implemented with both privacy and quantum-safe communication at every node.
This is not a technology choice. It is a DOCTRINE choice.
What Strategic Leadership Must Demand Today
The obligation perches not solely with technologists and engineers, but with those who ratify procurement orders, sanction doctrines, and set strategic direction.
Every defence AI system, indigenous or procured, must carry differential privacy certification (do they exist, or is this an opportunity to build standards) and PQC compliance as baseline requirements. Not ambitious features. If a prospective partner cannot exhibit both, the procurement chain process ends there.
India needs a schematic, time-bound, and expedited quantum migration roadmap with command-level ownership, covering defence communications, satellite architecture, and C4ISR systems. NIST has done its part (although indigenous cryptography standards have been awaited for a long time) in Aug 2024, when Encryption/Decryption and Digital Signature algorithms were released. So the standards exist and are available. What remains is the decision to deploy/migrate and accountability at the right level of authority.
Most importantly, the above terms must be incorporated into the vocabulary of senior defence leadership through structured, formal briefings, war-games simulating quantum and privacy-attack scenarios, and doctrine that treats them as central chapters rather than technical annexures. The adversary is not waiting for bureaucratic cycles and election manifestos to be announced.
The Window Is Narrow
History does not treat munificently those who saw clearly and moved slowly.
HNDL means that damage from decelerated PQC migration is not deferred; it is piling up right now, silently in adversary archives that we cannot access or even know about. Every month of inactivity is not a month of safety. It is a month of vulnerability that cannot be undone retrospectively.
The privacy situation is evenly poised, irreversible, and causing permanent damage. An AI system trained excluding differential privacy has already acquired knowledge and intelligence that it should not have. Machine Unlearning (the process of removing specific data influence from a trained model) remains technically complex and operationally unproven as of date. Prevention and cognizance of this is the only genuine strategy.
These terms, Differential Privacy, Privacy Budget, PQC, Federated Learning, HNDL, will within a decade become the norm in defence briefing rooms as naturally as GPS features, movement plans and cyber warfare do today. The only question, the only one that actually counts, is whether India’s strategic think-tank owns that lexicon on its own terms or acquires it as a consequence of a compromise it later saw coming and chose to defer.
THE MACHINE IS IN THE ROOM. THE BLIND SPOTS ARE KNOWN. THE SHIELD IS AVAILABLE.
The next move belongs to LEADERSHIP.
Dr Anupam Tiwari is a distinguished cybersecurity expert and international speaker with over 20 years’ experience in IT security, cyber-physical systems, and blockchain. He holds a doctorate in blockchain-based security research, has authored 35+ papers, presented at 100+ national and international forums, and has conducted specialised training for leading government and academic institutions. He was recognized as one of India’s CQ100 Cyber Pioneers for contributions to cybersecurity and digital resilience.
