Kyle Thornton

The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding is part of our new report on AI-powered threats.

A mathematician at Bell Labs wrote something on paper in 1994 that made every government on earth quietly panic. The machine that runs it doesn't exist yet. The panic never stopped. His name is Peter Shor. He is a professor of applied mathematics at MIT. He won the Turing Award in 2021, the highest honor in computer science. And the thing he is most famous for is a piece of mathematics he wrote in four days that he did not fully intend to write. Here is the story almost nobody tells, and why it should change how you think about the security of everything you do online. In 1994, Shor was a researcher at AT&T Bell Labs in Murray Hill, New Jersey. Bell Labs at the time was the most intellectually alive research environment in the world. The same building that produced Claude Shannon's information theory, the transistor, and the Unix operating system was now full of physicists who interrupted each other mid-sentence and argued through lunch. Quantum computing in 1994 was not a field. It was a rumor. A handful of theorists believed that computers built on quantum mechanical principles could solve certain problems exponentially faster than classical machines. Most of the scientific establishment considered them eccentric. There was no working quantum computer. There was no clear proof that one would ever matter. It was the kind of research that serious people called interesting and quietly avoided. Shor was not avoiding it. He had been thinking about a problem called the discrete logarithm, a mathematical operation that sits underneath several encryption schemes. Encryption works because certain mathematical operations are easy to perform in one direction and almost impossible to reverse. Multiply two enormous prime numbers together and you get a product in seconds. Start with the product and try to find the two original primes and a classical computer would take longer than the age of the universe. That asymmetry is the lock. Every bank transaction, every encrypted email, every password you have ever entered online is protected by some version of that lock. Shor worked out a quantum algorithm for the discrete logarithm problem. He presented it at an internal Bell Labs seminar. The physicists in the room paid attention for the entire talk, which was unusual. The talk ended, and people started talking. Then the telephone game started. The discrete logarithm is used in some encryption systems, but not most. The dominant encryption standard protecting most of the world's sensitive data, RSA, is built on a different problem: prime factorization. As news of Shor's seminar spread through the halls of Bell Labs and then through the physics community, something got lost in translation. By the time the story reached physicists across the country four days later, the rumor was that Shor had solved factoring. He had not. He had solved something related but different. Shor heard the rumor. And then, in four days, he made it true. He sat down, looked at what he had already built, found the mathematical connection between the discrete logarithm and prime factorization, and extended his algorithm to cover both. The rumor had described something that did not exist. He built it to match the rumor before anyone found out it was wrong. What he had now was a quantum algorithm that could factor enormous numbers exponentially faster than any classical computer. In practical terms, what that meant was this: if a quantum computer ever existed with enough stable qubits to run Shor's algorithm at scale, RSA encryption would be broken. Not weakened. Not compromised at the margins. Broken completely. Every message ever encrypted with RSA would be readable. Every private key ever generated would be derivable from the public key. Every lock built on the assumption that factoring is hard would unlock. The paper went out. The reaction was not what most people imagine. There was no press conference. No announcement. A 32-page technical paper appeared in the proceedings of a symposium on the foundations of computer science. Cryptographers read it and understood immediately what it meant. Intelligence agencies read it and understood immediately what it meant. Governments that had spent decades and billions of dollars building encryption infrastructure understood immediately what it meant. None of them said much publicly. They started working. The NSA gave Shor a Mathematics in Cryptology Award in 1995, one year after the paper came out. That is a fast turnaround for an award from an intelligence agency. The implication is that they read the paper and moved. The problem was the machine. Shor's algorithm requires a quantum computer with enough fault-tolerant qubits to factor the kind of numbers used in real encryption, numbers with hundreds of digits. In 1994, no such machine existed. In 2001, IBM demonstrated Shor's algorithm on a 7-qubit quantum computer and used it to factor the number 15 into 3 and 5. That was the proof of concept. It was also a machine that required more infrastructure than most university labs own, running a calculation a fourth grader could do in their head. The gap between that demonstration and a machine capable of breaking real encryption is enormous. The numbers involved in modern RSA encryption have hundreds of digits. Factoring them with Shor's algorithm would require a quantum computer with potentially millions of stable, error-corrected qubits. The best machines available today have thousands of qubits, most of them too noisy to use reliably for extended computation. But the direction of progress is not ambiguous. Every year, the machines get larger. Every year, error correction improves. Every year, the gap between what exists and what Shor's algorithm requires gets smaller. Nobody knows exactly when a machine capable of breaking RSA will exist. Estimates from serious researchers range from ten years to thirty. The NSA has said publicly that it believes the threat is real. NIST, the US standards body, spent years running a global competition to identify encryption algorithms that would survive a quantum computer, and in August 2024 published the first official post-quantum cryptography standards. Google has already integrated one of them into Chrome. Apple adopted another for iMessage. Signal switched to a hybrid post-quantum system in 2023. All of that activity, every dollar of it, every hour of engineering, traces back to four pages Shor wrote in 1994. The most interesting detail is the one Shor himself has repeated in multiple interviews. He compared the current scramble to build post-quantum cryptography to Y2K, the race to patch computer systems before the year 2000. He said the difference is that Y2K had a fixed deadline. The quantum threat has no deadline. Nobody knows when the dangerous machine will exist. And his warning was blunt: if you wait until it is obvious that a sufficiently powerful quantum computer is coming, you will already be too late. The migration of critical infrastructure to post-quantum standards takes years. The systems protecting financial markets, government communications, and military networks cannot be updated in an afternoon. The race is not theoretical. It is happening right now, in every major government and every serious technology company on earth. Shor is 65 years old. He still teaches at MIT. He did not build the machine. He wrote the paper that proved the machine would matter before anyone had built it. He won the Turing Award 27 years after the paper came out, which is either a sign that the committee moves slowly or a sign that the full weight of what he wrote is still arriving. The most dangerous algorithm in the history of cryptography has never successfully been used against a real target. Every system protecting your money, your messages, and your government's secrets is safe for exactly one reason. The computer that breaks them has not been finished yet.

“Elon and Dario should do a deal tomorrow.” - Chamath explains how power constraints are giving Elon massive leverage to make AI deals “ To the extent that OpenAI missed, I think what that is, is an insight to not enough compute capacity today, and that problem is only getting worse. If you look at the actual amount of gigawatts that are under construction, we have a huge mismatch now. People have announced all these projects, but less than half of it is actually being built. Less than half. Most of it is stuck in red tape. There's no credible strategy to turn any of this stuff on. Who will this hurt? It will hurt Anthropic and OpenAI the most. Who will this benefit? It will benefit the hyperscalers, specifically Oracle, Amazon, Meta, Microsoft, and Google. And now what you're going to see is a negotiation and a trade back and forth. How much equity do I have to give up? How much control do I have to give up to get access to the compute? How badly will I miss my growth forecasts if I don't? That's a huge lane for Grok and SpaceX to run through because they have a ton of excess capacity. And so I think the Cursor deal was the appetizer. If I were Elon now, I'd be running all over this market because if the models catch up in quality, I think he could also do something really crazy with Anthropic. He and Dario should do a deal tomorrow.”