Workshops Artificial Intelligence PQC for AI Model Weights
Artificial Intelligence Full Day or Half Day Workshop

PQC Protection for AI Model Weights and Training Infrastructure

Large language model weights represent billions of dollars of training compute. The cryptographic signing and encryption protecting these artefacts is vulnerable to quantum attack. This workshop maps the exposure and builds a migration plan.

Full day (6 hours) or half day
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

For MLOps engineers and AI platform security teams. Covers quantum cryptographic exposure of model weights, training checkpoints, NCCL/MPI cluster communications, model registry signing, and PQC migration using FIPS 203/204/205 for distributed AI training infrastructure.

Training a frontier LLM costs tens of millions of dollars in GPU compute. The resulting model weights are signed with ECDSA or RSA, stored encrypted in cloud object stores, and transmitted across multi-node GPU clusters using NCCL AllReduce or MPI collectives. Every one of these cryptographic operations is vulnerable to a quantum computer running Shor's algorithm. The harvest-now-decrypt-later threat is particularly acute for model weights: an adversary recording encrypted checkpoint files today could decrypt them once quantum capability arrives, gaining access to proprietary model architectures and training data encoded in the weights. This workshop maps the full cryptographic dependency chain of a distributed training pipeline, from data ingest through GPU cluster communications to checkpoint storage and model registry. We then build a phased PQC migration plan using FIPS 203 (ML-KEM) for key encapsulation, FIPS 204 (ML-DSA) for model signing, and FIPS 205 (SLH-DSA) for long-lived provenance attestation, addressing the specific performance constraints of GPU cluster communications and large-artefact signing.

What participants cover

  • Model artefact cryptographic exposure: weight signing (ECDSA/RSA), checkpoint encryption, and container image signing vulnerability to Shor's algorithm
  • Distributed training cluster security: NCCL AllReduce, MPI collectives, and parameter server gRPC TLS under quantum threat
  • Model registry integrity: cosign/Notary v2 signing, SBOM attestation, and supply chain verification for AI artefacts
  • FIPS 203/204/205 for AI: ML-KEM for checkpoint encryption, ML-DSA for model signing, SLH-DSA for long-lived provenance
  • Performance constraints: signature size impact on model registry throughput, key encapsulation overhead for large-artefact storage
  • Compliance alignment: NIST AI RMF model integrity requirements, EU AI Act Article 15, cloud GPU platform PQC readiness

Preliminary Agenda

Full-day session structure with scheduled breaks. Content is configurable to your training infrastructure, GPU cluster architecture, and model deployment pipeline.

# Session Topics
1 AI Training Infrastructure and Its Cryptographic Dependencies Where cryptography protects model weights, checkpoints, and cluster communications
2 Model Artefact Security Under Quantum Threat Weights, checkpoints, and model registry integrity
  • Cryptographic signing of model weights and training checkpoints: RSA/ECDSA vulnerability to Shor's algorithm
  • Model registry integrity: container image signing (cosign/Notary v2) and SBOM attestation exposure
  • Harvest-now-decrypt-later risk for encrypted model artefacts stored in cloud object stores
Break, after 50 min
3 Distributed Training Cluster Communications NCCL, MPI, and GPU-to-GPU cryptographic exposure
  • NCCL AllReduce and Ring-AllReduce: TLS/encryption status in multi-node GPU clusters (NVIDIA DGX, cloud GPU instances)
  • MPI collective communications: OpenMPI and MPICH transport security under quantum threat
  • Parameter server architectures: gRPC TLS and key exchange for gradient aggregation
4 Interactive Demonstration: Model Security Cryptographic Audit Full-day format only
  • Mapping cryptographic dependencies across a distributed training pipeline (data ingest, preprocessing, training cluster, checkpoint storage, model registry)
  • Evaluating NCCL encryption configuration and identifying unencrypted gradient flows
  • Demonstrating ML-DSA model signing and verification workflow for checkpoint integrity
Break, after 60 min
5 PQC Migration for AI Training Infrastructure FIPS 203/204/205 applied to ML workflows
  • ML-DSA-65/87 for model weight signing: signature size impact on model registry throughput
  • ML-KEM-768 for encrypted checkpoint storage: key encapsulation for cloud object store encryption
  • SLH-DSA for long-lived model provenance: stateless hash-based signatures for multi-year model lineage
6 Compliance and Vendor Landscape NIST AI RMF, EU AI Act, and platform readiness
  • NIST AI RMF Map 1.5/Measure 2.6: cryptographic security requirements for AI model integrity
  • EU AI Act Article 15: accuracy, robustness, and cybersecurity requirements for high-risk AI systems
  • Cloud GPU platform PQC readiness: NVIDIA, AWS, Azure, GCP encryption and signing capabilities
7 Q&A and Migration Planning

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and AI training infrastructure security.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

AI

AI Infrastructure Partners

Domain expertise and operational validation

AI workshops are co-delivered with sector specialists who bring direct operational experience in distributed training systems, GPU cluster security, and MLOps pipelines. This ensures workshop content is grounded in the operational realities of production AI training infrastructure.

Commission This Workshop

Sessions are configured around your training infrastructure, GPU cluster architecture, model registry tooling, and existing security controls. Get in touch to discuss requirements and schedule a date.

Contact Us
Artificial Intelligence Workshops All Consulting Services All Workshops