BIO 2025 Panel Recap: Convergence of AI, Quantum, and Cybersecurity in Life Sciences Supply Chain

We are entering a new era where biology, computation, and intelligence are converging. Generative AI is reinventing the way we discover, develop, and manufacture therapies. At the same time, quantum computing is poised to unlock new insights—and unprecedented vulnerabilities. These technologies together are rewriting the rules of cybersecurity in the life sciences.

At the 2025 BIO International Convention, I joined a distinguished panel to explore the future of cybersecurity in life sciences—through the lens of Generative AI, Quantum Computing, and evolving cyber threats. For those that couldn't attend, you can watch the panel here:

This is a highly relevant topic that health and life sciences leaders must have a plan for addressing. In the CyberCX 2025 Threat Report, the research shows that healthcare remained the most impacted industry – at 17% of incidents, healthcare was the dominant affected industry in 2024, followed by financial services (11%) and education (8%). The most impacted sectors are all industries that hold significant amounts of sensitive personal data.

In addition, the digital threat landscape is evolving faster than most organizations can adapt. According to Microsoft’s 2025 Cyber Signals report, attacks leveraging AI-assisted tooling have increased by 58% year-over-year. In life sciences, the threats are especially nuanced, targeting both intellectual property and high-value operational data across R&D, clinical, manufacturing, and supply chains.

Key threats include:

• AI-generated phishing and impersonation attacks

• Model poisoning and prompt injection attacks

• Deepfake disinformation campaigns targeting investors or trial participants

• Exfiltration of AI/ML models and training data sets

Key Highlights from the Panel

Generative AI has brought productivity gains to nearly every function in life sciences—regulatory document authoring, SOP generation, clinical data summarization, and smart lab workflows. But AI without cybersecurity is like a factory without fire doors. Worse, AI models are vulnerable in ways traditional IT systems never were: through adversarial inputs, poisoned training data, and stolen weights.

Meanwhile, quantum computing presents a duality: it promises transformational R&D advances, yet threatens to break RSA-based encryption (which still secures over 80% of healthcare data globally). This makes cybersecurity not just a technical layer—but the foundation that binds AI and quantum strategies into something trustworthy, compliant, and resilient.

Generative AI Is Expanding the Threat Surface

We’re witnessing GenAI become a double-edged sword. While it accelerates discovery and improves operational efficiency, it also enables more sophisticated attacks:

• Polymorphic malware that adapts in real time.

• Synthetic data poisoning of AI training pipelines.

• Deepfake phishing targeting clinical trial teams and execs.

Post-Quantum Threats Are Here—Not Hypothetical

The panel dove deep into “harvest now, decrypt later” strategies already being employed by sophisticated adversaries. Microsoft has responded by integrating post-quantum cryptography (PQC) into Windows and Azure, following NIST-approved algorithms like CRYSTALS-Kyber.

The Supply Chain & Manufacturing Is Only as Secure as Its Weakest Algorithm

We discussed how global inequalities in cybersecurity maturity—especially among small and mid-tier CROs—present cascading risks across the biopharma value chain.

I shared some approaches like:

• Democratize cyber tooling with accessible offerings like Defender for Business.

• Map AI & PQC maturity across third-party networks with tools like Microsoft Purview and Azure Policy.

Regulation and Resilience Must Advance Together

From GxP compliance to FDA digital health guidance, the regulatory perimeter is expanding. But as I pointed out:

In this post by the FDA, they share AILC concept diagram provided below, we highlight systematic methods related to data and model evaluation during Data Collection and Management, and Model Building and Tuning phases. This diagram also illustrates risk management and cybersecurity as cross cutting concerns for the entire life cycle.

💡 My Extended POV: What Life Sciences Needs to Do Now

Working as an independent management consultant and former Gartner analyst, I work with pharmaceutical execs globally to navigate complex tech adoption. My message to them is simple but strategic:

1. Move Beyond Defense—Design for Resilience

Zero Trust should no longer be a buzzword—it must be the fabric of the biotech enterprise. But let’s go further:

Design systems that assume compromise. Incorporate adversarial testing. Secure the model supply chain (data, weights, prompts, APIs). This applies especially to GenAI copilots embedded in lab automation, manufacturing control systems, and clinical operations.

2. Create Quantum-Ready Roadmaps Now

Life sciences companies hold data with 20+ year lifespans—IP, genomics, trial results. If it’s not encrypted using quantum-resistant algorithms, it’s already vulnerable.

Plan now to migrate to PQC. Conduct cryptographic inventories. Microsoft has guidance, and this needs to be board-level strategy, not just CISO concern.

3. Prioritize Cyber-Education Across Your Organization

The most critical patch isn’t software—it’s knowledge. We must train scientists, clinical teams, and even board members on AI security awareness and quantum literacy. The threat is evolving faster than regulation can keep up.

4. Leverage Industry Standards

Quantum threat to encryption is everpresent. Shor’s algorithm could break RSA-2048, ECC, and other classical public-key systems within 5–10 years once fault-tolerant quantum computers scale. Stand on the sholders of giants though focusing on industry standards.

Review Post-Quantum Cryptography (PQC) from NIST, Zero Trust (ZT) Guidance for Critical Infrastructure / Applying Zero Trust to Operational Technology (OT) and Industrial Control System (ICS) Environments from the Cloud Security Alliance. Their goal is to educate the orginizations on considerations and application of ZT principles for Critical Infrastructure (like pharma manufacturing), with a focus onOperational Technology (OT) and Industrial Control Systems (ICS). This guidance should serve as a tool for communication and collaboration between teams tasked with cybersecurity policies and controls and the system owners and operators of OT and ICS. Securing OT/ICS assets, requires education and collaboration among cross-functional teams.

Final Takeaway: The Next Breach Won’t Come Through a Firewall—It’ll Come Through a Model

The AI-native biotech company of the future will need more than antivirals and airlocks. It will need secure model lifecycles, quantum-proof cryptography, and resilient AI infrastructure.

BIO 2025 reminded us that AI, quantum, and cybersecurity are no longer separate conversations. They are a single, integrated imperative for scientific innovation and operational trust.

Let’s secure life sciences!