AI, Quantum Computing & the Coming Security Catastrophe

Before You Dive In:

• AI is fundamentally reshaping the cost of cyberattacks, collapsing the asymmetry between attackers and defenders, and making the threat landscape of 2026 more dangerous than ever before.
• Your smartphone is one of the weakest links in your security setup, with zero-click exploits now publicly available that give attackers complete control of your device without any action on your part.
• Quantum computing remains a longer-term but credible threat, and post-quantum cryptography migration is already underway, making hardware-isolated key storage the most resilient foundation for your digital ownership today.

Ledger CTO Charles Guillemet recently sat down with Matthieu Stefani on the La Martingale podcast for a wide-ranging conversation on the state of digital security. From the AI-driven collapse of the attacker/defender asymmetry, to the looming threat of Q-Day and the very real dangers lurking inside your smartphone, Charles delivers a sobering assessment of the security landscape in 2026. Whether you’re new to crypto or a seasoned holder, the conversation makes one thing unmistakably clear: the stakes have never been higher, and the window for complacency is closing fast.

“We are truly at an inflection point in history; I would even say at the limits of human history. We are genuinely at the beginning of something like a security catastrophe for all the systems we know.”

Charles Guillemet, Ledger CTO

The Budding AI Security Catastrophe

“We are genuinely trending toward zero cost for finding vulnerabilities.”

Charles Guillemet, Ledger CTO

The most urgent theme of the conversation is the way AI has fundamentally shattered the economics of cybersecurity. 

Security has always rested on one principle: creating an asymmetry where attacking a system costs far more than what an attacker can gain. That asymmetry is now collapsing. With modern LLMs, finding vulnerabilities and writing exploits has gone from a task requiring months of expensive specialist work to something achievable in a few prompts. 

As Charles puts it, “A 19 out of 20 no longer works. If you score 19/20, the attacker will find that one mistake and get into your system.” The consequences are already visible in the wave of major data breaches hitting organizations daily. 

In the crypto world, where money is sitting directly on-chain, this raises the stakes dramatically. DeFi protocols are honeypots in the truest sense: value that can be extracted instantly and pseudonymously. The implication for any digital asset holder is that the threat landscape of 2026 is fundamentally different from even two years ago.

Your Phone Is Your Biggest Vulnerability

“Even if you have a recent phone… try to avoid putting secrets, or things of too much value, on your phone.” 

Charles Guillemet, Ledger CTO

Charles shares one of the most startling points of the discussion: the smartphone exploit market is democratizing in the most dangerous possible way. Zero-click, zero-day RCE (Remote Code Execution) exploits, which can give an attacker complete control of your device without any action on your part, once cost millions and were the exclusive tools of nation-states and elite criminal organizations. Today, those prices are trending toward zero. 

Older iOS exploits below version 18 are now publicly available for free, putting the majority of iPhone users at passive risk. Frameworks like Coruna have combined phone exploitation with crypto drainers, meaning the moment a device is compromised, any software wallet, screenshot of a seed phrase, or email containing recovery words is automatically extracted and sent to the attacker. 

The practical implication is clear: never store your 24-word seed phrase digitally, never use a software wallet for meaningful holdings, and treat your phone as an inherently compromised environment. Keeping your software updated and using a dedicated hardware device like a Ledger for any significant crypto holdings is a baseline requirement for securing digital assets.

Q-Day: The Quantum Threat to All Cryptography

Among the most thought-provoking topics Charles addresses is quantum computing and the concept of Q-Day: the moment a sufficiently powerful quantum computer exists to break modern cryptography. While Charles is careful to temper speculation and remains skeptical of near-term timelines, he is unambiguous about the direction of travel. 

To that end, the U.S. National Institute of Standards and Technology (NIST) has mandated that all critical systems must migrate to post-quantum cryptography by 2030, and all other applications by 2035. The challenge is scale: cryptography is embedded in every padlock icon in your browser, every bank card tap, every connected device. The migration effort will be enormous. 

At Ledger, post-quantum cryptography is already being actively developed, and the architecture of its hardware signers puts it in a fundamentally stronger position than software-based alternatives when that migration becomes mandatory.

Deepfakes, Voice Cloning: The End of “Is It Really You?”

“If I know your number, I can call your family from your number with your voice and ask them to make a transfer.”

Charles Guillemet, Ledger CTO

The convergence of AI and social engineering has produced a new category of threat that no password manager can address: impersonation at scale. Cloning a voice now takes seconds of audio. Spoofing a caller ID costs around 50 euros. The result is that receiving a call from a trusted person’s number, in a trusted person’s voice, no longer means anything. Charles’s advice is practical and urgent: establish a shared safe word with your family for any request involving money or sensitive access, and if in doubt, hang up and call back on a different channel.

He also raises the emerging importance of proof of humanity, the ability to cryptographically verify that you are interacting with a real person rather than an AI agent. This is a capability Ledger signers are being positioned to provide, using the same asymmetric cryptography that secures Bitcoin to prove human identity in a world where the distinction will otherwise become impossible to make reliably.

Passkeys, Agentic AI & the Future of Digital Identity

Charles also expands Ledger’s role beyond crypto storage into the broader challenge of digital identity and authentication. Passkeys replacing passwords using asymmetric cryptography are already supported on Ledger devices. Rather than a password that can be phished or leaked, authentication is performed with a cryptographic key that never leaves the secure element, verified by a PIN on the device itself. 

Charles also offers a preview of the next frontier: securing agentic AI. As AI agents are increasingly granted permissions to act, pay, and connect on behalf of users, the challenge becomes delegating rights without handing over the master keys. 

“We want to give agents the right to perform actions, but we don’t want to give them a blank check.” 

Charles Guillemet, Ledger CTO

Through its 2026 AI Roadmap, Ledger is actively developing an architecture for delegated, revocable permissions for AI agents, a problem that will only become more urgent as agentic AI enters mainstream financial workflows.

Watch the full episode here: