The quantum leap in technology inevitably brings threats to our entire digital civilisation, jeopardising the very foundations of security—from state secrets to personal data. At this cutting-edge frontier where theory meets harsh reality, stand figures whose expertise shapes the future of digital safety. Philipp Lebedev is one such extraordinary talent—a true guru whose work has broken through the barriers of conventional approaches. His name has become synonymous with innovation in hardware security and post-quantum cryptography. Today, he stands at the pinnacle of the industry, offering not just theory, but practical solutions capable of protecting critical infrastructure from tomorrow’s threats. His project, SecureCore, is a manifesto for the next generation of cybersecurity.
Philipp, many have heard of quantum supremacy as a technological breakthrough. But what is its dark side for cybersecurity, and why should we take it seriously now?
“The dark side of quantum computing has a name—Shor’s algorithm. It can break asymmetric cryptography, which underpins the security of nearly everything: banking transactions, government communications, digital signatures. The issue is exacerbated by the ‘harvest now, decrypt later’ tactic. Attackers are already intercepting and storing encrypted data, waiting for a sufficiently powerful quantum computer to decrypt it. This is not a hypothetical future threat—it’s an arms race that’s already underway. Waiting means guaranteed defeat. We must implement quantum-resistant solutions proactively, before the ‘quantum thief’ comes knocking.”
You focus on embedded systems and critical infrastructure. Why are these sectors—like power grids, hospitals, and water treatment facilities—such a weak point in the quantum age?
“These systems are the physical backbone of our society. Compromising them doesn’t just mean data loss—it can lead to real-world disasters: blackouts, failure of medical devices, disruptions in water supply. Unlike corporate IT systems, industrial controllers (ICS) and embedded systems have life cycles spanning decades. They don’t get updated as frequently as your smartphone. This means vulnerabilities baked into their hardware or firmware can persist for years, unnoticed. An attack on these systems causes direct physical harm. That’s why deep, hardware-level security is absolutely essential in this space.”
In response to these challenges, you founded the SecureCore project. What is its central philosophy? Is it an evolution of existing approaches, or a full-scale revolution in hardware-level protection?
“SecureCore represents a paradigm shift. We’re moving away from the idea of ‘bolt-on’ security—where protective solutions are layered on top of vulnerable systems like a band-aid. Our philosophy is security that is embedded directly into the architecture, starting from the silicon. We build modular platforms that enable trusted boot and firmware authentication, making the system secure by design. This isn’t just evolution—it’s a complete rethinking, where security becomes a fundamental property, not an added function. Our goal is to make protection part of the DNA of critical infrastructure.”
SecureCore focuses on modular FPGA-based platforms and post-quantum cryptography. How does that work in practice? How are next-gen protections integrated into aging infrastructure, and why were the CRYSTALS-Kyber and Dilithium standards chosen?
“The core idea of the modular approach is flexibility. FPGAs (Field-Programmable Gate Arrays) allow us to build lightweight hardware security modules that can be integrated into both new and legacy systems without requiring full replacement. It’s like transplanting a secure heart into an existing organism.
As for cryptography, we rely on standards that have undergone rigorous evaluation by the U.S. National Institute of Standards and Technology (NIST). CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures were chosen as finalists in their multiyear global competition. Our choice is about trustworthiness, performance, and global recognition. We’re not inventing our own algorithms—we’re using the best the world has to offer.”
Another pillar of SecureCore is firmware integrity monitoring using artificial intelligence. How can AI detect threats at such a low level, and doesn’t the monitoring system itself become a new target for attackers?
“AI in our case is a highly specialised ‘digital sentinel.’ We use lightweight neural networks, optimised for edge devices, that scan memory in real time and analyse firmware behavior—specifically UEFI/BIOS. These models are trained on massive datasets of known vulnerabilities, including ICS-CERT and NVD databases, and can detect anomalies indicating unauthorised tampering.
To ensure that the monitoring system doesn’t become a new vulnerability itself, it’s anchored in a hardware-based root of trust. That guarantees the integrity of the verification process and makes it resilient against external compromise.”
Your project goes beyond purely technological solutions—it touches on economic development and national sovereignty: job creation, reliance on American suppliers. How important is this socio-economic mission to SecureCore?
“It’s critical. Cybersecurity isn’t just about code and chips—it’s about resilience, independence, and long-term national stability. By building locally, relying on trusted suppliers, and creating high-tech jobs, we contribute to digital sovereignty and economic security. Especially in areas like critical infrastructure, where dependency on foreign technologies can become a national risk, we believe it’s essential to have control not just over the software stack, but over the supply chain itself. SecureCore is as much an industrial strategy as it is a security platform.”
“Technological sovereignty is impossible without manufacturing and talent sovereignty. Dependence on foreign components in critical infrastructure is a strategic vulnerability. That’s why our goal is to build a secure supply chain entirely within the United States, relying on small and mid-sized enterprises. We are deliberately placing our development centers in economically challenged regions—such as the so-called ‘Rust Belt.’ By creating high-tech jobs and investing in education programs with local colleges, we not only strengthen national security but help revitalise the country’s industrial potential. This isn’t just a mission—it’s an integral part of our strategy.”
Your path to SecureCore is impressive: victories in global CTF competitions, the creation of the Malwario hardware solution, patents in post-quantum encryption, and work on UEFI security. How did this diverse experience shape your vision and lay the foundation for such an ambitious project?
“Each stage was a stepping stone. Competing in CTFs with top-tier teams taught me to think like an attacker—to understand the logic of exploitation. Working on Malwario and efiXplorer gave me deep insights into hardware-level and firmware vulnerabilities. At Quros PTE LTD, I led the development of a post-quantum secure operating system. At ASP Labs and Reperion, I gained hands-on experience with industrial and maritime systems.
SecureCore is the synthesis of all that. I’ve seen the weak points from every angle: offense, defense, development, and real-world deployment. This project is a logical culmination—an attempt to create a holistic solution that accounts for all those aspects.”
Looking ahead, what are SecureCore’s goals over the next five years, and how do you envision the global cybersecurity architecture in 10–15 years, once quantum computers become a reality?
“Our near-term goals for the next five years are concrete: deploy our modules at no fewer than 150 critical infrastructure sites in the U.S., achieve certification under FIPS 140-3 and NIST PQC standards, and open three R&D centers in economically strategic regions.
In the long term, I envision a future where security is no longer optional. It will be embedded into every chip, every line of firmware code by default. The global security architecture will be decentralised, hardware-accelerated, and quantum-resilient. Projects like SecureCore will no longer be exceptions—they will be the norm. We’ll move away from the endless ‘patch race’ and enter an era of provable and innate security. And we’re working to bring that future closer, every single day.”
If you would like to feature in our People in Business section, please get in touch with us via the contact page.