News linked to both this project and an event.
Ledger Chief Technology Officer Charles Guillemet pointed out that the development of post-quantum cryptography has entered a critical stage. Although the timeline for a practical quantum computer remains unclear, a full-scale migration of the encryption systems across the industry is an inevitable trend. Led by NIST, the traditional sector plans to phase out high-risk algorithms by 2030 and completely ban them by 2035, with government and enterprise institutions expected to complete their migration layouts by 2029. Encryption and key exchange will adopt ML-KEM to defend against quantum decryption attacks on harvested data, with digital signatures becoming the core of blockchain transformation. The traditional industry prefers ML-DSA hybrid schemes, while the blockchain sector favors the more secure and robust SLH-DSA hash-based signature. Both schemes have their respective advantages and disadvantages. The compatibility challenges of post-quantum algorithms with MPC and threshold signatures remain a key risk that the industry urgently needs to address.
According to Cointelegraph, the widespread adoption of AI is driving up the number of submissions to cryptocurrency industry bug bounty programs—but a flood of low-quality “AI spam” reports has also emerged, placing a heavy burden on protocol teams for triaging. Barry Plunkett, Co-CEO of Cosmos Labs, stated that submission volume to its platform surged 900% year-on-year, with 20–50 reports received daily; Kadan Stadelmann, CTO of Komodo Platform, likewise noted a marked rise in low-quality and false-positive reports, attributing the root cause primarily to AI’s drastic reduction in the cost of generating reports. Daniel Stenberg, creator of the open-source tool curl, has already shut down his bug bounty program outright due to being overwhelmed. In response, industry insiders recommend that teams deploy defensive AI systems to automatically triage reports and adopt stricter submission criteria—reducing the volume of invalid reports and ensuring genuine vulnerabilities receive timely attention.