AI coding assistants may be quietly degrading the security of post-quantum cryptography implementations, according to new academic research.
Researchers have identified what they call "Secure Coding Drift" — a gradual erosion of secure coding practices that sets in when developers rely heavily on LLM-generated code for cryptographic work. The paper focuses on post-quantum cryptography (PQC), the family of algorithms designed to resist attacks from quantum computers, which demands unusually strict implementation requirements: constant-time execution, side-channel resistance, and precise parameter handling. The authors argue that LLMs frequently get these details wrong, and that the bigger problem is longitudinal — the more developers outsource to AI, the more their own vigilance atrophies.
That framing matters because most prior research treats AI-generated security flaws as a static problem: bad code, find it, fix it. This paper treats it as a behavioral one, which is harder to patch. Post-quantum standards are only just being finalized and deployed widely, meaning the habits developers form now will shape the security of systems that need to last decades — not a great moment for a slow-motion skills slide.
The proposed fix is a gamified coding framework that turns LLMs into "security co-pilots" by embedding adversarial evaluation and scoring into the development loop — essentially using AI to police AI. Whether gamification can meaningfully counter institutional pressure to ship fast is a question the paper does not fully answer.