Spun out from Google last March, SandboxAQ is a fascinating, well-funded start-up targeting the intersection of AI and quantum technology. “As the world enters the third quantum revolution, AI + Quantum software will address significant business and scientific challenges,” is the company’s broad self-described mission. Part software company, part investor, SandboxAQ foresees a blended classical computing-quantum computing landscape with AI infused throughout.
Its developing product portfolio comprises enterprise software for assessing and managing cryptography/data security in the so-called post-quantum era. NIST, of course, released its first official post-quantum algorithms in July and SandboxAQ is one of 12 companies selected to participate in its new project – Migration to Post Quantum Cryptography – to build and commercialize tools. SandboxAQ’s AQ Analyzer product, says the company, is already available and being used by a few marquee customers.
Then there’s SandboxAQ’s Strategic Investment Program, announced in August, which acquires or invests in technology companies of interest. So far, it has acquired one company (Cryptosense) and invested in two others (evolutionQ, and Qunnect).
Last week, HPCwire talked with SandboxAQ CEO Jack Hidary about the company’s products and strategy. One has the sense that SandboxAQ’s aspirations are broad, and with nine figure funding, it has the wherewithal to pivot or expand. The A in the name stands for AI and the Q stands for quantum. One area not on the current agenda: building a quantum computer.
“We want to sit above that layer. All these [qubit] technologies – ion trap, and NV center (nitrogen vacancy center), neutral atoms, superconducting, photonic – are very interesting and we encourage and mentor a lot of these companies who are quantum computing hardware companies. But we are not going to be building one because we really see our value as a layer on top of those computing [blocks],” said Hidary. Google, of course, has another group working on quantum hardware.
Hidary joined Google in 2016 as Sandbox group director. A self-described serial entrepreneur, Hidary’s varied experience includes founding EarthWeb, being a trustee of the XPrize Foundation, and running for Mayor in New York City in 2013. While at Google Sandbox, he wrote a textbook – Quantum Computing: An Applied Approach.
“I was recruited in to start a new division to focus on the use of AI and ultimately also quantum in solving really hard problems in the world. We realized that we needed to be multi-platform and focus on all the clouds and to do [other] kinds of stuff so we ended up spinning out earlier this year,” said Hidary.
“Eric Schmidt joined us about three and a half years ago as he wrapped up his chairmanship at Alphabet (Google parent company). He got really into what we’re doing, looking at the impact that scaled computation can have both on the AI side and the quantum side. He became chairman of SandboxAQ. I became CEO. We’ve other backers like Marc Benioff from Salesforce and T. Rowe Price and Guggenheim, who are very long-term investors. What you’ll notice here that’s interesting is we don’t have short-term VCs. We have really long term investors who are here for 10 to 15 years.”
The immediate focus is on post quantum cryptography tools delivered mostly by a SaaS model. By now we’re all familiar with the threat that fault-tolerant quantum computers will be able to crack conventionally encrypted (RSA) data using Shor’s algorithm. While fault-tolerant quantum computers are still many years away, the National Institute of Standards and Technology (NIST) and others, including SandboxAQ, have warned against Store Now/Decrypt Later attacks. (See HPCwire article, The Race to Ensure Post Quantum Data Security).
“What adversaries are doing now is siphoning off information over VPNs. They’re not cracking into your network. They’re just doing it over VPNs, siphoning that information. They can’t read it today, because it’s RSA protected, but they’ll store it and read it in a number of years when they can,” he said. “The good news is you don’t have to scrap your hardware. You could just upgrade the software. But that’s still a monumental challenge. As you can imagine, for all the datacenters and the high-performance computing centers this is a non-trivial operation to do all that.”
A big part of the problem is simply finding where encryption code is in existing infrastructure. That, in turn, has prompted calls for what is being called crypto-agility – a comprehensive yet modular approach that allows easy swapping in-and-out cryptography code.
“We want crypto-agility, and what we find is large corporations, large organizations, and large governments don’t have crypto-agility. What we’re hoping is to develop tools to implement this idea. For example, as a first step to crypto-agility, we’re trying to see if people even have an MRI (discovery metaphor) machine for use on their own cybersecurity, and they really don’t when it comes to encryption. There’s no diagnostic tools that these companies are using to find where their [encryption] footprint is or if they are encrypting everything appropriately. Maybe some stuff is not even being encrypted,” said Hidary, who favors the MRI metaphor for a discovery tool.
No doubt, the need to modernize encryption/decryption methods and tools represents a huge problem and a huge market.
Without getting into technical details, Hidary said SandboxAQ is leveraging technology from its recent Cryptosense acquisition and internally developed technologies to develop a product portfolio planned to broadly encompass cryptography assessment, deployment and management. Its core current product is AQ Analyzer.
The idea, says Hidary returning to the MRI metaphor, “is to take an MRI scan of inside the organization – on-premise, cloud, private cloud, and so forth – and this feeds into compliance vulnerabilities and post-quantum analysis. It’s not just a quantum thing. It’s about your general vulnerabilities on encryption. Overall, it happens to be that post quantum is helped by this, but this is a bigger issue. Then that feeds into your general sysops, network ops, and management tools that you’re using.”
AQ Analyzer, he says, is enterprise software that starts the process for organizations to become crypto-agile. It’s now being used at large banks and telcos, and also by Mount Sinai Hospital. Healthcare – replete with sensitive information – is another early target for SandboxAQ. Long-term the idea is for Sandbox software tools to be able to automate much of the crypto management process from assessment to deployment through ongoing monitoring and management.
“That’s the whole crypto-agility ballgame,” says Hidary.
The business model, says Hidary, is carbon copy of Salesforce.com’s SaaS model. Broadly, SandboxAQ uses a three-prong go-to-market via direct sales, global systems integrators – in May it began programs with Ernst & Young (EY) and Deloitte – and strategic partners/resellers. Vodafone and SoftBank are among the latter. Even though these are still early days for SandboxAQ as an independent entity, it’s moving fast, having benefitted from years of development inside Google. AQ Analyzer, said Hidary, is in general availability.
“We’re doing extremely well in banks and financial institutions. They’re typically early adopters of cybersecurity because of the regulatory and compliance environment, and the trust they have with their customers,” said Hidary.
Looking at near-term milestones, he said, “We’d like to see a more global footprint of banks. We’ll be back in Europe soon now that we have Cryptosense (UK and Paris-based), and we have a local strong team in Europe. We’ve had a lot of traction in the U.S. and the Canadian markets. So that’s one key milestone over the next 18 months or so. Second, we’d like to see [more adoption] into healthcare and telcos. We have Vodafone and Softbank mobile, on the telco side. We have Mount Sinai, we’d like to see if that can be extended into additional players in those two spaces. The fourth vertical we’ll probably go into is the energy grid. These are all critical infrastructure pieces of our society – the financial structure of our society, energy, healthcare and the medical centers, the telecommunications grid.”
While SandboxAQ’s AQ Analyzer is the company’s first offering, it’s worth noting that the company aggressively looking for niches it can serve. For example, the company is keeping close tab on efforts to build a quantum internet.
“There’s going to be a parallel quantum coherent internet to connect for distributed quantum computing,” said Hidary. “So nothing to do with cyber at all.”
“Our vision of the future that we share with I think everyone in the industry is that quantum does not take over classical,” said Hidary. “It’s a mesh, a hybridization of CPU, GPU and quantum processing units. And the program, the code, in Python for example: part of it runs on CPUs, part of it on GPUs, and then yes, part of it will run on a QPU. In that mesh, you’d want to have access both to the traditional Internet TCP IP today, but you also want to be able to connect over a quantum coherence intranet. So that’s Qunnect.”
Qunnect, of course, is one of the companies SandboxAQ has invested in and it is working on hardware (quantum memory and repeaters) to enable a quantum internet. Like dealing with post quantum cryptography, outfitting the quantum internet is likely to be as huge business. Looking at SandboxAQ, just seven months after being spun out from Google, the scope of its ambitions is hard to pin down.