Tetrel is proud to sponsor the 2026 Open Compute Project Canada Tech Day. This is another opportunity for us to contribute to the Open Compute Project (OCP) community. The event is much smaller than the OCP Global Summit (held in San Jose in October), and provides a more intimate setting focused on Canadian progress and ideas in the realms of data centres, quantum computing, AI, and the vital supply chains that underpin these themes. In preparing to attend this conference, we have made an effort to collect some thoughts.
Looming Threats of Quantum and AI
Almost all digital security relies on a foundation of cryptography. The vast majority of our communication protocols rely on asymmetric cryptography algorithms and it is these that are vulnerable to quantum computers. Using Shor’s algorithm, a quantum computer can drastically speed up the hard mathematical problems on which our classical algorithms are based. Experts are in agreement that cryptographically relevant quantum computers (CRQC) are just around the corner. Adversaries are already harvesting ciphertext so they can decrypt it later using the “harvest now, decrypt later” (HNDL) strategy.
In parallel, AI and LLM capabilities are being developed and deployed with reckless abandon. These new automation capabilities are quickly lowering the barriers to entry for attackers. Until now, exploit development up until now relied on niche expertise involved time-consuming efforts. Like much of software development, AI agents are automating a great deal of this effort, allowing vulnerabilities to be discovered and exploited at a scale we have never seen before. Already public bug-bounty programs are being discontinued due to the surge of vulnerability submissions overwhelming them. Bugs are now cheap. For every vulnerability reported to the vendor, how many more are discovered but not reported? The bill for decades of technical security debt is now past due.
Shifting Political Environment
The political assumptions of recent decades are shifting. International dependency is suddenly being perceived as a weakness. The Canadian Sovereign AI Compute Strategy, like similar efforts in the EU and elsewhere, are focused on reducing dependency on US and foreign service providers. There are currently 96 new 100MW+ data centres being constructed in Canada, as well as hundreds of additional, smaller projects. These endeavours must incorporate security foundations from day zero if they are to achieve their resiliency goals.
A Path Forward
Post-quantum cryptographic (PQC) algorithms are now standardized by NIST and other equivalent bodies around the world. Implementations are available in most major cryptographic libraries. All of the major software vendors and cloud operators are deploying PQC with urgency. So should you.
Integrating LLM-based automation to work alongside your existing development processes needs to be on your immediate roadmap. Adopting the same techniques and tools that attackers use against your systems and products was always important, but it’s never been more important. You can no longer afford to be behind the attacker in this capability.
Large cloud providers have already undertaken significant efforts to wrangle their hardware supply chain security. Building sovereign capability securely doesn’t require reinventing the wheel. The efforts that large incumbents have undertaken are accessible even to the smallest of cloud operators because vendors are already building to these standards today.
- OCP S.A.F.E. is an assessment framework that seeks to help vendors proactively find and remediate vulnerabilities in their products before they are deployed by customers. It allows cloud providers to have independent assurance that products they are purchasing have been evaluated by trusted security labs like Tetrel. Tetrel staff helped to define the OCP S.A.F.E. program and we are the only Canadian security review provider.
- IEC-62443 is an international standard that defines security requirements for facility-level operational technologies. Adopting this for your data centre will help standardize the security properties of your power, cooling, and building management systems. If you are building components for this ecosystem, Tetrel can help you demonstrate compliance with this standard, and document the required artefacts to satisfy your security demanding customers, be they large or small.
- The EU Cyber Resiliency Act (CRA) (CRA) shares many elements in common with IEC-62443 and OCP S.A.F.E.. Reporting obligations for all new products shipped to the EU begins in September 2026. For the most cost-effective results, compliance with CRA should be executed in parallel with other supply chain security frameworks and standards to realize the natural efficiencies.
Tetrel is uniquely positioned to assist with all three of these. For more information, find our people at the OCP event in Montreal, or reach out through the Contact link, and we will happily begin the discussion.