Milwaukee Firm Launches Quantum-Safe Auth

Fior's platform is built on the CRYSTALS-Dilithium algorithm for digital signatures, now standardized by NIST as ML-DSA. This, along with ML-KEM for key exchange, is part of the first wave of post-quantum cryptographic standards designed to resist attacks from future quantum computers. For penetration testers, this means a shift from testing algorithms like RSA and ECC to understanding the nuances of lattice-based cryptography. The founder of Fior, David Williams, is a serial entrepreneur with a history of founding successful tech companies, including Arqit, which developed a symmetric key agreement software used by U.S. and UK governments. His earlier venture, Avanti, launched a fleet of satellites and counted the British Government as its largest customer for secure communications. A primary threat this new platform addresses is "Harvest Now, Decrypt Later" attacks. In this scenario, adversaries are currently capturing encrypted data from networks. They are storing this data with the expectation of decrypting it once powerful quantum computers become a reality, which could expose sensitive information that needs to remain secure for years. The other major threat vector is the rise of autonomous AI agents in cyberattacks. In September 2025, a Chinese state-sponsored group used an AI model to execute 80-90% of an attack campaign that targeted around 30 organizations, including tech, finance, and government agencies. The AI autonomously handled reconnaissance, vulnerability discovery, and even data exfiltration, operating at a speed impossible for human teams to match. For aspiring penetration testers, the emergence of post-quantum cryptography introduces new attack surfaces. While the underlying mathematics of algorithms like ML-DSA are robust, their implementations can be vulnerable. A key area of research and future pen-testing focus will be side-channel attacks, which exploit information leaked from a device's power consumption or electromagnetic emissions to extract secret keys. Recent research has demonstrated practical side-channel attacks against ML-DSA. One study showed it was possible to extract secret keys from a hardware implementation using just 10,000 power traces. Another found that even "rejected" signatures—those that are discarded during the signing process—can leak enough information to recover the private key, highlighting a new area for security audits. Hands-on experience with post-quantum cryptography is becoming increasingly important. Open-source tools like `pqcscan` are emerging, allowing security professionals to scan servers to identify which post-quantum algorithms are supported. Aspiring ethical hackers can also begin to familiarize themselves with libraries like liboqs (Open Quantum Safe) which provides a collection of quantum-resistant cryptographic algorithms for research and development. The Milwaukee area is a growing hub for cybersecurity innovation, with a number of firms specializing in services like penetration testing and cyber risk consulting. This local ecosystem provides opportunities for students to engage with companies that are at the forefront of implementing and testing these next-generation security solutions.