For more than a century, crime and forensic science evolved in a delicate balance. Every technological innovation that empowered criminals eventually produced a corresponding investigative capability for law enforcement. Fingerprints connected suspects to crime scenes. DNA tests transformed homicide investigations. Digital logs, metadata, cryptographic signatures, and electronic records became the evidentiary backbone of modern cybercrime prosecutions.

Artificial intelligence (AI) and quantum computing threaten to disrupt that equilibrium. What is emerging is not simply a future with more cybercrime. Rather, experts warn of a future in which attribution becomes uncertain, evidence becomes contestable, identities become synthetic, and the legal foundations upon which criminal prosecutions depend begin to erode. The danger is therefore not merely operational but institutional. Technology is advancing toward a point where it may outpace the state's ability to establish truth itself.

The warning comes amid an already accelerating migration of crime into cyberspace. According to data cited in the State Bank of India's June 2026 Ecowrap report, cybercrime cases increased by 17% in 2024, crossing the one-lakh mark annually, even as overall cognizable crimes declined by 6%. Yet those figures may only represent the visible edge of a much larger transformation. The more troubling reality is that future cybercrimes may increasingly evade attribution altogether or become extraordinarily difficult to prove in court.

AI Driving Disruption 

According to the Data Security Council of India (DSCI) and Boston Consulting Group report, “Cybersecurity in the Age of AI: Building a Synchronous BFSI Enterprise,” the average window between the disclosure of a software vulnerability and its exploitation has collapsed from 745 days in 2020 to just 44 days in 2025. At the same time, the cost of launching sophisticated cyberattacks has fallen by more than 70% as AI systems automate reconnaissance, vulnerability discovery, phishing campaigns, malware generation, and operational planning.

"AI has rewritten the economics and compressed the window of cyber attacks. The time to exploit has collapsed by more than 90%, and the cost of mounting a sophisticated attack has fallen by over 70%," said Nisha Bachani, Managing Director and Partner at Boston Consulting Group. "However, defender cycles are still catching up."

That imbalance has consequences extending far beyond network security. Modern criminal investigations depend on time. Investigators need opportunities to collect logs, reconstruct timelines, preserve evidence and establish intent. AI-powered attacks increasingly compress those windows to such an extent that evidence may be manipulated, encrypted, fragmented across multiple jurisdictions or erased before investigators even become aware an intrusion has occurred.

More fundamentally, AI is beginning to challenge one of the oldest assumptions in criminal investigation — that every crime leaves a trace.

A Convergence Most Foul

Machine-learning systems can continuously modify malicious code, generate unique attack signatures for every victim, rotate infrastructure in real time, and create synthetic identities at an unprecedented scale. The result is a fragmented forensic landscape in which the distinction between attacker, tool and autonomous agent becomes increasingly blurred. Courts prosecute people, not algorithms. Yet as cyber operations become progressively autonomous, determining who ultimately exercises control over a malicious act becomes far more complicated.

The challenge deepens further when AI intersects with quantum computing.

The convergence of quantum computing and artificial intelligence is poised to fundamentally disrupt the architecture of cybercrime detection and prosecution. “Quantum computing threatens to render current cryptographic protections obsolete, exposing encrypted evidence and communications while simultaneously enabling adversaries to operate behind quantum-resistant shields that investigators cannot penetrate. When paired with AI systems capable of autonomous, adaptive, and self-obfuscating attacks, the result is a category of cybercrime that mutates faster than forensic techniques can adapt, conceals its own provenance, and dissolves the digital trail on which attribution and prosecution depend,” said cyber law expert Pavan Duggal.

“Detection becomes harder because the offence may leave no stable signature; prosecution becomes harder because establishing identity, intent, and a chain of causation - being the bedrock of criminal liability - grows increasingly tenuous when an autonomous agent, rather than an identifiable human, is the proximate actor.”

India's existing legal framework is not adequately equipped for this shift. The Information Technology Act, 2000, conceived in a pre-AI, pre-quantum era, lacks the conceptual vocabulary to address machine-driven offences, algorithmic attribution, and quantum-enabled evidentiary challenges. 

“Our procedural and evidentiary law presumes a human perpetrator and stable digital evidence, assumptions that quantum and AI capabilities steadily erode. There is an urgent need to evolve a dedicated legal and regulatory architecture: one that addresses agentic AI liability, mandates quantum-resilient security standards, modernises rules of digital evidence, and builds the institutional and forensic capacity to keep pace. Without such reform, the law risks remaining a step behind the technologies it must govern, leaving both detection and prosecution increasingly difficult in the years ahead,” said Duggal.

Pushpendra Bharambe, Partner, Cyber Security at Nangia Global, describes the convergence of AI and quantum computing as a rapidly emerging "adversarial toolkit," capable of overwhelming existing defensive and investigative mechanisms.

"Quantum computing and AI are converging into a powerful adversarial toolkit that threatens to outpace current defences," Bharambe said. "Nation states and cybercriminals are already conducting 'harvest now, decrypt later' campaigns, collecting encrypted data today with the intention of decrypting it once quantum capabilities mature. At the same time, AI is accelerating the cyber threat landscape by automating reconnaissance, phishing, malware development and ransomware operations, while enabling autonomous systems that can adapt and respond much like human attackers."

His warning reflects a broader shift underway in cyberspace. Historically, cybercriminals were constrained by the same limitations confronting investigators: manpower, expertise and time. AI is steadily removing those constraints. Attack campaigns that once required teams of specialists can increasingly be launched, modified, and scaled through autonomous systems operating at machine speed.

The Liar’s Dividend

If AI threatens attribution, it also threatens the integrity of evidence itself. Generative AI can now create highly convincing audio recordings, videos, photographs, emails, and documents. While public debate has focused largely on misinformation and political manipulation, the implications for criminal justice may prove even more profound.

For decades, digital evidence has served as a cornerstone of modern prosecutions. Yet in a world where voices can be cloned, videos fabricated and identities simulated, every piece of digital evidence risks becoming vulnerable to challenge. The danger is not merely that false evidence can be created. It is that genuine evidence can be dismissed as fake.

Legal scholars increasingly refer to this phenomenon as the "liar's dividend" — the ability of guilty actors to deny authentic evidence by claiming it was generated through artificial intelligence. As synthetic media becomes increasingly sophisticated, courts may find themselves confronting a future in which proving authenticity becomes almost as difficult as proving guilt.

Quantum computing introduces an even deeper challenge. A joint white paper by CERT-In and SISA, Transitioning to Quantum Cyber Readiness, warns that the eventual arrival of Cryptographically Relevant Quantum Computers could render many contemporary encryption systems obsolete. Through algorithms such as Shor's, sufficiently powerful quantum machines could theoretically break widely used public-key cryptographic systems, including RSA and Elliptic Curve Cryptography, which currently secure financial transactions, authentication frameworks, digital signatures, and government communications.

Implications For Law Enforcement

The implications for law enforcement are profound. Modern cybercrime prosecutions rely heavily on the legal principle of non-repudiation — the ability to demonstrate conclusively that a particular individual initiated a specific digital action. Digital signatures, certificates, and authentication mechanisms form the evidentiary chain through which prosecutors establish responsibility. 

If those cryptographic foundations become vulnerable, the evidentiary chain itself becomes vulnerable.

A forged digital certificate, compromised authentication mechanism, or manipulated digital signature would not merely constitute a cybersecurity failure. It could undermine confidence in the authenticity of electronic records presented before courts. Prosecutors may increasingly struggle to prove that a specific transaction, communication or cyber operation originated from a particular actor.

Adversaries With Encrypted Data

The challenge is amplified by "Harvest Now, Decrypt Later" strategies. Adversaries are already accumulating encrypted data with the expectation that future quantum capabilities will eventually allow them to decrypt it. By the time such information becomes accessible, investigative timelines may have expired, logs may have disappeared and evidentiary trails may have been irretrievably lost.

In such circumstances, the central question may no longer be whether a cybercrime occurred. It may be whether responsibility can still be assigned.

The legal system remains ill-prepared for that reality. Cyberlaw expert and Supreme Court advocate Karnnika A. Seth notes that while jurisdictions such as the European Union have enacted dedicated frameworks for artificial intelligence, India continues to rely largely on evolving regulations and judicial interpretation.

AI and quantum technologies, she argues, are already creating significant challenges for cybercrime prosecution through deepfakes, synthetic identities, and increasingly sophisticated forms of digital manipulation, forcing courts to stretch existing legal doctrines to address technologies lawmakers never anticipated.

The problem, however, is not merely legislative delay. It is conceptual. Traditional criminal law was built around identifiable human actors, demonstrable intent and relatively stable evidence. Artificial intelligence, autonomous systems, synthetic identities and quantum-era cryptographic risks challenge all three assumptions simultaneously.

Senior Advocate N. S. Nappinai has argued that India's cybercrime framework was struggling even before the arrival of AI and quantum technologies. Her call for a standalone and dynamic cybercrime statute reflects growing recognition that incremental legal adaptation may prove inadequate in the face of exponential technological change.

Regulatory Preparedness

Meanwhile, regulatory preparedness continues to lag behind technological capability. "Although legal and regulatory safeguards are emerging, they remain behind the pace of technological advancement," Bharambe said. "NIST's post-quantum cryptography standards and government mandates for quantum-safe systems provide an important foundation, but adoption across critical infrastructure and the private sector remains largely voluntary."

More importantly, existing legal frameworks were never designed to address autonomous AI-driven attacks or quantum-era cybercrime. The result is a widening gap between adversarial capabilities and institutional preparedness. That gap may become the defining cybersecurity challenge of the digital century.

Governments can invest in stronger firewalls, AI-powered threat detection systems and post-quantum cryptography. Such measures are necessary. Yet they address only part of the problem.

As Vinayak Godse, CEO of DSCI, observed, the future may require autonomous defence systems operating at machine speed against machine speed attacks. "The next frontier is autonomous defence," he said, where AI-driven detection and response mechanisms become capable of matching the pace of increasingly automated threats.

Yet even if technology succeeds in defending networks, a more fundamental question remains unresolved: can legal institutions evolve quickly enough to preserve accountability?

Because when digital identities become forgeable, when evidence becomes endlessly contestable, when attribution becomes probabilistic rather than conclusive and when cryptographic trust itself becomes vulnerable, cybersecurity ceases to be merely a technical challenge. It becomes a crisis of justice.

And once a state loses the ability to establish responsibility with confidence, it risks losing something more fundamental than cybersecurity itself — the ability to answer the question upon which every criminal prosecution ultimately depends: Who committed the crime?

(The writer is an economics analyst and journalist. Views expressed are personal.)