- Above trends, beyond insights
- Posts
- When AI gets physical and security must stay agile
When AI gets physical and security must stay agile
This issue looks at the physical systems behind AI growth and the cryptographic readiness companies should start mapping now.
It’s been a while since we launched Above Trends, Beyond Insights. What began as an experiment in editorial positioning has gradually become a method: looking past headlines to understand how technology actually behaves inside organisations.
AI is running into the real world
For a while, artificial intelligence has been described as if it were almost weightless: a layer of software that could be scaled, replicated and deployed wherever demand appeared.
The current data center race is proving the opposite. AI needs land, power, water, cooling systems, construction permits, transmission capacity and specialised labour. A new model may be released in weeks, but the infrastructure required to train and serve it can take years to build. This gap is becoming one of the most important constraints in the AI economy.
In California’s Imperial Valley, a proposed AI data center has triggered a dispute over access to Colorado River water, with the developer requesting hundreds of millions of gallons and local authorities pushing back.
In Connecticut, several towns have already introduced moratoriums or bans on data centers, even before specific projects are formally proposed, because of concerns over electricity use, noise, land consumption and limited local benefits.
At the same time, the sector is facing a shortage of the blue-collar expertise needed to build and connect this infrastructure: electricians, line workers, power engineers, HVAC specialists and construction teams are becoming part of the AI bottleneck.
This changes how companies should read the AI opportunity. Choosing an AI platform is also a question of where the workload runs, how exposed it is to energy prices, whether capacity will remain available, how sustainable the underlying infrastructure is, and how much dependency the organisation is creating on a small number of providers and locations. A customer service chatbot and an industrial computer vision system do not create the same infrastructure pressure; a short internal pilot and a production-scale AI service do not carry the same operational exposure.
The useful lesson is that AI roadmaps need an infrastructure reality check before they become strategic commitments. Workloads should be classified by criticality, latency, data sensitivity and compute intensity. Vendor assessments should include capacity, energy strategy, regional availability, exit options and sustainability evidence. Finance teams should look beyond subscription pricing and model inference costs to include volatility in power, data transfer, specialised hardware and migration. The more AI becomes embedded in core operations, the less it can be treated as a flexible experiment running somewhere in the cloud.
TREND TRACKER
Crypto-agility: security designed to change
Crypto-agility is the ability of an organisation to update cryptographic algorithms, protocols, certificates and libraries without redesigning entire systems.
It is becoming increasingly relevant as companies prepare for the transition to post-quantum cryptography: cryptographic migration will be slow, but complex and deeply connected to legacy systems, suppliers, cloud services and long-lived data. Future-proof security will depend on the ability to change encryption when standards, threats or regulations evolve.
Want to learn more?
QUICK INSIGHT
Build a first crypto-agility inventory
Post-quantum migration will not be solved by replacing one algorithm with another at the last minute. The first useful step is visibility: knowing where cryptography actually lives across systems, vendors, products and processes.
Map exposed algorithms. Identify where RSA, ECC, ECDSA, ECDH and other quantum-vulnerable algorithms are used across applications, infrastructure, certificates, VPNs, APIs, identity systems and connected products.
Prioritise long-lived data. Flag the datasets that must remain confidential for many years, such as financial records, health data, intellectual property, legal documents, industrial designs or strategic archives.
Identify cryptographic owners. Assign responsibility for each cryptographic dependency: internal team, software vendor, cloud provider, security supplier, application owner or infrastructure partner.
Separate replaceable from hard-coded. Check whether algorithms and libraries can be changed through configuration, policy or provider updates, or whether they are embedded directly in application code or legacy systems.
Review vendor readiness. Ask critical suppliers for their post-quantum roadmap, supported standards, migration timeline, testing approach and compatibility constraints.
Create a migration heat map. Rank systems by exposure, business criticality, data sensitivity, vendor dependency and expected replacement effort.
Add crypto-agility to future architecture reviews. New software, cloud services and digital products should be assessed not only for security today, but for how easily their cryptography can evolve tomorrow.
WHO IS BABINI MAZZARI
Our Value Proposition
Babini Mazzari is the strategic IT partner for European companies looking to navigate digital transformation in a structured, pragmatic, and sustainable way.
We don’t just deliver technical solutions - we work as an extension of your internal team, helping you integrate systems, optimize processes, and lead change with clarity and competence.
Our approach is built on listening, transparency, and a strong results-driven culture. Whether you're scaling, modernizing, or rethinking your operating model, we support every client with the right tools, clear methodology, and long-term vision.
Above Technology. Beyond Solutions.
📎 [Our services]
📎 [Our Manifesto]