WD adds post-quantum cryptography to Ultrastar hard drives for AI data infrastructure

WD has integrated post-quantum cryptography into its newest high-capacity Ultrastar UltraSMR hard disk drives, adding quantum-resistant protections to enterprise storage hardware used in long-lived AI data systems.

The drives are currently in qualification with multiple hyperscale customers. WD said the implementation introduces PQC-ready secure boot and firmware protection, using NIST-approved quantum-resistant algorithms to strengthen device-level trust.

Protecting AI data over longer lifecycles

The announcement addresses a security challenge created by AI infrastructure that generates and retains large volumes of data across training runs, inference activity, and system interactions. WD said this accumulated data may remain valuable over long periods, making storage security a longer-term infrastructure requirement rather than a short-term operational concern.

The company pointed to “harvest now, decrypt later” attacks as a present-day risk. In such attacks, adversaries collect encrypted or signed data today with the aim of decrypting it or forging security signatures when quantum computing capabilities mature.

Enterprise storage infrastructure also tends to remain in service for five years or longer, according to WD. That service window may overlap with the emergence of cryptographically relevant quantum computers, widening the exposure for organisations that rely on existing cryptographic protections.

“As AI data compounds and becomes more valuable and long-lived, securing it for the future is no longer optional. Quantum computing represents one of the most significant technology transitions of our time, and it is advancing faster than many organisations anticipate. The security architectures that have protected enterprise storage for more than a decade will need to evolve,” said Dr. Xiaodong (Carl) Che, Chief Technology Officer and Senior Vice President at WD. “Integrating post-quantum cryptography into our Ultrastar enterprise-class drives is part of our commitment to helping customers stay ahead of threats that are already present in the form of HNDL attacks. By aligning with NIST standards and CNSA 2.0 today, we are helping enterprises build a clear, low-friction path to quantum-safe storage infrastructure.”

Firmware becomes part of the security model

WD’s PQC implementation is being introduced on the Ultrastar DC HC6100 UltraSMR. The company said it is designed to help protect device trust chains from manufacturing through field service, with the focus on firmware integrity and key management rather than data-at-rest encryption.

That distinction is important because firmware-level compromise can affect the trust model of the drive itself. WD said a quantum-enabled adversary could potentially forge digital signatures on firmware updates, allowing malicious code to appear authentic and compromising drive security.

The implementation uses ML-DSA-87, based on NIST FIPS 204, for high-assurance code signing. WD is also using dual-signing with RSA-3072, combining existing and quantum-resistant cryptographic standards to support security during the transition period.

Deployment without disrupting storage fleets

WD said the supporting architecture includes PQC-capable public key infrastructure and hardware security module workflows for key issuance, rotation, and lifecycle management.

The company is also using dual-signing and rollback safeguards to support deployment across diverse storage fleets without disrupting current operations. This is intended to help customers adopt quantum-resistant protections while maintaining compatibility with existing infrastructure.

WD expects to expand PQC capabilities across additional enterprise hard drive product lines over time. For now, the Ultrastar implementation gives the company a hardware-level entry point for quantum-resistant storage security, centred on secure boot, firmware protection, and device trust.