dillenberg.net

▸ 7 min read

The next twelve months. An outlook.

Revised edition, May 2026. Three months closer to August 2.

Everyone is talking about model sizes, benchmarks, the next GPT. Wrong variables. What decides 2026 is called Sovereign Continuity: local, decentralized, PQC-ready. Security and cryptography are no longer recommendations. They are the architecture.

The AI plateau holds

The big leaps in language models are over. GPT-6 will be better, but not exciting. Benchmarks are saturated. Whoever doesn’t see the plateau sees nothing.

The market is shifting away from “who has the biggest model” toward “who integrates cleanly.” Agents with domain knowledge. Workflows. Clean data. Research Nester reckons with 40% annual growth in the agent market — from 8.6 billion in 2025 to 263 billion in 2035. That’s the number left over once you subtract the LLM hype.

In parallel, the second wave: world models, physical AI, humanoid robotics. Three to five years. But the capital allocation is already shifting now.

Sovereign Continuity — the bracket

In April I wrote about sovereignty as a word that decision-makers are using again. Six months later it has turned into a stack I am building myself. The thesis has condensed:

Cloud only for compute load. Never for identity, trust, or control.

This is not theory. This is the architecture that remains once you add up the risks I describe further down. Whoever puts identity into someone else’s data centers loses it. Whoever outsources trust anchors no longer controls their supply chain. Whoever doesn’t hold their own logs has no evidence.

Concretely, that means five layers:

  • Local action. Agents run on-prem or at the edge. Inference where the data is.
  • Orchestration with per-agent permissions. No global root scope. Each agent gets only what it needs.
  • Identity and trust decentralized. Verifiable credentials, ActivityPub, your own keys. Not LinkedIn as identity provider.
  • Append-only logs, PQC-signed. Who did what when must be provable — even in ten years, even after quantum.
  • Consumer endpoint as companion, not as cloud front end. Voice, app, interface local.

This sounds laborious. It is. But every single layer solves a problem that becomes expensive over the next twelve months.

Security — no longer a recommendation, now a minimum standard

In April my first recommendation was: ramp up security. That still stands. But the tone has changed. We’re no longer in the phase where you explain to companies why. We’re in the phase where August 2 arrives in three months and the desk is still empty.

The attack surface, measured by what I’ve seen in practice since April:

  • Prompt injection is no longer a textbook example. In January I responsibly disclosed a vulnerability in the BA chatbot (BSI ticket CERT-Bund#2026010628001261). Multimodal injection via images is an active research strand — Gemma 4 E2B shows where this is heading. Every agent that consumes content from the internet is potentially remote-controlled.
  • Autonomous agents without a review layer are the invisible debt of the AI wave. Who may do what, who logs, who stops — these three questions go unanswered in most setups. We’re building this into AgentClaw with exponential backoff per agent turn and granular per-agent permissions. It’s doable. It just hardly ever happens.
  • Deepfakes in phone calls, video, email. 91% of all AI watermarks can be removed at near-lossless quality — proven in March 2026. From August 2026, those exact watermarks become mandatory by EU regulation. A regulatory fantasy world.
  • NIS2 becomes binding for more than 30,000 German companies from August 2, 2026. Managing-director liability. Fines up to 10 million euros or 2% of global revenue.

What has to be in place by August 2: zero trust for agents. Segmented permissions. Four-eyes principle for actions with external effect. Staff training against voice and video deepfakes. Incident response, rehearsed, not in PowerPoint. Logs that someone reads.

Three months. That isn’t enough for everything. But enough for the essentials.

Post-quantum — no longer homework, now built in

In April I recommended PQC as preparation. Today I put it differently: Whoever builds PQC-ready in 2026 has a head start. Whoever doesn’t is building legacy debt.

In March 2026, Google Quantum AI showed that the number of qubits needed for an ECC attack can be reduced by a factor of 20. That shifts the risk curve. “10 to 15 years” is no longer the only conceivable path. And the attacker model is still called “harvest now, decrypt later” — every bit of traffic captured today is a problem tomorrow.

NIST has the standards: ML-KEM for key exchange, ML-DSA and SLH-DSA for signatures. The BSI explicitly recommends getting started. Hybrid TLS schemes are rolled out.

What I’m doing today, instead of just recommending:

  • logpy is append-only and PQC-signed. The library grows out of the need while building, not out of a marketing roadmap.
  • OpenNet is built with ML-DSA against verifiable credentials from the start. PQC isn’t phase 3, it’s phase 1.
  • The swarm of local agents communicates over channels that are hybrid-signed.

What companies should do in 2026:

  • Crypto inventory. Where is what encrypted? Which algorithms, key lengths, certificates? Most don’t know.
  • Crypto agility. Hard-wired RSA spots are the time bombs.
  • Hybrid schemes. Classical + PQ in parallel.
  • Supply chain. Ask PKI providers, HSM manufacturers, cloud providers for their PQ roadmaps. Whoever has none is the roadmap.

Germany and the EU — August 2 stays

On August 2, 2026, the EU AI Act becomes binding for high-risk systems and GPAI. NIS2 in parallel. The watermark obligation in parallel. Three construction sites, one date.

In April, 15 business associations demanded a deadline extension. The Digital Omnibus is meant to soften whatever it can. It’s an ugly battle between Brussels ambition and industrial reality. My gut feeling: there will be partial postponements, but not a postponement of the core. Whoever waits for a reprieve is planning against probability.

SOOFI with 20 million in funding against US hyperscalers who burn that per quarter — sovereignty theater. The Cloud and AI Development Act comes at the earliest in late May, postponed for the second time.

What actually works is not “European governance on global infrastructure.” That was my April position. Today, sharper: what works is what runs locally, is distributed decentrally, and was set up PQC-ready. Everything else is a stopgap.

Wildcards, re-sorted

  • Major AI security incident. Still 60%. I’ve seen two critical vulnerabilities myself since January. The first visible damage to critical infrastructure is a matter of months, not years.
  • Cryptographic breakthrough. Raised from 10 to 15%. Google Quantum AI shifted the risk curve. Whoever is prepared buys time. Whoever isn’t has weeks of chaos.
  • EU rollback on AI Act / NIS2. At 35%. Industry pressure works, but not everywhere.
  • AGI claim from some lab. 50%, limited impact. The community has grown skeptical.
  • China-Taiwan escalates. 15-20%. TSMC outage, semiconductor supply collapses.

What all of this means

We’re not experiencing a collapse. We’re experiencing the end of AI euphoria and, at the same time, the sharpening of all the underlying risks. No Lehman moment. A grinding, structural shift.

Away from the illusion that AI will solve everything in twelve months. Toward the realization that integration, security, and cryptographic homework decide success or failure — and that these three points belong together. They are not a list. They are an architecture. And it has a name.

Three recommendations, sharper than in April

1. Think of Sovereign Continuity as architecture. Not security plus crypto plus integration as three projects. One line: local, decentralized, PQC-ready. Cloud only for compute load. Whoever sees this through solves NIS2, post-quantum, and AI integration with a single answer.

2. Set up NIS2 operationally by August 2. Don’t explain it, implement it. Pentest as a process, not as an event. Logs that get read. Playbooks that are rehearsed. Three months is short, but enough for the essentials.

3. Don’t prepare PQC, build it in. Hybrid-sign new developments from today. Crypto inventory in Q3. Vet the supply chain in Q4. Whoever starts in 2028 is in panic.

The wind is blowing. It always has. The question is who builds.

If you’re working on one of these points — Sovereign Continuity, NIS2, PQC — and looking for a sparring partner who doesn’t just draw slides but builds the architecture: [email protected]

#Ausblick2026 #SovereignContinuity #PostQuantum #NIS2 #AIAct

▸ comments

Heads up: I live in Germany, just outside Düsseldorf — so everything here is written from that vantage point. It’s my perspective, not a universal one.

▸ comment on this articleSign in or create a free account to join the conversation.Create account

Leave a Reply