What specific vulnerabilities in quantum hardware implementations might attackers actually exploit today?

# Concrete Quantum Hardware Vulnerabilities Exploitable Today

Today's quantum computers—still small and noisy—face several real, demonstrated vulnerabilities that attackers can exploit *right now* in shared cloud environments:

Pulse-Level Circuit Attacks

The most direct threat comes from the gap between what programmers *think* they're telling a quantum computer to do and what actually happens at the hardware level [AG-2024.06-1682]. When users upload custom quantum gates, they specify them at a high level ("apply this gate"), but the hardware executes low-level *pulse sequences*—precise electromagnetic signals sent to qubits. Researchers have demonstrated seven attack types that exploit this mismatch: an attacker can steal qubits from other users' circuits ("qubit plunder"), block access to qubits, reorder them, or introduce timing, frequency, phase, and waveform mismatches [AG-2024.06-1682]. Most current quantum software development kits are vulnerable to these attacks.

Crosstalk Sabotage

In shared quantum computers, qubits sit close together and interfere with each other—a phenomenon called crosstalk. Adversaries can weaponize this: by carefully designing their own quantum circuits, they can deliberately create crosstalk that corrupts computations running on *nearby qubits belonging to other users* [AG-2024.02-1368]. Tomography studies of IBM Quantum hardware show crosstalk is a significant error source, making this a practical threat today [AG-2024.02-1368].

Information Leakage Through Readout Crosstalk

Modern quantum computers use frequency-multiplexing—stacking multiple qubits' readout signals on the same cable to save hardware—but this creates correlated measurement errors [AG-2024.05-2051]. An attacker can exploit these correlations to *predict the quantum state of a victim's qubits from their own measurement results*, leaking sensitive information [AG-2024.05-2051].

State Leakage via Imperfect Resets

When quantum algorithms run multiple times, the hardware must reset qubits to a known starting state between runs. However, real reset operations are noisy and imperfect, leaving traces of the previous computation in the qubit state [AG-2024.01-1977]. This "state leakage" can be exploited to infer what previous users computed on the same qubits. Researchers propose classical and quantum one-time pad defenses [AG-2024.01-1977].

Why This Matters Now

These aren't theoretical future risks—they're documented on actual IBM and other commercial quantum hardware today. The shared cloud model (the only way most people access quantum computers) makes them all viable because an attacker and victim run on the same physical device simultaneously.

Note: The provided preprints focus on near-term hardware vulnerabilities; they don't address the separate (and much longer-term) threat of quantum computers breaking modern encryption, which requires machines many orders of magnitude larger than exist today [AG-2024.01-2022].