Multi-Arm Bandit Sampling in Quantum Security

• The paper introduces a multi-arm bandit sampling strategy that dynamically allocates resources to high-impact data sources.
• It integrates multi-agent orchestration with formal risk assessment, achieving a 67% reduction in research time and a 42% increase in data coverage.
• The framework's modular design enables deployment on consumer-grade hardware, democratizing advanced quantum security research.

Quantigence: A Multi-Agent AI Framework for Quantum Security Research

Quantigence is a theory-driven, hierarchical multi-agent framework designed to automate and accelerate quantum-security research, particularly in the context of cryptographically relevant quantum computers (CRQCs) and their disruptive impact on public-key infrastructure and global digital security. Its architecture leverages specialized agent roles, advanced orchestration, external knowledge integration, and formal risk modeling to enable structured, context-pure analysis on resource-constrained platforms, while delivering empirical gains in research throughput and coverage (Alquwayfili, 15 Dec 2025).

1. Architectural Overview and Agent Roles

Quantigence instantiates five agent personas operating under a central Supervisor, each dedicated to a distinct analytical role. The architecture relies on "cognitive parallelism," ensuring that each agent reasons over its own prompt and context to prevent hypothesis cross-contamination. On commodity GPUs (e.g., NVIDIA RTX 2060 SUPER), execution is serialized: at any moment, only one agent's working set is present in VRAM, with context swapped and stored as needed, and each role isolated by system prompt and contextual subgraph.

Agent Roles:

• Supervisor (Orchestrator):
  • Builds a dependency graph of subtasks from the user query $\mathcal{Q}$ using a finite-state orchestration logic.
  • Assigns subtasks $\tau$ to worker agents, retrieves relevant context $C_\tau$ via the Model Context Protocol (MCP), critiques outputs, and enforces a "Reflexion" review loop.
• Cryptographic Analyst:
  • Focuses on mathematical aspects of post-quantum cryptography (lattices, isogenies, hash-based schemes).
  • Validates constructs, estimates migration time $X(a)$ for assets, ensures mathematical rigor.
• Threat Modeler:
  • Identifies "off-path" attacks, such as side channels, RNG flaws, and vulnerabilities from CVE feeds.
  • Scores each asset's exploitability $E(a)$ according to practical feasibility.
• Standards Specialist:
  • Grounds reasoning in standards and policy documents (e.g., NIST FIPS, ISO/IEC), extracting policy deadlines and "collapse time" $Z(a)$—the anticipated window before CRQC risk materializes.
• Risk Assessor:
  • Synthesizes findings into a continuous Quantum-Adjusted Risk Score (QARS), applying formalized prioritization to the asset universe.

Serialized execution proceeds by swapping key-value cache (KV-cache) states between supervisor and workers, injecting role-specific context slices, and restoring memory upon agent completion. This arrangement, while incurring minor per-task latency, enables the full logical parallelism of a research team on a single 8 GB GPU (Alquwayfili, 15 Dec 2025).

2. Model Context Protocol (MCP) for Knowledge Integration

Quantigence addresses LLM training-data staleness and evolving threat landscapes by employing MCP, which mounts trusted external sources (NIST PQC Database, NVD/CVE, ArXiv/IACR) as file-system-like resources. For each subtask $\tau$:

$$C_\tau = \mathrm{MCP}(\tau) = \bigcup_{s \in \mathcal{S}} \mathrm{retrieve}(s, \mathrm{query}=\tau)$$

where $\mathcal{S}$ encapsulates the various authoritative sources.

The supervisor retrieves $C_\tau$ by: $$C_\tau \leftarrow \mathrm{Retrieve}(\mathcal{M}, \tau) = \mathrm{MCP}(\tau)$$

For each agent execution, MCP delivers verified, up-to-date context assembled from these sources, enforcing a shared, long-term graph $\mathcal{M}$ for all roles. Context isolation avoids cross-task contamination, while serial injection ensures context freshness and deterministic outputs. Input sanitization and hierarchy (favoring cryptographic signatures and official documents over preprints) mitigate adversarial information poisoning (Alquwayfili, 15 Dec 2025).

3. Quantum-Adjusted Risk Score (QARS): Formal Prioritization

Quantigence generalizes Mosca’s binary inequality $X + Y > Z$—for migration time $X$, data shelf-life $Y$, and collapse time $Z$—to a differentiable, continuous metric that enables finer-grained prioritization:

• Urgency Ratio:

$r(a) = \frac{X(a)+Y(a)}{Z(a)}$

• Temporal Urgency Factor (Sigmoid Transformation):

$$T(a) = \frac{1}{1 + e^{-\alpha(r(a)-1)}}, \quad \alpha = 10$$

This sharply distinguishes assets at the "cliff edge," i.e., those where migration and data require immediate action before quantum risk.

• Composite QARS:

$$R_{\mathrm{QARS}}(a) = w_T T(a) + w_S S(a) + w_E E(a),\quad w_T + w_S + w_E = 1$$

with default weights $(w_T, w_S, w_E) = (0.5, 0.3, 0.2)$, incorporating Sensitivity $S(a)$ and Exploitability $E(a)$.

Assets violating $r(a)>1$ (Mosca-violations) are flagged, and $T(a)\rightarrow1$ ensures high-priority action. This ranking enables rigorous, reproducible risk scoring across divergent assets, supports "Reflexion" review, and provides a mathematically robust foundation for migration policy (Alquwayfili, 15 Dec 2025).

4. Empirical Evaluation and Comparative Performance

In benchmarking against manual expert teams across 50 quantum-security queries (spanning both broad and targeted studies), Quantigence achieved:

Metric	Manual Workflow	Quantigence	Improvement
Median Research Time	6.5 h	2.1 h	−67%
Source Coverage (citations)	12 (avg.)	17 (avg.)	+42%
Risk Agreement (critical)	N/A	89% correlation	N/A
Compute/Labor Cost	≈\$500 | ≈\$0.50 (energy)	>99% reduction

Time savings primarily result from MCP's parallelized ingestion and automated cross-referencing against standards and vulnerability databases. Broader citation networks allow Quantigence to surface relevant literature often overlooked by manual analysts. Divergences in "Medium" risk cases reflect mathematically rigid urgency mapping by the agents (Alquwayfili, 15 Dec 2025).

5. Platform Engineering and Deployment Implications

Quantigence is engineered for accessibility on consumer-grade hardware via:

• 4-bit quantized LLMs (Qwen2-7B-Instruct, Q4_K_M format).
• Lightweight serialized context execution to mitigate VRAM bottlenecks.
• Modular integration with known external data repositories through MCP.

This democratizes high-fidelity quantum risk assessment for NGOs, researchers in resource-constrained regions, and small enterprises. Residual limitations include context-swap latency, ongoing risks of LLM hallucinations (necessitating a human-in-the-loop supervisory review), and susceptibility to adversarial document flooding (SEO-optimized "junk" papers). Defenses focus on source hierarchy, consensus verification, and MCP-layer sanitization.

Extensions include code-in-the-loop validation (sandboxing with CVE-Bench), scaling to clustered NPUs for throughput gains, and transitioning from theoretical risk assessment to empirically verified vulnerability confirmation (Alquwayfili, 15 Dec 2025).

6. Future Directions and Research Impact

Quantigence’s approach—cognitive parallelism, MCP-driven knowledge integration, and rigorous, formalized risk scoring—charts a new trajectory for automated, transparent, and mathematically robust quantum-era security research. Its combination of accessibility, broad literature synthesis, and alignment with evolving standards positions it as a foundational reference for future frameworks in quantum-security analysis.

The framework’s adaptability also addresses emerging threats in LLM-based multi-agent research generally, offering strategies for context isolation, fresh knowledge integration, and formal, explainable risk prioritization that are extensible to other domains beyond quantum cryptography (Alquwayfili, 15 Dec 2025).