Quantum In, Shell Out
· CVE-2026-9291
How a quantum-cloud results file runs code on your
classical
machine · animated walkthrough
PHASE 1 · NORMAL FLOW
⚛ Quantum Job
runs on AWS
🪣 S3 output bucket
results.json
dataFormat: pickled_v4
💻 Your machine
job.result()
+ AWS creds
🦹 Attacker
has s3:PutObject
‹ Back
▶ Play
Next ›
legit data
read request
malicious pickle
stolen creds