{"id":217084,"date":"2026-05-20T05:14:00","date_gmt":"2026-05-20T09:14:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/20\/post-quantum-cryptography-upgrades-the-lock-not-the-architecture\/"},"modified":"2026-05-20T06:05:15","modified_gmt":"2026-05-20T10:05:15","slug":"post-quantum-cryptography-upgrades-the-lock-not-the-architecture","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/20\/post-quantum-cryptography-upgrades-the-lock-not-the-architecture\/","title":{"rendered":"Post-Quantum Cryptography Upgrades the Lock, Not the Architecture"},"content":{"rendered":"

Post-Quantum Cryptography Upgrades the Lock, Not the Architecture<\/a><\/p>\n

https:\/\/www.cybersecurity-insiders.com\/post-quantum-cryptography-upgrades-the-lock-not-the-architecture\/<\/a><\/p>\n

Publish Date: 2026-05-20 05:14:00<\/a><\/p>\n

Source Domain: www.cybersecurity-insiders.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Harvest Now, Decrypt Later (HNDL), is 1940s-era signals intelligence that predates modern cyber espionage. HNDL involves collecting encrypted data today, storing it, and waiting until brute-force computing power, implementation flaws, or cryptographic breakthroughs make it readable. This wildly successful methodology has continued unabated ever since and is accelerating with the continued scaling of quantum computers.
\nRecent announcements by Google and others advise we are only 2 to 3 years from the point where they can break the algorithms used to establish virtually all secure digital communications. Indeed, the estimated qubit threshold keeps falling. At the same time, AI is accelerating the discovery of new mathematical methods and attack techniques, which when combined with quantum computers promise to deliver surprising novel methods in the coming years.
\nWe built the internet on 1970s-era architecture, for cybersecurity and infrastructure networks that we had more than 50 years ago. Replacing the algorithms that companies, governments, and individuals rely on with post-quantum cryptography (PQC) is a lock upgrade, not a security transformation. The harder problem is that our entire cryptographic architecture still depends on distributing keys through systems that adversaries can observe, harvest, and exploit later. It doesn\u2019t address the flaw we inherited from decades ago when there were few, if any, alternatives. HNDL is unsolved and will continue indefinitely, which is the entire basis of the guidance to be crypto-agile\u2014make sure PQC is easily replaceable in the future.
\nIt\u2019s always the next CISO\u2019s problem
\nWe use the same technology to secure cat videos on YouTube as we do for all our banking transactions, our government secrets, and everything else. It\u2019s a one-size-fits-all, hope-for-the-best approach. That can\u2019t sit right with anyone who has anything sensitive in digital form.
\nThere are no consequences. When was the last time you saw a CEO walked out of their office in handcuffs because of a cybersecurity breach? In 2015, the US experienced one of the largest exposures of government data in history: security clearance records held by the Office of Personnel Management. Who got punished? Nobody.
\nCISOs are dealing with plenty of immediate fires. Anything on the horizon becomes the next person\u2019s problem. Since PQC seems like such a \u201chard\u201d thing, they assume they will get the implementation wrong and be punished for it, and therefore most are unwilling to do it. Unsurprisingly, an Ians Research survey found that 52% of CISOs report that their scope is no longer fully manageable.
\nThe industry suffers from an incentive misalignment. With more than two-thirds of CISOs open to making a career move within the next 12 months, the focus shifts to short-term wins and defensible choices\u2014no one ever got fired for buying Microsoft. They\u2019re mowing the lawn for the next guy. Few want to do risky lifts, like championing a foundational architectural overhaul or planning 5 to 10 years out. Many are content to buy the consensus-safe solution that satisfies immediate requirements. Conversely, CISOs who take PQC seriously will have job security for life.
\nIn the intelligence community, we would never rely on one solution for unclassified, secret, and top-secret data. The intel community spares no expense on infosec when lives are on the line, not just lost data. Multiple different systems on completely separate physical networks compartmentalize any potential damage and limit the blast radius of a compromise. You can\u2019t send an email from a top-secret network to a secret or unclassified network. If somebody accidentally sends me a document I\u2019m unauthorized to access, I can\u2019t open it. It\u2019s encrypted in a way that makes it unusable to me. Meanwhile, anyone with a Gmail account can decrypt an attachment that I accidentally sent them.
\nIf we don\u2019t build some version of that strictly tiered IC architecture for the private sector, we\u2019re only going to keep seeing security snafus.
\nPQC is not the end all be all
\nThere\u2019s a false sense of security that if we just transition to PQC, this all goes away. That\u2019s simply not true.
\nPQC is going to fail for many reasons\u2014software bugs, corrupted libraries, poor entropy for keys, and even the possibility of a mathematical weakness. We\u2019re going to have poor implementations; that\u2019s a given. In 2022, researchers broke the PQC finalist SIKE algorithm using a single classical laptop in about an hour without a quantum computer. This is going to go on indefinitely until we change the architecture to eliminate the need for encryption key transmission and make this problem go away completely. Otherwise, we\u2019re just putting a band-aid and bubblegum on the problem until it comes up again.
\nThe AI boom makes this unbelievably worse as we turn over control of all our infrastructure. Using agents just trades supposed productivity and convenience for a ballooning attack surface. When you turn over all your keys, API tokens, and everything you\u2019ve ever done to OpenClaw or a pool of agents, you don\u2019t just lose control of your chat app account. You\u2019re handing over the keys to your entire life. Your data can go upstream all the way to the AI factory where the inference is done, creating the ultimate honeypot. If we don\u2019t secure those big pieces, your and your company\u2019s data can move laterally, downstream, and upstream at a level that we\u2019ve never seen before.
\nConsider what Salt Typhoon did in 2024. The Chinese hacking group broke into US telecom companies and internet service providers and was on the backbone network of all of US internet infrastructure, where it could filter the data that China was most interested in, collect it, sit on it, and build more access points for later. The group was also on the FBI\u2019s FISA coverage of the Chinese hackers of the same network, where our adversaries could even monitor the response! When the first cryptographically relevant quantum computer comes online, they\u2019ll operationalize all that data and in China\u2019s case, monetize it.
\nAnd unlike in the Cold War era, when you had to tap a piece of fiber or get into a copper wire in the Soviet Union, this is all now done remotely.
\nThe other false sense of security I hear is, \u201cI\u2019m not that interesting to them. Why would they hack into my phone or router?\u201d Well, of course, you\u2019re not the President of the United States or the Secretary of Defense, so they won\u2019t bother. For you, they get everything that you do through the huge data pipes upstream from your home. A file on every American is a Chinese collection requirement and IC mandate.
\nNation-states access ISPs and sit on the data they harvest, which costs them almost nothing to store. A sufficient targeting package on anyone requires only snapshots of their life and data, not a perfect record of everything they\u2019ve said and done.
\nAnd because we\u2019re an open society, we know when many of these systems are penetrated and corrupted, but that\u2019s just the tip of the iceberg. We only discover a small percentage of what has really been breached.
\nPrepare for the unknowable
\nAs we transition to this new generation of cryptography and AI, we\u2019re getting dragged into the black water. We don\u2019t have any way of predicting what\u2019s going to happen and the techniques that will be invented, but that\u2019s not a reason to panic.
\nIf what happened to SIKE also happens to ML-KEM, the latest PQC standard for data encryption, there\u2019s no backup plan. Given that anyone can use AI tools today to sift through old papers, make new connections, and achieve mathematical breakthroughs, weaknesses will be discovered sooner rather than later, especially as cybersecurity software is more vibe coded. We simply didn\u2019t have that scale of automated research computers to make such discoveries this quickly before.
\nCryptographic agility\u2014the ability to swap from a broken algorithm to a better one\u2014does not help if we don\u2019t update the architecture. If it will all be decryptable one day, that\u2019s no consolation for anyone whose data has been harvested, whether it\u2019s through classical RSA or modern PQC. There\u2019s no easy button. More durable solutions need to be applied to our most sensitive data and networks, not just the basics we use for social media and entertainment.<\/p>\n

Join our LinkedIn group Information Security Community!<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Post-Quantum Cryptography Upgrades the Lock, Not the Architecture https:\/\/www.cybersecurity-insiders.com\/post-quantum-cryptography-upgrades-the-lock-not-the-architecture\/ Publish Date: 2026-05-20 05:14:00 Source Domain:…<\/p>\n","protected":false},"author":1,"featured_media":217085,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cybersecurity-insiders.com\/wp-content\/uploads\/quantum3.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,30,24,31],"class_list":["post-217084","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-breach","tag-cybersecurity","tag-exploit"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217084"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=217084"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217084\/revisions"}],"predecessor-version":[{"id":217087,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/217084\/revisions\/217087"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/217085"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=217084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=217084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=217084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}