The Click Just Got Louder: Quantum Is Coming for Your Encryption First

In December I wrote about the moment before the quantum acceleration — the glide phase, the pre-click hum, the sense that all the pieces were seating themselves. The tone was optimistic. New Legos on the table. The universe as a construction set.

Five months later, the click isn't just closer. It has a specific, uncomfortable target: the encryption protecting everything you do online. and the timeline just collapsed.

Three Papers in Three Months

In December, "Q-Day" — the theoretical point at which a quantum computer can break modern public-key encryption — was an abstraction. A distant horizon. Something to prepare for eventually.

Then, between January and March of this year, three separate research papers landed that rewrote the threat timeline. The quantum resources needed to break modern encryption have dropped by an order of magnitude since May 2025. Not a minor refinement. An order of magnitude.

The most striking data point came out of a joint paper from Caltech and quantum startup Oratomic: a quantum computer may need as few as 10,000 qubits to empty a crypto wallet. For context, systems approaching that qubit count are already being built. Google's quantum team responded by accelerating its own post-quantum cryptography migration timeline and publishing a public warning: breaking Bitcoin and standard internet encryption could be feasible by 2029. Three years.

Nature published its own analysis under a headline that doesn't leave much room for ambiguity: "It's a real shock: quantum-computing breakthroughs pose imminent risks to cybersecurity."

Cloudflare, which handles a significant chunk of the internet's encrypted traffic, immediately moved its post-quantum security target to 2029 — not because that's comfortable, but because the research suggests that's when the window closes.

What "Harvest Now, Decrypt Later" Means Right Now

Here's the part of this story that isn't getting enough attention.

Q-Day doesn't have to arrive for the attack to begin. It already has.

"Harvest now, decrypt later" is exactly what it sounds like. Nation-state adversaries — and the research strongly suggests this is already underway — are intercepting and storing encrypted communications today, at scale, with the intention of decrypting them once quantum capability arrives. The data being harvested right now includes: classified government communications, corporate M&A discussions, financial transactions, medical records, infrastructure credentials.

The encryption protecting all of it was designed for a threat model that assumed decryption would require computational resources that didn't exist. That assumption is expiring — and the data being harvested today will still be sensitive in 2029.

This is not a future problem. The attack surface is being exploited now. The decryption key just hasn't arrived yet.

The AI Accelerant

Here's the thread that connects last week's articles to this one.

AI didn't just give us better chatbots. It gave quantum computing a significant capability boost. The Google-Oratomic research that moved the Q-Day timeline forward wasn't purely a quantum hardware story — it was an AI-assisted optimization story. Machine learning is being used to find more efficient quantum algorithms, reduce qubit error rates, and model quantum systems that are too complex for classical simulation.

The two technologies are co-accelerating. AI makes quantum more capable faster. Quantum, once mature, makes AI dramatically more powerful. The feedback loop between them is exactly the kind of nonlinear dynamic that makes timeline projections unreliable.

When I wrote in December that quantum feels like it's in the pre-click phase — this is why. AI handed quantum a significant gear shift. What looked like a 10-year horizon in 2024 is now a 3-year horizon in 2026.

Who Is and Isn't Ready

The honest answer is: almost nobody is ready.

NIST finalized its post-quantum cryptography standards last year. Four algorithms, designed to resist quantum attacks. The standards exist. The migration path exists. The problem is that migrating an organization's cryptographic infrastructure is not a software update — it's a multi-year engineering project that touches every system that encrypts or authenticates anything.

Most enterprises haven't started. Most government agencies are behind. Most financial institutions are in early planning stages.

The organizations that are moving: Google (accelerated timeline, public about it). Cloudflare (2029 target, active migration). A handful of blockchain projects. The U.S. intelligence community, quietly. The organizations that are not moving fast enough: the rest of them.

The QUX Angle

Post-quantum security isn't just an IT department problem. It's a market.

The organizations that can certifiably operate in a post-quantum environment — that can prove their data handling is quantum-resistant — will have a meaningful competitive advantage over those that cannot. Regulated industries in particular: finance, healthcare, defense contracting, critical infrastructure. Quantum readiness will become an auditable compliance requirement, and the gap between compliant and non-compliant organizations will carry real commercial consequences.

This is exactly the inflection point that post-quantum security platforms are built for. The research isn't creating panic — it's creating urgency. And urgency is what converts "we should probably look at this" into "we need this now."

The window between "early mover advantage" and "emergency remediation" is roughly three years. Based on current enterprise adoption rates, most organizations will be doing emergency remediation.

What the Click Sounds Like

In December I described quantum as the moment before the mechanism locks in — the glide, the alignment, the inevitability hum. I framed it as beautiful and dangerous in spots.

Here's the dangerous spot: the same capability that enables room-temperature quantum compute, quantum networking, and quantum simulation at scale also enables the decryption of the encrypted internet, the contents of every harvested communication, and the cryptographic keys protecting financial systems, power grids, and military infrastructure.

Quantum doesn't distinguish between its applications. The Lego table has weapons in the pile.

The optimism from December still holds. Quantum computing will unlock material science, medicine, logistics, climate modeling, and capabilities we haven't imagined yet. That future is still coming. But the encryption crisis isn't waiting for that future. It's on the 2029 timeline whether the rest of quantum's promise is ready or not. The click is getting louder.

Three years is not very much time.

Rich Washburn is a technologist and AI strategist. He advises organizations on AI infrastructure, security, and implementation at richwashburn.com.