Quantum threat window shortens

The window for quantum computers to threaten today’s encryption is narrowing as hardware roadmaps and attack estimates both move faster. (theconversation.com) A quantum computer uses qubits, which process information in ways ordinary bits cannot, and that can make some math problems far easier to solve. The codes most used online today rely on those hard math problems staying hard for ordinary machines. (theconversation.com) In May 2025, Google researchers published an estimate that a quantum machine with fewer than 1 million noisy qubits could factor a 2048-bit RSA key in less than a week. Google said that was a 20-fold drop from its 2019 estimate of 20 million qubits. (security.googleblog.com) On the hardware side, IBM said on June 10, 2025 that it had a roadmap to a large-scale, fault-tolerant quantum computer by 2029. The Conversation article published April 12, 2026 said IBM also hopes to show a quantum advantage in some special cases in 2026. (ibm.com, theconversation.com) The immediate risk is not that a criminal can crack bank traffic today. The risk is that data stolen now can be stored and decrypted later if it was protected with RSA or elliptic-curve systems that a future quantum machine can break. (gao.gov, theconversation.com) That is why standards bodies have moved from research to migration. On August 13, 2024, the National Institute of Standards and Technology approved three post-quantum cryptography standards, Federal Information Processing Standards 203, 204 and 205, and said they were ready for immediate use. (csrc.nist.gov, nist.gov) NIST now says “now is the time to migrate” and its transition planning says quantum-vulnerable algorithms will be deprecated and ultimately removed from standards by 2035, with high-risk systems moving earlier. That shifts the work from lab forecasts to procurement, software updates and certificate replacement. (nist.gov, csrc.nist.gov) United States national security guidance has also hardened. The National Security Agency says organizations should use quantum-resistant algorithms selected under Commercial National Security Algorithm Suite 2.0, and its resource page points to policy released on March 4, 2025. (nsa.gov) The forecast is still a forecast, not a fixed date. The Global Risk Institute’s Quantum Threat Timeline Report, published March 9, 2026, said 26 experts saw a cryptographically relevant quantum computer as “quite possible” within 10 years at 28% to 49%, and “likely” within 15 years at 51% to 70%. (globalriskinstitute.org) Governments are also warning that migration is uneven. The Government Accountability Office said on June 24, 2025 that the United States had an emerging strategy built around standardizing post-quantum cryptography, migrating federal systems and pushing the wider economy to prepare, but said no single federal body had fully coordinated the effort. (gao.gov) The practical response is not to wait for a single “Q Day” headline. It is to find where RSA and elliptic-curve cryptography sit inside products and networks, replace them with NIST’s new standards where possible, and buy systems that can swap algorithms again if the timeline moves a second time. (nist.gov, csrc.nist.gov, theconversation.com)