All news with #post quantum cryptography tag

🔐 Key management — the lifecycle discipline governing key generation, storage, rotation and destruction — has become the weakest operational link as organizations race toward post-quantum and AI-driven systems. While public debate centers on algorithms, real failures stem from long-lived keys, unclear ownership, manual rotation and untested recovery. AI pipelines and autonomous agents amplify these risks, so teams must adopt short-lived, purpose-bound keys, automated rotation and practiced cryptographic incident response.

🛡️ This week at the Munich Security Conference, Google Cloud released a whitepaper, "Staying Ahead of the Shadows: Digital Resilience in the Era of AI," that outlines current digital threats and recommends a unified, full‑stack defense to help democracies. It highlights supply‑chain targeting, employee‑focused manipulation, and sustained China‑nexus espionage. The paper prescribes a five‑layer resilience model — Infrastructure, Architecture, Models, Applications, and Security — supported by technologies such as Gemini, Workspace, CodeMender, SAIF, and post‑quantum cryptography.

🔒 CISOs entering 2026 should treat compliance as a baseline, not a destination. While frameworks like HIPAA, SOC 2 and ISO 27001 provide essential controls, relying solely on checklists breeds complacency and misses evolving threats such as AI-enabled attacks, third-party failures and future quantum risks. Adopt longer time horizons, scenario-based risk assessments and financial impact modelling to align security with business priorities and secure board support.

🔒 Gartner identifies six priority cybersecurity trends for 2026 that demand immediate attention from security and risk leaders. Key risks include uncontrolled agentic AI proliferation, global regulatory volatility, and the urgent need to plan for post-quantum cryptography. Gartner advises stronger governance to detect and control both approved and shadow AI agents, evolve identity and access management for machine actors, modernize SOCs with human-in-the-loop processes, and shift awareness programs toward task-focused, AI-specific behavioral training.

🔐 Google issues a call to action to protect digital systems against quantum threats, outlining its post-quantum cryptography (PQC) work and policy recommendations. The company warns that large-scale quantum computers could break current public-key cryptography and cautions about 'store now, decrypt later' harvesting of encrypted data. Google commits to research transparency, completing PQC migrations within NIST guidelines, and strengthening crypto agility, critical shared infrastructure, and ecosystem readiness.

⚛️ Quantum computing paired with AI promises transformative gains in processing speed and machine learning capacity, enabling tasks—such as real-time climate modelling and instant financial simulations—that classical infrastructure struggles to deliver. At the same time, the article warns that quantum-enabled attacks could undermine widely used cryptosystems like RSA, ECC and AES, creating a disruptive Q-Day when encrypted confidentiality is at risk. Governments and enterprises are already staging migrations to post-quantum cryptography and updating governance and observability, but the piece stresses that building trust, ethical AI oversight and resilient frameworks will be essential to preserve digital privacy and integrity.

🔎 This week's ThreatsDay bulletin highlights quiet but meaningful shifts where familiar tools and trusted platforms are repurposed to breach access, steal data, or launder funds. Law enforcement seized the RAMP forum while threat actors pivot to alternatives, creating operational churn and new exposures. Guidance from CISA on post‑quantum cryptography and urgent patches for Linux and Dormakaba systems underscore near‑term priorities amid rising phishing, supply‑chain, and ransomware activity.

🔒 Palo Alto Networks unveiled Quantum-Safe Security to help organizations transition to post-quantum cryptography without disrupting operations. It provides continuous, real-time cryptographic visibility by collecting telemetry from PAN-OS NGFW, Prisma Access and third-party tools to catalog certificates, algorithms, key exchanges and libraries. The solution prioritizes harvest now, decrypt later risks, guides staged remediation including hybrid algorithms and real-time encryption translation for legacy systems, and automates governance and compliance. Integration with SIEM, EDR and other systems supports gradual migration across complex environments.

🔒 AI integration has shifted public-sector cybersecurity in 2026, forcing agencies to adopt AI-native detection and autonomous response, continuous identity verification, and secure-by-design AI deployments. Nation-state actors now automate intrusion, deception, and tailored malware, expanding risk to IT, OT and research environments. Agencies must consolidate platforms, accelerate post-quantum planning, and govern AI at mission scale.

🔐 Palo Alto Networks announced Quantum-Safe Security, a continuous solution to discover, assess and remediate enterprise cryptographic risk as organizations migrate to post-quantum standards. The offering ingests telemetry from PAN-OS NGFW, Prisma Access and third-party systems to build a real-time Cryptographic Bill of Materials (CBOM), prioritize harvest-now, decrypt-later exposure, and automate remediation—including cipher translation at the network edge. General availability is expected on January 30, 2026.

🔒 Cloudflare ported a Matrix homeserver to Cloudflare Workers as a proof-of-concept, combining edge execution with built-in post-quantum TLS to reduce operational burden. The implementation remaps traditional components — Postgres to D1, Redis to KV, filesystem to R2, and coordination to Durable Objects — to provide strong consistency where needed and near-zero idle cost. End-to-end encryption remains client-side via Megolm, so Workers terminate TLS but only handle ciphertext. The result is a low-latency, easy-to-deploy homeserver with automatic DDoS protection and request-based pricing.

🔒 Cloudflare describes a proof-of-concept Matrix homeserver implemented on Cloudflare Workers, porting core logic from Synapse to a TypeScript service. By mapping Postgres to D1, Redis to KV, filesystem to R2, and coordination to Durable Objects, the architecture removes much of the traditional operational burden. The Worker preserves full Matrix E2EE (Megolm) while TLS automatically negotiates a post-quantum hybrid key agreement (X25519MLKEM768), delivering lower latency, usage-based cost scaling, and global distribution.

🔒 CISA has released an advisory mapping post-quantum cryptography (PQC) standards to common enterprise hardware and software categories to help CIOs and security teams evaluate quantum-safe readiness. Issued in response to the June 6, 2025 executive order, the guidance lists product classes that already implement, or are transitioning to, NIST-aligned PQC algorithms. CISA emphasizes many implementations provide PQC for key establishment (KEM/KGA) but not yet for digital signatures and authentication, so categories on the list are not fully quantum resistant. The advisory references FIPS 203–205 as the baseline for required primitives.

🔐 CISA has published an initial list of hardware and software product categories that either support or are expected to support post-quantum cryptography (PQC) standards, following Executive Order 14306 issued on 6 June 2025. Compiled in collaboration with the NSA, the list covers cloud services, collaboration and web software, endpoint security and networking products, and is intended to guide procurement and risk planning as organizations prepare for quantum threats.

🔐 The Cybersecurity and Infrastructure Security Agency (CISA) released an initial list of Product Categories for technologies that use post-quantum cryptography standards. Developed under Executive Order 14306 (June 6, 2025) and in coordination with the NSA, the list identifies hardware and software types that already support or are expected to adopt PQC, including cloud services, web software, networking, and endpoint security. CISA will update the list regularly to guide procurement and migration planning.

🔒 CISA published lists identifying hardware and software product categories where post-quantum cryptography (PQC) standards are already in use or expected to be widely available. Issued under Executive Order 14306, the guidance directs agencies to plan acquisitions to prefer PQC-capable products in listed categories and urges vendors to implement and test PQC features. It distinguishes categories that have implemented PQC for key establishment from those still transitioning for digital signatures and other functions, and it will be updated periodically.

🔐 The G7 Cyber Expert Group has published a recommended roadmap asking financial firms and public entities to complete transition to post-quantum cryptography (PQC) by 2034 to anticipate future quantum-enabled threats. The non-prescriptive guidance outlines six phased activities from awareness and inventory to migration, testing and validation, with overlapping timelines beginning in 2025. It stresses a risk- and standards-based approach, crypto agility and cross-jurisdiction collaboration to reduce fragmentation and enhance interoperability.

🔒 As AI hype settles, CISOs are refocusing 2026 priorities on resilience, rapid detection, and measurable outcomes. They favor engineering-driven architecture for cloud stability, AI-enabled orchestration to cut dwell time, and broad identity and privilege governance for human and non-human accounts. Visibility and SaaS discovery will curb shadow AI use, while security baked into agentic AI and post-quantum preparedness (cryptographic inventories and vendor roadmaps) become essential. Turning security into a visible trust signal and linking spend to ROI rounds out the agenda.

🔐 Fortinet warns that "harvest-now, decrypt-later" attacks make long-term confidentiality vulnerable now and urges organizations to begin quantum readiness today. The company identifies four essential capabilities for enterprise-grade quantum-safe solutions: minimal performance impact, mandatory crypto-agility, adherence to standards, and deployment flexibility. Fortinet highlights hardware acceleration (NP7 ASICs) to preserve throughput, a required Hybrid Mode to combine classical and PQC key exchanges (e.g., DH + ML-KEM), NIST-approved PQC algorithms for interoperability, and optional QKD for highest-assurance links.

🔍 The 2025 Cloudflare Radar Year in Review summarizes Internet trends observed across Cloudflare’s global network, covering January–December 2025. The report highlights rapid growth in traffic (up 19%), dramatic increases in AI crawling and user-action requests, and widespread adoption of post-quantum TLS, which reached 52% of human web traffic. It also documents hyper-volumetric DDoS escalation — multiple attacks exceeded 10 Tbps with records hitting 31.4 Tbps — and provides sector, device, and connectivity insights informed by new AI and speed‑test datasets.