The number of physical qubits needed to break RSA-2048 encryption has fallen from roughly one billion to fewer than 100,000 in fourteen years. That is not thanks solely to improvements in hardware. It is an algorithm story driven by better error correction, better compilation, and better mathematics. And it has a direct implication for every organization handling sensitive data today.
As of April 2, 2026, credible estimates now place Q-day – the point at which a cryptographically relevant quantum computer can break modern encryption like RSA-2048 – as early as 2029. Said differently, post‑quantum cryptography (PQC) is no longer a theoretical discussion. While we do not expect a cryptographically relevant quantum computer to emerge in the near term, standards bodies, regulators, and platform vendors are already executing multi‑year transition plans. The question is whether your organization is doing the same.
What Makes Q-Day and PQC So Significant Right Now?
The lack of time. The trajectory of qubit estimates needed to break RSA-2048 tells the story clearly:
- 2012 (Fowler, et al): hundreds of millions to ~1 billion
- 2019 (Gidney & Ekerå): ~20 million
- 2025 (Gidney): fewer than 1 million
- 2026 (Iceberg Quantum): fewer than 100,000
Each step down is not the result of new hardware. It reflects algorithmic improvements: smarter error correction codes, more efficient compilation, and better overall circuit design. The gap between where quantum hardware is today and where it needs to be is closing faster than the hardware is improving.
Beyond timelines, the more immediate risk is adversary behavior. Attackers do not need quantum computers today to create future risk. The ‘harvest now, decrypt later’ model is well established: encrypted traffic and data stores can be captured today and can be held and decrypted once the capability exists. This is especially relevant for organizations that are handling long-lived sensitive data, such as government records (everything from tax records to nuclear codes), financial transactions, and any personally identifiable information, such as healthcare data.
Major technology companies like Microsoft have already integrated post‑quantum algorithms into Windows and are explicitly citing the ‘harvest now, decrypt later’ risks as a driving factor. These moves show that PQC readiness is now an engineering reality, not a speculative exercise.
Go deeper: See our detailed research data on the adoption deltas of post-quantum cryptography.
What This Means for Your Organization
For regulated industries, particularly financial services and government, the path is being shaped by standards. NIST’s post-quantum encryption standards are published. NSA’s Commercial National Security Algorithm Suite 2.0 sets concrete timelines for quantum‑resistant algorithm adoption.
For everyone else, the framing has shifted. It is no longer a question of whether quantum threats are real. The question regulators, auditors, and customers will increasingly ask is whether your organization can demonstrate that it knows where non-PQC safe algorithms exist in its environment and has a credible plan to address them. Waiting for direct regulatory mandate is not a strategy.
Where You Can Start Today
Encryption is something we rarely talk about and just take for granted since it happens in the background by operating systems, libraries, firmware, and applications. It’s often without centralized documentation, so organizations lack a consolidated view of cryptographic usage. This leads to misplaced confidence based on policy rather than observed behavior.
The practical starting point is a cryptographic inventory. It begins, unsurprisingly, with identifying which devices are negotiating non-PQC-safe ciphers. If you are already using Forescout, you have had that visibility for close to a year.
Priority areas for discovery include TLS‑enabled services, SSH infrastructure, remote access systems, and vendor appliances that may need to be upgraded or replaced entirely to support your quantum transition. OT and cyber-physical environments deserve particular attention. They traditionally lag on cryptographic hygiene and will likely require longer migration timelines, so they need to be in scope now, not later. Visibility into actual negotiated ciphers, not assumed ones, gives you the foundation for prioritization.
Example: the Forescout 4D Platform™ discovers assets communicating using non-Quantum safe ciphers:
See it in action in this video:
AI and Quantum
These are not separate conversations. AI is accelerating the cryptographic threat on both sides of the equation.
On the threat side, machine learning is being applied to optimize the algorithms behind the qubit reduction figures above. The trajectory is not slowing down. On the defensive side, AI-assisted tooling is making cryptographic discovery tractable at enterprise scale. Mapping every device, service, and application negotiating non-PQC-safe ciphers across a large environment is not a manual exercise, and it cannot be a point-in-time one either. Forescout VistaroAI™ includes skills-based agentic AI that continually identifies new managed and unmanaged assets alike, assesses their risk posture, and turns a sprawling inventory problem into an actionable prioritization queue that stays current as your environment changes.
Go deeper: See the complete history of encryption in our blog “The Future of Encryption in a Quantum Cryptography World”
The Bottom Line
The timeline is compressing. The standards exist. The adversary behavior is already in play. What most organizations are missing is not awareness of the problem but a clear view of their own exposure. That visibility is the first move — and it is available today. The organizations that move now will spend the next three years executing a managed transition. Those that wait will be reacting to a breach they saw coming.
Talk to us about your PQC needs.