Summary
Cloudflare is accelerating its post-quantum roadmap and is now targeting 2029 for full post-quantum security, including authentication. The shift aligns with Google’s 2029 deadline and is driven by new signals of urgency, including Google Quantum AI’s ECC-256 resource estimates and Oratomic’s paper outlining a 10,000-qubit implementation of Shor’s algorithm.
Cloudflare says over 65% of human-initiated traffic on its network already uses post-quantum encryption, and it has offered post-quantum key exchange for all sites and APIs since 2022. The harder lift now is authentication, covering digital signatures, certificates, and the identity infrastructure behind them. All post-quantum upgrades will be provided across every plan at no additional cost, echoing Cloudflare’s 2014 move to make SSL universal and free.
The company also cites mounting risk signals. IBM Quantum Safe CTO Michael Osborne warns that high-value “moonshot attacks” could be feasible as early as 2029, and Scott Aaronson suggests researchers working on Shor’s resource estimates may already have stopped publishing. For CISOs, the takeaway is a compressed timeline to plan for post-quantum authentication and certificate agility, with Cloudflare’s stance likely to influence broader vendor roadmaps and customer expectations.
Read more
See the original article at: https://postquantum.com/ai-security/anthropic-mythos-preview-ai-offensive-security/