RSAC 2025 Recap

RSA Conference 2025 Recap: The Quantum Security Revolution
RSA Conference 2025 is in the books and this year there were some familiar themes.  Security is a community and requires us to collaborate, AI continues to be embraced by both attackers and defenders, and managing identities is getting more complex.  Another theme that was starting to emerge was the Quantum threat, and there was a noticeable increase in discussions each with the same urgent call to start acting.

The Quantum Threat: No Longer a Question of “If” But “When”
A common takeaway from this year’s conference is that quantum computing’s ability to break traditional encryption is an imminent threat requiring immediate preparation. Presentations from leading cryptographers demonstrated how algorithms like Shor’s could theoretically render our current public key infrastructure obsolete almost overnight once sufficiently powerful quantum computers become available. Organizations need to start preparing sooner rather than later or find themselves scrambling.

AI: Accelerating Both Threat and Defense
Artificial intelligence is being leveraged to accelerate quantum computing development, particularly in error correction—one of the main obstacles to achieving practical quantum computers. This AI-quantum synergy is effectively shortening the timeline for when we might face quantum threats.

However, AI is also proving valuable in defending against quantum attacks. There were a few discussions on how machine learning algorithms can identify vulnerabilities in cryptographic implementations and automate the discovery of quantum-resistant approaches.

The Critical First Step: Know Your Cryptographic Estate
Multiple sessions emphasized that organizations must conduct comprehensive crypto assessments to identify and catalog all uses of encryption across their systems. Without this visibility, quantum-ready upgrades become nearly impossible to implement and track effectively.

A panel shared practical approaches to these assessments, with most recommending dedicated cross-functional teams to map cryptographic dependencies, prioritize systems based on data sensitivity and shelf-life, and develop phased migration plans.

International Cooperation: Building Standards Together
The geopolitical dimensions of quantum security received significant attention this year. While the United States is currently leading standardization efforts through NIST, experts from Europe, Asia, and beyond stressed that international collaboration is essential for establishing truly robust quantum-safe cryptography standards.

A roundtable featuring government representatives from the U.S., EU, Japan, and Singapore discussed how differing national interests could potentially fragment quantum security standards—and the steps being taken to prevent this outcome.

Several speakers called for governments worldwide to establish clear timelines for quantum-safe upgrades of sensitive systems and critical infrastructure, with some suggesting regulatory approaches similar to those implemented for AI safety.

The Ecosystem Approach: No Organization Is an Island
In RSAC 2023 the theme was “Stronger Together,” and the message was that we should be open to collaborate with our competitors. The reason is because we all fight the same enemy and sharing best practices with organizations that know our business model helps all of us.  Fast forward to this year and perhaps the most encouraging aspect of the conference was seeing unprecedented collaboration between traditionally competitive entities. Representatives from government agencies, technology giants, financial institutions, and academic researchers shared stages to discuss coordinated approaches to the quantum challenge.  This is something that was unthinkable a few years ago.  

Timeline Uncertainty Requires Proactive Planning
Despite all the advances in quantum computing, experts still disagree on exactly when quantum computers will become powerful enough to break current encryption. Estimates ranged from less than 5 to 15 years, highlighting the uncertainty inherent in this rapidly evolving field.  The uncertainty strengthens the case for being proactive because waiting to take action until quantum computers break encryption will be disastrous.

Key Takeaways for Security Leaders
Several action items stand out for organizations concerned about quantum threats:

1. Invest in quantum-ready security measures now. The cost of early adoption is far less than the potential cost of a security breach.
2. Conduct thorough cryptographic inventories across your organization to understand where vulnerabilities exist.
3. Develop a phased migration strategy that prioritizes your most sensitive and long-lived data.
4. Stay engaged with standardization efforts through industry groups and government partnerships.
5. Build crypto-agility into your systems to facilitate smoother transitions as standards evolve.

The quantum security revolution isn’t coming—it’s already here. This will be a multi-year process but there are things that can be done today to get you well on your way to becoming post quantum ready.  Quantum Xchange can help you on that journey.