At the invitation of the U.S. House Committee on Homeland Security to address Congress on December 17, 2025 on “The Quantum, AI, and Cloud Landscape: Examining Opportunities, Vulnerabilities, and the Future of Cybersecurity,”, Quantum XChange CEO Eddy Zervigon, Google, and Anthropic highlighted how rapidly the threat landscape is evolving and how urgently our cybersecurity posture across the public and private sector must adapt.
Nation-state and sponsored actors have implemented AI-enabled attacks to accelerate the collection of encrypted data to decrypt later. Mr. Zervigon discussed how the risks of decrypting data with quantum computers is no longer theoretical. It is real, immediate, and escalating.
In his testimony, Mr. Zervigon specified key priorities that should shape the national response to quantum threats across government and industry, and prepare organizations for what comes next. Those priorities all hinge on the fundamental question that must be answered as the foundation of any quantum resiliency planning:
How to plan for the algorithms being broken; because it’s a when, not an if….
Managing Crypto Agility at Scale
For more than 50 years, today’s encryption standards have safeguarded our data from theft and misuse. The era of encryption algorithms that are impervious to attacks no longer exists.
Replacing today’s encryption with post-quantum cryptography (PQC) is part of the solution but not the complete answer. Despite best efforts, PQC’s may still be vulnerable to quantum-enabled attacks. Multiple PQC’s were released by NIST (National Institute of Standards and Technology) for resiliency and redundancy, with more under consideration. Your quantum resiliency plan must also be adaptable and future-proof.
In Quantum XChange’s view, what’s needed to ensure data security and confidentiality in the quantum age is the preparation and plan for when an algorithm is broken, how rapidly algorithms can be updated, is there a vendor dependence on support for a new PQC, and what security risks does that introduce if there is a delay in support?
Crypto-agile and crypto-diverse architectures are a strategic requirement for national resilience and enterprise continuity. The need to manage hybrid classical and PQC environments, rapidly deploy PQCs at global scale, change vulnerable algorithms on the fly without downtime, and easily deploy and switch between different post-quantum technologies (PQC algorithms, QKD, QRNG) with minimal disruption
The organizations that prepare for rapid cryptographic change will be the ones best positioned to withstand brand new, emerging threats.
Preparing for Change
The future of encryption in the quantum era is no longer just a math problem—it’s an architecture one. An architectural approach enables organizations to be protected against quantum attacks today, while minimizing disruption to existing operations when algorithms are broken.
Planning for the future of quantum attacks must not rely on a “good enough” foundation of years past by changing today’s algorithms to PQC and hoping for the best. It’s critical to prepare in advance for change, not get locked into a monolithic environment that limits adaptability and leaves organizations vulnerable when algorithms are broken and rapid updates are a necessity. It is dangerous to repeat the past by deploying a single algorithm and relying on its strength to withstand quantum attacks. Good enough security is never good enough to be resilient for the future.
Focusing on the Architecture
Adversaries are stealing encrypted data today with the intent to decrypt it tomorrow. You must begin the process now towards quantum resiliency by hardening your existing environment today to ensure a successful PQC migration on your specific timeline. Agencies and enterprises cannot afford the delays, operational downtime, and cost to rip and replace critical infrastructure.
Instead, you’ll need to focus on a modular, secure-by-design architecture that seamlessly integrates into your existing network infrastructure for minimal disruption to ongoing operations. Other important security considerations include:
- NIST-validation to ensure rigorous crypto security standards are met.
- NIST Entropy Source Validation confirms that generated randomness is indeed unpredictable for secure data transmission and eavesdropping prevention.
- Support for all NIST post-quantum algorithms and migration recommendations.
Practical, FIPS validated solutions like Quantum XChange’s Phio TX harden the network layer and provide a seamless migration to post quantum cryptography (PQC) to meet each organization’s timelines and cyber risk posture.
Organizations must begin preparing now. The transition to quantum-safe security does not have to be painful or complex—but delaying that transition will be.
Building a Confident Path to a Post-Quantum Future
Quantum XChange is committed to helping organizations Change Nothing, Change Everything™, strengthening today’s encryption while enabling a smooth migration to a secure post-quantum future. You can secure your networks today with quantum-resistant technologies in a FIPS validated way, without having to rip and replace your entire infrastructure.
Timing is critical to embrace cryptographic agility, and prepare for quantum-enabled threats, IT leaders can ensure their organizations remain resilient in the face of unprecedented technological change.
The quantum era is coming. The time to prepare is now.
