Palo Alto Networks CEO Warns of Nation-State Quantum Threat by 2029

20 Nov 2025 – Nikesh Arora, CEO of Palo Alto Networks, has issued a stark warning that hostile nation-states may possess cryptanalytically relevant quantum computers by 2029 – or even sooner. Speaking on the cybersecurity company’s Q1 2026 earnings call, Arora predicted that within about four years, quantum technology could advance enough for adversaries to break current encryption, which “at which point most security appliances will need to be replaced“.

This pronouncement, while forward-looking, grabbed attention in the cybersecurity industry. Arora acknowledged a degree of “quantum FUD” (fear, uncertainty, doubt) around such claims. However, Arora explicitly put this prediction on the record, signaling that Palo Alto Networks is baking quantum threat preparedness into its business strategy. He stated the company will soon offer a full range of quantum-safe products, anticipating customer demand. In fact, Palo Alto’s CTO Lee Klarich commented that over the last 6–9 months, they’ve seen “a pretty significant inflection in the number of customers…starting to talk about [PQC] and plan for this from an urgency perspective.”

Why does this matter? It underscores a growing consensus in the cybersecurity community: even if large-scale quantum code-breaking might be a decade away, the time to act is now. Critical data being encrypted today could be intercepted and stored by adversaries – a “harvest now, decrypt later” scenario – in hopes of decrypting it once a quantum computer is available. Arora’s comments reflect pressure from enterprise and government clients who don’t want to wait until the last minute to retrofit their cryptography. Vendors like Palo Alto are thus racing to incorporate post-quantum cryptography (PQC) into firewalls, VPNs, secure web gateways, and other security appliances preemptively.

Notably, Arora also drew a parallel with the AI boom, saying “AI and quantum are going to drive a lot more [network] volume…the more bits that fly around, the more they need to be inspected”, implying that emerging technologies will fuel demand for high-performance “bit inspection” (deep packet inspection) security tech. In other words, as AI increases data flows and quantum threatens encryption, security infrastructure must both scale up and get stronger cryptographically. Palo Alto is positioning itself for that inflection point.

Some experts view the 2029 timeline as aggressive – many forecasts put the advent of a cryptographically relevant quantum computer in the early-to-mid 2030s. But Arora’s stance is that nation-state actors could achieve it sooner, and prudent risk management means upgrading crypto now. The U.S. government’s own guidelines (via NIST and NSA) aim for quantum-resistant systems by 2035 (more on that below), so 2029 is indeed near the leading edge of estimates. Whether or not the 2029 date proves accurate, the takeaway is that one of the world’s largest cybersecurity providers is treating the quantum threat as imminent and is mobilizing accordingly. This will likely spur similar moves by competitors and further increase industry focus on PQC. For CIOs and CISOs, the message is clear: start inventorying your cryptography and have a quantum-safe migration plan, because vendors will soon be pushing those solutions and nation-state hackers won’t be waiting around.