Q-FUD: The Quantum Panic Industry

Last Tuesday, a CISO at a major European financial services company forwarded me an email from a cybersecurity vendor. The subject line read: “URGENT: Chinese Government May Already Be Decrypting Your Transactions – Act Now.” The body cited an unnamed NSA source, referenced a recent preprint about quantum architectures, and offered a proprietary “quantum-safe” encryption suite that would “guarantee protection against all known and unknown quantum attacks.”

The CISO had one question: “Should I be worried?“

The answer is no. Not about the email, anyway. That particular message had all the hallmarks of what we started calling “Q-FUD” – quantum fear, uncertainty, and doubt, weaponized for commercial gain. There is no credible evidence that any nation-state is currently decrypting RSA-2048 traffic. There is no secret NSA briefing circulating among select vendors. And any company selling a proprietary encryption algorithm as your quantum salvation is, at best, dangerously misguided.

But here’s the thing: that CISO should be worried about something. Just not the thing the vendor was selling.

The real concern is that the growing tsunami of quantum hype – the breathless headlines, the apocalyptic vendor pitches, the researchers chasing press coverage with increasingly sensationalist claims – is actively making it harder for organizations to execute the one thing that actually matters: a disciplined, methodical migration to post-quantum cryptography.

Q‑FUD: FUD, but with qubits

Cybersecurity has always had a FUD problem.

“FUD” (fear, uncertainty, and doubt) is the oldest trick in enterprise security marketing: paint a worst-case scenario, imply you’re already compromised, sprinkle in enough jargon to make the buyer feel outgunned, and then offer the “only” solution – conveniently available this quarter.

Q‑FUD is that same playbook, just dressed in quantum vocabulary. It looks like:

• Urgency theater (“act now”, “immediate risk”, “it’s already happening in secret”).
• Authority laundering (unnamed “NSA sources”, vague “government briefings”, “classified insights” that never show up in public agency guidance).
• Science-name-dropping (real preprints used as marketing props, stripped of the caveats).
• Miracle products (especially proprietary “quantum-safe” algorithms, sold as salvation).

Why is Q‑FUD uniquely toxic? Because it doesn’t just scare people — it distorts program execution. It pushes leaders into panic buying, distracts engineering teams with shiny “quantum-proof” bolt-ons, and drains budget from the boring work that actually reduces risk: crypto inventories, dependency mapping, certificate lifecycle hygiene, protocol upgrades, and crypto‑agility.

In other words: Q‑FUD is not “just annoying marketing.” It’s a drag coefficient on the largest cryptographic infrastructure migration in history.

If you want a deeper dive into the broader ecosystem of quantum misinformation – beyond the crypto angle – I’ve written field guides and toolkits for it, including a guide to quantum hype and scams (Quantum of Flapdoodle), an investigation of quantum contrarian con artists (A Quantum Contrarian Con Artist), the older-but-still-useful Quantum Baloney Detection Toolkit, the case study in pure quantum woo (Quantum Medbeds), and so on. Actually, I wrote about this problem first time in 2001 – 25 years ago! (Quantum Snake Oil). And it’s only going to get worse this year.

This article is the narrower, more urgent slice: Q‑FUD around the quantum threat to encryption, right now – and the practical response that still works.

The Hype Machine Is Real, and It’s Accelerating

If you work in cybersecurity, you’ve noticed the volume increasing. Every few weeks, (well, in 2026 every few days) a new headline announces that quantum computers are about to break all encryption, that Q-Day is imminent, that the cybersecurity apocalypse is upon us. In February 2026 alone, New Scientist ran a piece declaring that breaking encryption with a quantum computer just got “10 times easier” – a misleading headline. Around the same time a separate group issued a press release explicitly invoking a “Cybersecurity Apocalypse in 2026” based on research so thin it barely warranted a blog post, let alone a press cycle.

These are not isolated incidents. Wired published “The Quantum Apocalypse Is Coming. Be Very Afraid” in March 2025, speculating that there was a 15% chance Q-Day had already happened in secret. Vendor blogs from PQC companies described Microsoft’s Majorana chip – a 105-qubit device whose own Nature peer reviewers added an editor’s note questioning the core claims – as posing “immediate risks to current encryption protocols.” And for a brief, surreal moment in late 2024, the announcement of Google’s Willow chip (a genuine but incremental milestone in quantum error correction) triggered headlines about the imminent death of Bitcoin. Google’s own spokesperson had to step in: the chip is “incapable of breaking modern cryptography.”

This pattern – legitimate research exaggerated by media, then further distorted by vendors seeking to monetize fear – is not going to get better. It is going to get significantly worse. And understanding why is essential to inoculating your organization against it.

Why the Hype Will Get Worse Before It Gets Better

Three forces are converging to create a perfect storm of quantum misinformation, and all three are accelerating.

First, the regulatory pressure is real and intensifying. NIST’s IR 8547 mandates the deprecation of RSA-2048 and equivalent classical algorithms by 2030 and their complete elimination by 2035. The NSA’s CNSA 2.0 suite requires new national security systems to support post-quantum algorithms by 2027. The UK NCSC published concrete migration timelines in March 2025 with a three-phase plan running through 2035. The EU released a coordinated roadmap targeting full transition by 2035. Australia’s ASD set the most aggressive deadline globally: complete PQC transition by end of 2030. France’s ANSSI has made hybrid encryption mandatory for certain use cases since 2022.

Every one of these deadlines represents a compliance obligation – and therefore a market opportunity. Where there is regulatory urgency, there will be vendors selling urgency.

Second, the genuine science is advancing. The trajectory of resource estimates for breaking RSA-2048 with a quantum computer has been consistently downward: from 20 million physical qubits in 2019, to under one million in Gidney’s landmark 2025 paper, to a theoretical 98,000 in the Pinnacle Architecture preprint of February 2026. Each of these is genuine, rigorous science. But each produces a headline – “10 times fewer qubits!” – that travels infinitely faster than the caveat. And the caveat, as I analyzed in detail, is always the same: reducing qubit count doesn’t eliminate the engineering challenge; it transforms it. The Pinnacle Architecture’s 98,000-qubit estimate requires a month of continuous fault-tolerant operation on hardware that doesn’t exist, using decoders nobody has built, with connectivity patterns no current platform supports.

None of this stops the headline from becoming a sales pitch by the following Monday.

Third, money is pouring into quantum. Quantum computing stocks experienced wild swings throughout 2025 and into 2026 – IonQ, Rigetti, and D-Wave traded at extraordinary valuations before Jensen Huang’s CES 2025 comment that useful quantum computing was “about 20 years” away wiped over $8 billion in market value in a single session. IonQ has faced multiple short-seller reports questioning its revenue disclosures. Where speculative capital meets unclear timelines, hype is the inevitable byproduct – and it spills directly into the cybersecurity market, where fear converts to purchase orders more reliably than almost anywhere else in enterprise technology.

The Anatomy of Quantum Snake Oil

After years (decades!) of tracking this space, certain patterns have become depressingly predictable. Understanding them is the best defense against making expensive mistakes. I’ve covered these extensively in my guide to quantum hype and scams, but the key signatures are worth repeating – especially as the market heats up.

The proprietary algorithm pitch

This is the most dangerous variant. A vendor claims to have developed a novel encryption algorithm that is “provably quantum-safe” or “unbreakable by any known quantum attack.” The algorithm is proprietary. It has not been submitted to NIST’s standardization process. It has not been subjected to years of public cryptanalysis by the global research community. And the vendor will, with great confidence, explain why their approach is superior to the algorithms that have survived that process.

Walk them out.

This is not hyperbole. The entire history of cryptography teaches one lesson with brutal consistency: algorithms that have not been subjected to sustained, public, adversarial review by the global cryptographic community will be broken. The NIST PQC standardization process took seven years, began with 82 submissions, and was ruthlessly competitive. Algorithms were attacked continuously by hundreds of the world’s best cryptographers. Several leading candidates were broken during the process. The survivors – ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) – earned their status. A proprietary algorithm developed by a vendor’s internal team, no matter how talented, has not.

The insider threat claim

“We have information from government sources that [nation-state X] is already breaking RSA-2048.” This is almost always fabricated, and it’s trivially easy to check: if a nation-state actually had a cryptanalytically relevant quantum computer, the NSA would not be calmly publishing phased migration timelines running through 2035. The UK NCSC would not be publishing three-phase plans that begin with “discover and plan” and don’t reach full adoption until the mid-2030s. NIST would not be serenely selecting HQC as a backup KEM for standardization by 2027. The very existence of these measured, multi-year timelines is your strongest evidence that nobody credible believes RSA-2048 is currently being broken.

The deadline panic

“The quantum threat is immediate. You need to act now or it will be too late.” The quantum threat is real, but it is not immediate in the way these vendors mean. The actual deadlines – set by organizations with access to classified intelligence about quantum computing progress – give you until 2030 for deprecation and 2035 for elimination. That is not a reason for complacency; as Mosca’s Theorem demonstrates, the time to start migrating was yesterday. But it is emphatically a reason for methodical urgency rather than panic buying.

The headline-to-sales-pitch pipeline

A paper drops on arXiv. It contains genuine but incremental progress. A journalist writes a story with a sensational headline. A vendor’s marketing team screenshots the headline, puts it in a slide deck, and uses it to create urgency in their next sales call. By the time it reaches your desk, the original paper’s careful caveats have been stripped away, leaving only the fear. We saw this happen in real time with the Chinese 48-bit factoring claim in 2024, with the 4,099-qubit myth, and most recently with the Pinnacle Architecture.

Your North Star: Standards Bodies and National Security Agencies

So if you can’t trust the headlines and you shouldn’t trust the vendors, who should you trust?

The answer is boring, which is exactly why it’s right: trust your national standards bodies and security agencies. Their guidance is developed with access to classified intelligence about quantum computing progress, vetted by the world’s leading cryptographers, and calibrated for the actual threat timeline – not the marketing cycle.

Here is what they are actually telling you to do right now. It’s strikingly consistent across continents.

NIST has published three finalized PQC standards – ML-KEM for key encapsulation, ML-DSA for digital signatures, and SLH-DSA as a conservative hash-based backup — with a fourth (FN-DSA, formerly FALCON) expected in late 2026. A fifth algorithm, HQC, was selected in March 2025 to provide code-based algorithmic diversity as a backup to lattice-based ML-KEM. They have released comprehensive migration guidance in SP 1800-38, technical KEM recommendations in SP 800-227, and a detailed crypto-agility framework.

The message from every major security agency on the planet converges on the same set of actions: conduct a cryptographic inventory, build a cryptographic bill of materials, prioritize systems with long data-retention horizons, begin migrating to NIST-standardized algorithms, and – critically – build crypto-agility so you can rotate algorithms when future standards evolve.

That’s it. There is no secret sauce. There is no shortcut. And anyone selling you one is selling you something else.

PQC Migration Is Infrastructure Work – Treat It That Way

Here is perhaps the most important mindset shift for any executive reading this article: post-quantum cryptography migration is not a cybersecurity emergency. It is an infrastructure transformation program. A very large one.

I’ve written extensively about the true scale of PQC migration – my analysis of a real enterprise program plan identified over 120,000 discrete tasks spanning 8-10 years for a single large organization. This is not an exaggeration for effect. When you trace every cryptographic dependency in a modern enterprise – every TLS configuration, every certificate chain, every hardware security module, every embedded device, every vendor integration, every OT/ICS system running protocols designed before most of your workforce was born – the scope is genuinely staggering.

But it is not unprecedented. Organizations have executed transformations of this scale before. The Y2K remediation effort, the migration from SHA-1 to SHA-2, the transition from TLS 1.0/1.1 to TLS 1.2/1.3, the ongoing cloud migration programs – these are the operational analogues. Somewhat. PQC migration is larger than any single one of them, but it follows the same fundamental pattern: discover, inventory, prioritize, test, migrate, validate. As I’ve argued, PQC is necessary but not sufficient – you need to build the organizational muscle for crypto-agility, not just swap one set of algorithms for another.

The apocalyptic framing is not just inaccurate – it is actively counterproductive. When executives hear “quantum apocalypse,” they either panic and make rash purchasing decisions, or they freeze because the problem sounds too big to solve. Neither response is useful. What is useful is framing PQC migration as a structured program with clear phases, concrete milestones, and a timeline that is aggressive but achievable. Your migration time is inversely proportional to your crypto-agility (as I call it – Marin’s Law). Build the agility, and the migration becomes manageable. Neglect it, and no amount of vendor-supplied panic will save you.

Who to Actually Listen To

If you want to track real quantum computing progress without wading through the hype, you need better signal sources. The mainstream tech press is, with rare exceptions, not equipped to evaluate quantum computing claims. Here are the people and venues that consistently provide honest, technically rigorous assessments.

Craig Gidney (@CraigGidney on X, algassert.com blog) is a research scientist at Google Quantum AI and the author of the landmark resource estimates for RSA-2048 factoring that underpin every serious Q-Day timeline. When he says something about how many qubits it takes to break encryption, he’s not speculating – he literally wrote the algorithms. His response to the Pinnacle Architecture was characteristically measured: acknowledging the genuine advance while flagging the connectivity assumptions that make the headline number misleading.

Scott Aaronson (scottaaronson.blog, the “Shtetl-Optimized” blog) is a professor of computer science at UT Austin, an ACM Fellow, and probably the most important public communicator in quantum computing. He does not use social media; his blog is his sole channel, and it is indispensable. He has repeatedly called out quantum hype – his post “Quantum Investment Bros: Have You No Shame?” should be required reading – while also flagging when genuine progress occurs. He personally intervened on the Pinnacle Architecture paper’s title to reduce the risk of journalistic misinterpretation. When Aaronson says something deserves attention, it does.

Jaime Gómez García (LinkedIn) leads Santander’s Global Quantum Threat Program and chairs the Europol Quantum Safe Financial Forum. For payments CISOs specifically, he is the single most relevant voice in the field – someone running an actual PQC migration at a systemically important financial institution, not theorizing about one. His LinkedIn content consistently bridges the gap between academic cryptography and enterprise operations.

Daniel J. Bernstein (@hashbreaker on X, blog.cr.yp.to) literally coined the term “post-quantum cryptography” in 2003 and co-created SLH-DSA (SPHINCS+), one of the three NIST-standardized PQC algorithms. He has been a vocal and sometimes controversial critic of aspects of the NIST process, but his technical assessments are rigorous and independent. When djb flags a concern about an algorithm’s security margin, the community listens.

Michele Mosca (LinkedIn, evolutionQ) is the University of Waterloo professor behind Mosca’s Theorem – the foundational framework that CISOs worldwide use to assess PQC migration urgency. His Global Risk Institute Quantum Threat Timeline reports are the most methodologically rigorous surveys of expert opinion on Q-Day timing.

John Preskill (@preskill on X, quantumfrontiers.com) coined both “quantum supremacy” and “NISQ” and is among the founders of quantum error correction theory. His assessments of quantum computing milestones are measured, authoritative, and free of commercial interest.

For community-level discussion, SciRate provides an overlay on arXiv where researchers comment on new papers – look for the quant-ph feed. The NIST PQC mailing list (3,000+ members) is where the actual standardization debates happen. And Quantum Computing Stack Exchange provides surprisingly rigorous technical Q&A.

These sources won’t sell you anything. They won’t tell you the apocalypse is imminent. They will tell you, in precise technical language, what is actually happening in quantum computing and what it means for your cryptographic infrastructure. That’s infinitely more valuable than a sensational headline.

Conclusion

The hype merchants will keep churning out apocalyptic headlines. The vendors will keep selling fear. The researchers chasing press coverage will keep issuing breathless claims. And the resource estimates for breaking RSA-2048 will – as they have every few years for the past decades – continue to drop, producing fresh waves of panic with each new preprint.

Ignore the noise. Trust the standards bodies. Follow the experts who show their work. And keep migrating.

The organizations that will be quantum-safe in 2035 are not the ones panicking today. They are the ones quietly building their cryptographic inventories, testing ML-KEM in their TLS stacks, writing crypto-agility into their architectural standards, and treating this as what it is: the largest cryptographic infrastructure transformation in history. One that will be won not by whoever screams loudest, but by whoever plans best.

Keep calm. Carry on. Migrate.