Scott Aaronson Sounds the Alarm: “This Post Is Your Warning”

April 30, 2026 — Quantum computing theorist Scott Aaronson has issued his most direct warning yet about the timeline for cryptographically relevant quantum computers (CRQC), stating in a blog post yesterday that experts he trusts now believe such systems “ought to be possible by around 2029.” The warning came hours after Aaronson was elected to the U.S. National Academy of Sciences.

“Some of the most reputable people in quantum hardware and quantum error-correction — people whose judgment I trust more than my own on those topics — are now telling me that a fault-tolerant quantum computer able to break deployed cryptosystems ought to be possible by around 2029,” Aaronson wrote on his blog Shtetl-Optimized.

The MIT-educated computer scientist, who holds the Schlumberger Centennial Chair at the University of Texas at Austin, explicitly framed his post as a warning to the cybersecurity community: “If quantum computers start breaking cryptography a few years from now, don’t you dare come to this blog and tell me that I failed to warn you. This post IS your warning.”

Aaronson’s warning follows his participation in a Coinbase-convened panel that produced a detailed position paper on quantum threats to cryptocurrency. His co-authors included Stanford cryptographer Dan Boneh, Ethereum Foundation’s Justin Drake, and prominent security researchers Sreeram Kannan, Yehuda Lindell, and Dahlia Malkhi.

The blog post reveals that major quantum computing companies have adopted an accelerationist stance toward CRQC development. According to Aaronson, these companies argue that racing to build cryptographically relevant quantum computers is “the most ethical, socially responsible thing” they can do, reasoning that open development by U.S. companies is preferable to secret development by foreign adversaries.

This logic mirrors arguments made by AI companies about acceleration toward artificial general intelligence. Aaronson acknowledged the parallel: “Does it remind you of the galaxy-brained arguments that AI company after AI company has offered over the last decade for why ‘really, if you think about it, accelerating toward dangerous superintelligence is the safest course of action that we could possibly take’?”

The 2029 timeline represents a significant compression from previous estimates. While Aaronson himself admits “I’m not a timing guy,” he emphasized that the assessment comes from hardware specialists whose expertise exceeds his own in practical quantum computing implementation.

The announcement coincided with Aaronson’s election to the National Academy of Sciences, an honor he had previously suggested he might decline following Richard Feynman’s example. However, Aaronson wrote that he would accept the membership, noting his gratitude toward “a fine club like NAS that will have me as a member.”

My Analysis

When Scott Aaronson feels compelled to sound the alarm, I pay attention. This is the researcher who spent two decades methodically explaining what quantum computers can’t do, pushing back against hype at every turn. He’s the anti-vendor, the skeptic’s skeptic. So when he writes “This post IS your warning” in all caps, something has shifted.

What makes this announcement different – Aaronson has made a career out of deflating quantum hype. He invented complexity classes like PostBQP specifically to understand quantum computing’s limits. He’s consistently been the voice saying “slow down, this is harder than you think.” Now he’s telling us the opposite.

The 2029 timeline aligns disturbingly well with what I’ve been tracking in my Q-Day predictions analysis. Google’s recent quantum Bitcoin ECDLP paper already showed us the path forward. What Aaronson adds is confirmation that the hardware experts, the people actually building these machines, believe they can walk that path within five years.

But here’s what really caught my attention: the moral logic of acceleration that quantum computing companies have adopted. They’re essentially saying, “We’re going to break the internet responsibly before China does it secretly.” This reasoning feels alarmingly familiar from the AI safety discourse. Same playbook, different existential risk.

Aaronson directly compares this to AI acceleration arguments, and he’s right to do so. In both cases, we have companies racing toward a capability cliff while arguing that speed equals safety. The difference? With quantum computing, we at least have defensive measures ready in the form of post-quantum cryptography. With AI, we’re still arguing about whether the cliff exists.

The Coinbase position paper that Aaronson co-authored represents another crucial shift. When major financial infrastructure players start convening panels of top cryptographers to address quantum threats, we’ve moved beyond academic speculation. Coinbase manages billions in digital assets secured by elliptic curve cryptography. They’re not prone to paranoia.

This brings me back to what I’ve been arguing in my “deadlines are set” framework. Organizations keep treating Q-Day as a distant maybe rather than an approaching certainty with fixed migration deadlines. The gap between when we need to start migrating and when many organizations plan to start keeps widening.

Consider what a 2029 CRQC timeline actually means. If you’re a CISO of a major financial institution, you need your PQC migration substantially complete before adversaries gain quantum capability. Not started, not planned — complete. Given typical enterprise migration timelines of 3-5 years, you should already be in execution mode. Right now.

Yet most organizations I talk to are still in the “monitoring” phase. They’re waiting for clearer signals, more definitive timelines, perhaps a demonstrated quantum factorization of a real RSA key. Aaronson is telling us to stop waiting.

The comparison to Harvest Now, Decrypt Later (HNDL) attacks adds another layer of urgency. Every day we delay migration is another day of communications potentially compromised retroactively. Nation-states are almost certainly stockpiling encrypted data right now, betting they’ll decrypt it within the decade. Based on Aaronson’s timeline, that bet looks increasingly reasonable.

I’ve previously analyzed how advances in quantum error correction and logical qubit scaling create a narrowing funnel toward CRQC. What’s new is the conviction level. When quantum hardware experts tell Aaronson, someone they know will publicly call out bad predictions, that 2029 is achievable, they’re staking their professional credibility.

There’s something else worth noting about Aaronson’s framing. He positions this warning as fulfilling his “moral duty” as the writer of “The Internet’s Most Trusted Quantum Computing Blog Since 2005.” Behind the self-deprecating humor lies a serious point: the quantum computing community has been warning about this for decades. The “nobody could have predicted this” excuse won’t fly.

What should security leaders do with this information? First, internalize that the timeline uncertainty has narrowed, not expanded. When optimistic hardware engineers give pessimistic theorists a 2029 date, the error bars have shrunk. Plan accordingly.

Second, recognize that waiting for perfect clarity means waiting too long. Shor’s algorithm has been public since 1994. The mathematical threat is proven. The engineering path is increasingly clear. The last variable (timeline) is resolving into focus.

Third, understand that post-quantum migration isn’t like patching a vulnerability. You can’t push it out overnight. It requires inventory, prioritization, testing, deployment, and verification across your entire cryptographic infrastructure. Start now or accept the risk of being caught unprepared.

Aaronson closes with a reference to being a “WordPress-using rando,” but his real point is sharp: even with his newly minted National Academy of Sciences membership, with his decades of credibility in quantum computing, with his co-authorship of industry position papers — even with all that, many organizations will ignore this warning.