The Post Quantum Radar

Keeping track of PQC availability

Post-Quantum Cryptography (PQC) was historically seen as a distant mathematical exercise, a theoretical bridge to cross sometime in the late 2030s. Recent, unreleased industry research has compressed that timeline significantly, and organizations target a full quantum migration by 2029 at the latest. The transition to quantum-safe security is no longer a future roadmap; it is an urgent, present-day engineering mandate.

To help navigate this complex transition, we have built the PQC Technology Radar, a visual guide tracking the algorithms and tools you need to secure your systems.

To better understand the radar, it is vital to understand why the timeline has accelerated and the consequences if we wait.

Why Today? The Incredible Shrinking Timeline

The shift in urgency stems from massive, recent breakthroughs in both quantum hardware and software. In early 2026, researchers at Google revealed a drastically improved quantum algorithm capable of breaking elliptic curve cryptography, the foundational math that secures most of the modern internet.

On the hardware front, advancements in “neutral atom” quantum computers have shattered previous estimates of the resources required to crack our current cryptographic defences. A recent paper by the research group Oratomic revealed that breaking standard P-256 encryption now requires a shockingly low 10,000 qubits, thanks to vastly superior error-correcting capabilities.

As a result of these compounded, independent advancements in hardware, software, and error correction, major tech organizations like Cloudflare and Google have aggressively pulled their “Q-Day” readiness targets forward to 2029. Public progress in quantum computing is moving at blinding speed, and the classified progress made by nation-state adversaries is likely even further along.

What is at Stake?

When a Cryptographically Relevant Quantum Computer (CRQC) comes online, it will threaten two distinct pillars of digital trust: encryption and authentication.

The first threat is Harvest Now, Decrypt Later (HNDL). Adversaries are actively recording vast swathes of encrypted, sensitive data flowing across the internet today. They cannot read it yet, but they are storing it in massive data centres. Once a quantum computer is available, it will retroactively decrypt this harvested data.

If you’re transmitting long-term sensitive information (like health records or state secrets), your data privacy is already a ticking clock.

However, the second, and arguably more severe threat, is a Catastrophic Authentication Failure. Encryption protects your data from being read; authentication proves you are who you say you are. If a quantum computer cracks the digital signatures used for authentication, an attacker can simply walk through the front door.

They could impersonate secure servers, forge digital credentials, or manipulate automatic software updates to create remote code execution vectors.

A data leak is terrible, but broken authentication gives an attacker the master keys to your entire infrastructure.

What is Available? Enter the PQC Radar

The good news is that the cryptographic community has not been sitting idle. The National Institute of Standards and Technology (NIST) has finalised its core quantum-safe standards, and the software industry is rapidly building the tools to implement them.

However, with dozens of new acronyms, like ML-KEM, SLH-DSA, and XMSS, and evolving libraries, keeping track of what is safe to deploy can be overwhelming. That is why we created the PQC Radar.

Divided into four quadrants across two axes (Algorithms vs. Tools and Encryption vs. Authentication), the radar gives you a clear, at-a-glance view of the ecosystem:

• Algorithms / Encryption: Discover the new math like the ML-KEM standard designed to stop “Harvest Now, Decrypt Later” attacks.

• Algorithms / Signing: Learn about the digital signatures (like ML-DSA and Merkle Tree Certs) that will prevent catastrophic authentication failures.

• Tools / Encryption: Track the real-world software you use every day, like modern web browsers, OpenSSH, and Go, that have already adopted hybrid quantum-safe defences.

• Tools / Authentication: See where the industry is currently experimenting with massive infrastructure overhauls, such as PQC x.509 Certificates, and developer tools, such as Bouncy Castle PQC.

We map these technologies across rings from ‘Adopt’, ready for production today, to ‘Hold’, too risky or heavy to implement just yet.

The post-quantum transition will take years to fully deploy across deep, third-party dependency chains, but the time to start is right now. Dive into the PQC Radar to see where the industry stands, and start plotting your organization’s path to a quantum-safe future.

Achieving crypto-agility across complex, deeply nested dependency chains is a significant engineering challenge. At ControlPlane, our specialists focus on helping organizations map their current risk, audit cryptographic dependencies, and implement post-quantum architecture.

If you are ready to move from assessment to execution ahead of the 2029 timeline, contact our team today to discuss how we can support you.