Two messages landed in my inbox recently that asked about the same issue from different angles.
Stan B. wrote: “I just read your article about the advancement of AI. Fascinating. But I am even more interested in another technology that seems to be developing alongside AI. Quantum computing. What does the future look like when these two technologies mature? Better yet, what does it look like when they are combined?”
Then Jeff M. followed with the darker version of the same question: “Can’t help but wonder if these agents, in the wrong hands, can crack crypto security, defense work, and so on. If so, how do we prevent this?”
Thanks, Stan and Jeff. Your emails reminded me that I wanted to revisit a topic I took a deep dive into last year…
Q-Day.
Because based on what we’ve seen over the last seven months, I think it could be coming a lot faster than most people expected.
We’re In Stage One
Q-Day is a term for the moment that a quantum computer becomes powerful enough to break the public-key cryptography that protects bitcoin wallets, bank logins, military communications and a big chunk of the modern internet.
In July of last year, I laid out why that “someday” problem is also a “we have to start preparing now” problem. And I’m starting to believe that the amount of time we have to prepare is getting shorter.
Here’s why.
When people hear Q-Day, they think of a single dramatic event. Someone flips a switch and the world’s encryption collapses overnight.
At least, that’s how it would play out in a movie.
But that’s not how this threat is likely to play out in real life. Instead, it’s bound to arrive in stages.
And stage one is already here.
I call the “harvest-now, decrypt-later” stage. You see, our adversaries are already intercepting encrypted traffic today. And they’re storing it to wait for the day that they can unlock it with quantum technology.
That’s why security teams aren’t waiting for a quantum breakthrough before they act. They’re already focusing on the most vulnerable piece of the system.
When you visit a website, your browser and that website perform a quick exchange at the very beginning of the connection. Think of it as agreeing on a secret code before a conversation starts. That short exchange is what sets up the encryption that protects everything that follows.
If a powerful quantum computer can break that initial exchange, it can unlock the whole session.
So companies are upgrading that first step now.
Cloudflare, which sits in front of a huge portion of the internet’s traffic, has already rolled out what’s called “hybrid” encryption. In simple terms, that means it uses today’s classical cryptography and new quantum-resistant math together. Even if one fails in the future, the other still protects the connection.
Cloudflare is already deploying this hybrid encryption across live internet traffic at a global scale.
And that brings us to stage two: adoption.
As quantum-resistant encryption becomes the default setting in software that people already use, we’ll have an additional layer of protection against the potential harm of Q-Day.
That shift is happening faster than most people realize.
By early December 2025, Cloudflare said the share of human-generated web traffic it sees that is post-quantum encrypted reached 52%, up from 29% at the start of 2025.
And it’s not just browsers and web servers. In September 2025, GitHub started upgrading the security behind the scenes.
GitHub is where much of the world’s software is built. When software developers connect to GitHub to upload or update code, they use a secure channel.
GitHub has begun switching that channel to new, quantum-resistant encryption.
The same shift is happening in OpenSSH, one of the most widely used security tools on the internet. New versions now default to quantum-resistant encryption, and future versions will actively warn users if they aren’t using it.
So the internet is already behaving like the quantum threat is real. And the tools that build and maintain modern software are already changing the locks.
But is Q-Day really just around the corner? How close are we to truly powerful, code-breaking quantum machines?
Not necessarily.
The bottleneck continues to be reliability. Quantum bits, or qubits, are extremely fragile. They lose their quantum state quickly and make errors constantly.
That’s why no one is cracking bitcoin’s encryption today. It’s not because researchers don’t know the math. It’s because today’s quantum machines can’t run long, complex calculations without falling apart.
So the race to achieve code-breaking quantum computers isn’t just about adding more qubits.
It’s about fixing errors.
The breakthrough everyone is chasing is something called “fault tolerance.” That means building systems that can detect and correct mistakes fast enough to keep a computation stable.
And we are getting closer to solving this problem.
In October 2025, IBM demonstrated a quantum error-correction system running in real time on conventional chips that monitor and stabilize qubits. IBM positioned this as a key step toward building a large-scale, fault-tolerant quantum computer.
That’s good news for a host of industries that will benefit as quantum machines become more stable.
But it also means the timeline to Q-Day just got shorter.
Here’s My Take
So where does this leave Stan’s optimistic question and Jeff’s concerned one?
The thing is, AI and quantum don’t need to merge into some sci-fi superweapon to create risk. AI already makes cyberattacks faster and more automated, while quantum computing threatens the math that protects our data.
But if AI agents speed up attacks while quantum weakens encryption, the stakes rise really fast.
So how do we prevent this?
It comes down to migration.
The U.S. standards body, NIST, has already finalized new quantum-resistant encryption standards. In plain terms, they’ve published the replacement locks. They’ve even chosen backup options based on different math, just in case one approach fails.
Now the job is to swap the locks before someone builds a better lock-pick.
Because Q-Day isn’t a single date on a calendar. It’s a process that’s already underway.
And given how fast internet infrastructure is adopting quantum-resistant encryption, and how steadily hardware is improving, I believe the most realistic Q-Day timelines are moving closer, not farther away.
Which means the next five years are likely the window that matters most.
Regards,
Ian King
Chief Strategist, Banyan Hill Publishing
Editor’s Note: We’d love to hear from you!
If you want to share your thoughts or suggestions about the Daily Disruptor, or if there are any specific topics you’d like us to cover, just send an email to dailydisruptor@banyanhill.com.
Don’t worry, we won’t reveal your full name in the event we publish a response. So feel free to comment away!