During this month’s earnings call with investors, Palo Alto Networks CEO Nikesh Arora made the bold claim that businesses will soon begin commercializing quantum computing, and added that nation-states could weaponize the technology even sooner.
Efforts are underway in both the United States and China to develop the first powerful, fault-tolerant quantum computer. The European Union, Russia, Japan, and India are also actively developing quantum programs. Whichever country or countries develop the technology sooner would have a system that could solve problems far faster than a classical computer.
Arora predicted the shit could happen by 2029 and suggested that most businesses and organizations will need to replace their security equipment, as current encryption standards – which are used to protect banking, secure communications, and other sensitive data – are vulnerable to the power of quantum computers.
“From our perspective, AI and quantum are going to drive a lot more volume. So as the more bits that fly around, the more they need to be inspected, which means the need for bit inspection technologies is not going to go away,” said Arora.
Nations Need to Prepare
Even if Arora is being overly optimistic, security researchers warn that the technology should still be seen as revolutionary, which is why so much effort is going into it.
Regardless of the timeline’s accuracy, the UK’s NCSC is urging major operators to begin post-quantum cryptography (PQC) migrations immediately, aiming for complete transition by the early to mid-2030s, highlighting the ‘harvest-now, decrypt-later’ risk,” explained Noelle Murata, senior security engineer at cybersecurity provider Xcape, Inc.
In other words, quantum computing will undermine existing encryption concepts, decrypt large quantities of data at scale, and do so quickly, Murata suggested.
“Nation-state actors will have access to all other states’ secrets,” Murata told ClearanceJobs in an email. “In conjunction with the advancements being made in AI technology, AIs will become more sophisticated, so our defenses must evolve to match.”
Other Threat Vectors
Even as quantum computing could be a significant game changer, it is still just one of several technologies that could upend the status quo.
Ted Miracco, CEO of security provider Approov, offered a counterpoint to Arora’s warnings. He also told ClearanceJobs that PQC shouldn’t be dismissed. Still, he said that “prioritizing a speculative future threat over the immediate reality of AI is, in my opinion, a strategic misallocation of resources that benefits vendor bottom lines more than enterprise security.”
Businesses may not be in a position in 2029 to deal with the change.
“Arora’s statement that ‘most businesses will need to replace their security appliances’ reveals a significant commercial incentive because PQC algorithms are computationally heavier than current standards – like RSA or ECC. They require more memory and processing power and a complete hardware refresh cycle,” Miracco explained. “By framing PQC as a hardware necessity, vendors like Palo Alto are looking to drive the retirement of perfectly functional legacy gear.”
He equated to the Y2K fears that drove spending to avoid “planes falling out of the sky,” and said we’re simply repeating the fears with a new threat.
“The ‘Quantum Apocalypse’ is being used to promote the fear of total data exposure to drive budget approval,” Miracco added. “The engineering required to stabilize a weaponized quantum computer remains scientifically immense and likely distant, while AI threats are already here, automating attacks and dismantling defenses at scale.”
What Should be Done
The old saying “hope for the best, and prepare for the worst” could ring true. It may be wise to prepare for multiple threats, not just one.
“For security teams, crypto-agility is crucial: assess public-key crypto usage, prioritize long-lived data, and plan to update certificates, keys, and protocols to NIST-approved PQC standards while maintaining compatibility,” explained Murata. “As standards and vendor support evolve, test hybrid TLS modes combining classic and PQC algorithms, assess HSM and PKI readiness, and demand interoperability evidence from vendors, not just “quantum-safe” claims. Integrate PQC milestones into contracts and resilience metrics to ensure progress even if timelines shift.”
He added that, whether it is quantum or something else, the primary concern isn’t just the decryption of data at rest but the immense data inspection required to secure all digital traffic against quantum threats.
“While Palo Alto may profit from being first in line to deliver ‘quantum-safe products,’ the deadline is pressing and demands immediate PQC roadmap prioritization,” Murata continued. “The quantum age won’t start with a bang; it will begin with the silent decryption of all your secrets.”
