RSAC 2026 had no shortage of AI security announcements. But tucked between the agentic AI demos and the deepfake detection booths was a quieter, more consequential shift: post-quantum cryptography went from theoretical concern to hard deadline.
Google announced a 2029 target for migrating its entire infrastructure to post-quantum cryptography. The federal government's OMB M-23-02 mandate carries the same January 1, 2029 deadline for federal agencies. IBM told the RSAC audience that Q-Day, the point at which quantum computers can break current encryption, likely falls between 2030 and 2033.
Three years. That is not a lot of runway for a migration that touches every encrypted communication, every digital signature, and every certificate chain in an organization.
The Standards Are Final. The Migration Isn't.
NIST finalized its first three post-quantum cryptographic standards in August 2024: ML-KEM for key encapsulation, ML-DSA for digital signatures, and SLH-DSA as a hash-based signature backup. These are not drafts or candidates. They are production-ready standards with FIPS designations.
Google has already migrated its own services to ML-KEM for key exchange. Android 17, entering beta now with general availability in June 2026, will ship with ML-DSA baked into its verified boot process, remote attestation, and certificate chains.
The standards exist. The reference implementations exist. The largest technology company on earth is shipping them into mobile devices this year.
And according to a Utimaco survey, only 20% of organizations have begun migrating. Fewer than 5% have a formal quantum-transition plan. Even NIST's own DNS security guide, published just days before RSAC, deferred post-quantum cryptography entirely. The gap between "standards are ready" and "enterprises are ready" is enormous.
"Harvest Now, Decrypt Later" Is Already Happening
The most common objection to PQC urgency is that quantum computers capable of breaking RSA-2048 or ECC do not exist yet. That is true. It is also irrelevant.
Google confirmed in February 2026 that adversaries are actively harvesting encrypted data, including financial records, trade secrets, and classified communications, betting that future quantum computers will crack today's encryption. This is the "harvest now, decrypt later" strategy, and it has been a known threat vector for years. The difference now is that the decrypt timeline is getting shorter.
Sensitive communications captured today could be decrypted as early as 2030. That means data exfiltrated in 2026 has a shelf life of roughly four years before it becomes readable. Ransomware groups have already shifted from encryption to pure data theft; harvest-now-decrypt-later is the same playbook with a longer fuse. For organizations handling financial data, healthcare records, trade secrets, or classified information, four years is well within the relevance window.
This is not a future problem. The harvesting is happening now. The decryption is the only part that is deferred.
What RSAC 2026 Showed Us
The RSAC expo floor reflected this shift with a cluster of PQC-specific product launches:
Qtonic Quantum debuted the first vendor-neutral PQC scoring platform, evaluating 215 post-quantum cryptography implementations across 12 categories. This is significant because it means organizations now have an independent way to assess whether their PQC implementations actually meet the standard, not just whether they claim to.
ZeroTier launched ZeroTier Quantum, the first software-defined networking platform with hybrid post-quantum cryptography embedded directly in its transport protocol. It meets NSA CNSA 2.0 standards, which is the bar the defense and intelligence communities are using.
Sandbox AQ, spun out of Alphabet, showed its enterprise PQC migration platform targeting regulated industries in financial services, government, and healthcare, the sectors with the most to lose and the least room for error.
These are not research papers or proof-of-concept demos. These are shipping products designed to solve a problem that, a year ago, most security teams were treating as optional.
Why Tokenization Is Already Quantum-Safe
Here is where the conversation gets practical. Not every defense against quantum decryption requires a cryptographic migration.
I work on Capital One Databolt, a vaultless tokenization platform, and one of its architectural properties is directly relevant to the harvest-now-decrypt-later threat: tokenized data cannot be reversed by quantum computing.
Databolt replaces sensitive data at the field level with tokens. Those tokens are not encrypted versions of the original data; they are irreversible substitutions. There is no key to crack, no ciphertext to factor, no mathematical relationship between the token and the original value that a quantum computer could exploit. If an adversary exfiltrates tokenized data and stores it for future quantum decryption, they will find that there is nothing to decrypt.
The communication between Databolt's control plane and data plane is also quantum-safe, built on symmetric encryption and hashing algorithms that remain resilient against known quantum attacks. Databolt implements a hybrid key encapsulation approach combining classical and post-quantum algorithms, and its digital signatures have been upgraded to NIST-selected quantum-safe versions.
This matters because the harvest-now-decrypt-later threat model assumes that the exfiltrated data is encrypted, meaning it has a mathematical structure that can eventually be reversed with sufficient compute. Tokenization breaks that assumption entirely. There is no ciphertext. There is no key. There is nothing for a quantum computer to work on.
For organizations that cannot complete a full PQC migration by 2029, tokenizing sensitive data at the field level is an immediate, deployable defense against the exact threat that Google and IBM are warning about.
What Organizations Should Do Now
The 2029 deadline is aggressive but not arbitrary. It reflects the convergence of three realities: NIST standards are finalized, quantum hardware timelines are compressing, and harvest attacks are already underway.
Inventory your cryptographic dependencies. You cannot migrate what you cannot see. Catalog every system that uses RSA, ECC, or other vulnerable algorithms. Qtonic's new scoring platform suggests the industry recognizes that most organizations do not even know the scope of their exposure.
Prioritize data-at-rest protections. Harvest-now-decrypt-later targets data at rest and data in transit. For data at rest, tokenization and format-preserving approaches can neutralize the threat without requiring a full cryptographic overhaul.
Start hybrid deployments. Google and NIST both recommend hybrid approaches that combine classical and post-quantum algorithms during the transition. This is not about ripping out existing infrastructure overnight; it is about layering quantum-safe protections alongside current ones.
Treat 2029 as a hard deadline, not a suggestion. Google set the same date as the federal mandate for a reason. The organizations that start now will have three years to migrate methodically. The organizations that wait will have months.
RSAC 2026 had plenty of AI-driven excitement. But the announcement that will age best is not an agentic SOC or a deepfake detector. It is the one that gave the industry a date and said: the clock is running.
