Quantum Encryption Threat: Google’s Urgent Warning on SNDL Attacks
Google issued what might be the most consequential cybersecurity warning of the year. Kent Walker, President of Global Affairs at Alphabet and Google, didn’t mince words: Current encryption systems are vulnerable to quantum computing, and adversaries are already exploiting that vulnerability — just not in the way you might expect.
The core message? Stop treating quantum threats as a future problem. They’re a present one.
Key Takeaways
- "Store Now, Decrypt Later" Attacks Are Already Underway. Google confirmed that adversaries are actively harvesting encrypted data — financial records, trade secrets, classified communications — betting that future quantum computers will crack today's encryption. This isn't a theoretical risk anymore; it's an ongoing intelligence collection campaign targeting organizations right now.
- Google Has Already Completed Its Post-Quantum Migration. Google migrated key exchanges for internal traffic to ML-KEM, the post-quantum standard NIST finalized in August 2024, and all Google services now use quantum-resistant key exchange by default. The company's completed migration removes the "it's not feasible yet" argument and puts pressure on every other enterprise to follow.
- The White House Quantum Executive Order Has a Major Blind Spot. The draft executive order on quantum technology tasks federal agencies with updating the National Quantum Strategy but reportedly omits provisions for post-quantum cryptography. Google's policy recommendations appear designed to fill that gap, calling for PQC adoption across critical infrastructure, cloud-first modernization, and global standards alignment.
- 91 Percent of Organizations Have No Post-Quantum Roadmap. Research cited by Google Cloud found that only 9 percent of organizations have a plan for transitioning to quantum-resistant encryption. With government contracts expected to mandate PQC compliance in 2026 and analysts estimating a 12-to-24-month window just to begin migration, the readiness gap is staggering.
- Existing Compliance Frameworks Will Enforce PQC Without New Rules. Regulations like HIPAA, PCI DSS, and SOX already require "reasonable" security measures, and the definition of reasonable will shift as post-quantum standards become widely available. Organizations that continue relying exclusively on classical encryption risk noncompliance under existing frameworks — the same pattern that played out when TLS 1.0 and 1.1 were deprecated.
“Store Now, Decrypt Later” Is Already Happening
Let’s start with the scariest part of Google’s announcement, because it deserves attention upfront. Malicious actors are actively harvesting encrypted data right now. Financial records, trade secrets, classified government communications — all of it is being vacuumed up and stored, with the expectation that quantum computers capable of breaking today’s encryption will eventually arrive.
This attack vector has a name in the cybersecurity community: “store now, decrypt later” (SNDL). And it’s not a hypothetical. Google confirmed that these campaigns are already underway.
Think about that for a second. Every piece of sensitive data your organization transmits today, encrypted with current standards, could be sitting in an adversary’s storage somewhere, waiting. The encryption hasn’t been broken yet — but the bet is that it will be, and possibly sooner than most people assume.
Walker put it bluntly: “A cryptographically relevant quantum computer is not forever a decade away.” That phrasing is deliberate. For years, the quantum threat timeline has been a moving target, always pushed out just far enough to justify inaction. Google is saying that framing is no longer acceptable.
This is a significant shift in tone from one of the world’s largest technology companies. And it should change how every CISO and compliance officer thinks about their encryption roadmap.
What Google Has Actually Done
It’s worth noting that Google isn’t just sounding alarms — they’re walking the walk. The company announced that it’s on track to complete its post-quantum cryptography (PQC) migration within NIST’s recommended guidelines. Specifically, Google has already migrated key exchanges for internal traffic to ML-KEM, the primary post-quantum standard that NIST finalized in August 2024.
All Google services and select Google Cloud-native services now use quantum-resistant key exchange by default. That’s a massive infrastructure change, and the fact that they’ve completed it gives their warning extra weight. When a company that processes a staggering percentage of global internet traffic says “we’ve done this, and you need to as well,” it carries a different kind of credibility than a vendor pushing a product.
ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), for those not deep in the cryptographic weeds, is one of the algorithms NIST selected as part of its years-long post-quantum cryptography standardization effort. It’s designed to resist attacks from both classical and quantum computers, making it a drop-in replacement for current key exchange mechanisms — at least in theory. In practice, migrating enterprise infrastructure to new cryptographic standards is rarely straightforward, which is precisely why Google’s timeline recommendations are so aggressive.
The Policy Gap Nobody’s Talking About
Here’s where things get interesting from a regulatory compliance perspective. The White House is currently drafting an executive order on quantum technology titled “Ushering In The Next Frontier Of Quantum Innovation.” On paper, that sounds comprehensive. The draft tasks multiple federal agencies with updating the National Quantum Strategy and developing new quantum computing capabilities for scientific applications.
But there’s a notable omission: The draft reportedly lacks provisions specifically addressing post-quantum cryptography. That’s a pretty significant blind spot. You’d think that an executive order focused on quantum innovation would address the single most urgent security implication of that same technology, but apparently not — at least not yet.
Google’s policy push appears specifically designed to fill that gap. Walker outlined five recommendations for policymakers that read less like suggestions and more like a blueprint for what the executive order should include. Among them: driving society-wide momentum around PQC adoption (especially for critical infrastructure like energy grids and healthcare systems), promoting cloud-first modernization to enable faster cryptographic updates, building AI systems with post-quantum cryptography from the start, and preventing global fragmentation in standards adoption.
That last point about fragmentation is worth dwelling on. If different countries adopt incompatible post-quantum standards, it would create enormous friction for global commerce and data sharing. We’ve already seen this play out with data privacy regulations — GDPR, CCPA, China’s PIPL, and dozens of others creating a compliance patchwork that’s expensive and complex to manage. Repeating that pattern with cryptographic standards would be far worse, because encryption is even more foundational to how digital systems operate.
Only 9 Percent Have a Plan
Perhaps the most alarming statistic in Google’s announcement: According to research cited by Google Cloud, only 9 percent of organizations currently have a post-quantum roadmap in place.
Nine percent.
That number should terrify anyone responsible for enterprise security or regulatory compliance. Analysts are describing the migration window as roughly 12 to 24 months for organizations to begin their transition. Not complete it — begin it. And yet the overwhelming majority of organizations haven’t even started planning.
Jennifer Fernick, Senior Staff Security Engineer at Google Cloud, framed the urgency around digital signatures specifically: “The sooner we’re able to secure these signatures, the more resilient the digital world’s foundation of trust becomes.” She’s right. Digital signatures underpin everything from software updates to financial transactions to identity verification. If those signatures can be forged by a quantum-capable adversary, the entire chain of digital trust unravels.
From a compliance standpoint, this creates a tricky dynamic. CISA has already issued federal guidance identifying technology product categories where post-quantum cryptography is widely available, and government contracts are expected to mandate PQC compliance starting in 2026. If your organization does business with the federal government — or is subject to frameworks like FedRAMP, CMMC, or ITAR — the writing is on the wall. PQC requirements are coming, and likely faster than most procurement and IT teams are prepared for.
Why This Matters Beyond Government Contracts
But the compliance implications extend well beyond federal contracting. Consider the regulatory frameworks that already require “reasonable” or “appropriate” security measures — HIPAA, PCI DSS, SOX, various state privacy laws. The definition of what constitutes “reasonable” security is going to shift as post-quantum standards become available and widely adopted.
Here’s the logic: Once NIST has published finalized PQC standards (which it has), and once major technology providers have implemented them (which Google now has), it becomes increasingly difficult to argue that continuing to rely exclusively on classical encryption constitutes a reasonable security posture. Regulators won’t need to write new rules. They’ll just interpret existing ones differently.
This is exactly how encryption requirements evolved before. When TLS 1.0 and 1.1 were deprecated, organizations that continued using them found themselves out of compliance with PCI DSS — not because a new rule was written, but because the standard of “strong cryptography” evolved. Expect the same pattern with post-quantum cryptography.
For organizations that handle sensitive data governed by long retention periods — think healthcare records, financial data, intellectual property, legal documents — the SNDL threat adds another dimension. Data encrypted today might need to remain confidential for 10, 20, or 30 years. If a quantum computer capable of breaking current encryption arrives within that window, you have a retroactive data breach on your hands. The data was already stolen; you just didn’t know it was exposed.
What Should Organizations Do Right Now?
The practical advice here isn’t complicated, even if the execution is. First, take a cryptographic inventory. You need to know what encryption algorithms your systems currently use, where they’re used, and how deeply embedded they are. This is harder than it sounds — most organizations have encryption scattered across applications, databases, APIs, VPN tunnels, email systems, and storage layers with no centralized visibility.
Second, start evaluating post-quantum solutions from your existing vendors. Many major cloud providers and security vendors are already rolling out PQC support or have it on their near-term roadmaps. If your infrastructure is heavily cloud-based, you may benefit from upgrades your providers are making on your behalf — but you need to verify that, not assume it.
Third, prioritize your most sensitive and longest-lived data. Not everything needs to be migrated on the same timeline. Data that must remain confidential for decades (patient records, defense-related information, trade secrets) should be at the front of the queue, precisely because of the SNDL threat.
And fourth, engage your compliance and legal teams now. Don’t wait for an explicit regulatory mandate. The organizations that start their PQC migration proactively will be in a far stronger position than those scrambling to catch up after a compliance deadline drops.
The Bigger Picture
Google’s warning is part of a broader shift that’s been building for the past two years. NIST finalized its first post-quantum standards in August 2024. The NSA has published its own timelines for transitioning national security systems to quantum-resistant cryptography. CISA is issuing guidance. And now the largest technology company in the world is publicly stating that the threat is imminent, not theoretical.
The quantum computing security conversation has moved from academic conferences and niche working groups into boardrooms and regulatory agencies. That transition happened faster than many expected, and the gap between awareness and action remains enormous.
Whether you’re a CISO trying to build a business case for PQC investment, a compliance officer mapping out future regulatory exposure, or an IT leader evaluating your cryptographic infrastructure — the time for wait-and-see has passed. Google just told you as much. And with only 9 percent of organizations even having a roadmap, the competitive and regulatory advantage of moving early is substantial.
The quantum clock is ticking. The question is whether your organization will be ready when it runs out.
Frequently Asked Questions
On February 7, 2026, Google issued an urgent warning that current encryption systems are vulnerable to quantum computing threats and that adversaries are already harvesting encrypted data in “store now, decrypt later” attacks. Kent Walker, President of Global Affairs at Alphabet and Google, called on governments and industry to accelerate adoption of post-quantum cryptography, stating that a cryptographically relevant quantum computer is no longer perpetually a decade away. Google also revealed that it has already migrated its own services to quantum-resistant key exchange using ML-KEM, the post-quantum standard finalized by NIST in August 2024.
A store now, decrypt later attack is a strategy where adversaries collect and stockpile encrypted data today with the intention of decrypting it once quantum computers become powerful enough to break current encryption algorithms. Google confirmed that these attacks are already happening, with threat actors harvesting encrypted financial records, trade secrets, and classified communications. The danger is particularly acute for data that must remain confidential for years or decades, such as healthcare records, defense-related intellectual property, and financial data, because a quantum breakthrough within that confidentiality window would retroactively expose everything that was collected.
Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks from both classical computers and future quantum computers. In August 2024, the National Institute of Standards and Technology (NIST) finalized its first set of post-quantum cryptographic standards, including ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) for key exchange and ML-DSA for digital signatures. These standards are intended to replace current encryption methods that would be vulnerable to quantum attack, and they serve as the foundation for the global transition to quantum-resistant security infrastructure.
Government contracts are expected to mandate PQC compliance starting in 2026, and CISA has already issued federal guidance identifying product categories where post-quantum cryptography is widely available. Organizations subject to frameworks like FedRAMP, CMMC, and ITAR should expect explicit PQC requirements in the near term. Beyond government contracting, existing regulatory frameworks such as HIPAA, PCI DSS, and SOX that require “reasonable” or “appropriate” security measures will likely be reinterpreted to include post-quantum protections as PQC becomes commercially accessible — like how PCI DSS compliance evolved when TLS 1.0 and 1.1 were deprecated.
Google has migrated key exchanges for all internal traffic to ML-KEM and reports that all Google services and select Google Cloud-native services are now protected by quantum-resistant key exchange by default. The company says it is on track to complete its full post-quantum cryptography migration within NIST’s recommended guidelines. Google’s completed migration is significant because it demonstrates that large-scale PQC deployment is technically feasible and removes the argument that the standards are too new or untested for enterprise adoption.
Organizations should start by conducting a cryptographic inventory to identify every encryption algorithm in use across applications, databases, APIs, VPN tunnels, email systems, and storage infrastructure. From there, they should evaluate PQC support from existing cloud providers and security vendors, prioritize migration for the most sensitive and longest-lived data (which carries the highest SNDL risk), and engage compliance and legal teams immediately rather than waiting for explicit regulatory mandates. Analysts estimate a 12-to-24-month window for organizations to begin their transition, and with only 9 percent of organizations currently having a post-quantum roadmap, early movers will hold a significant regulatory and competitive advantage.
Google’s policy recommendations appear to address a notable gap in the draft White House executive order on quantum technology, which focuses on updating the National Quantum Strategy and building quantum computing capabilities but reportedly omits provisions related to post-quantum cryptography. Walker outlined five recommendations for policymakers, including driving PQC adoption for critical infrastructure like energy grids and healthcare systems, promoting cloud-first modernization for cryptographic agility, ensuring AI systems are built with post-quantum protections, and preventing global fragmentation in PQC standards adoption. While Google didn’t explicitly criticize the executive order, the timing and substance of its recommendations strongly suggest the company views the current policy approach as incomplete.