New research from Google and startup Oratomic suggests quantum computers could crack the encryption protecting your bank, your emails, and the internet — possibly before 2030. Here’s what changed, and what it means for everyone.
Key takeaways
- Google and startup Oratomic published separate breakthroughs showing encryption can be broken with far fewer quantum resources than previously assumed.
- AI was “instrumental” in accelerating the Oratomic team’s algorithm — a first in quantum cryptanalysis research.
- Cloudflare, which protects a quarter of the world’s internet traffic, has moved its post-quantum security deadline up to 2029.
- The “harvest now, decrypt later” threat means your data intercepted today could be exposed in the future.
What Just Happened?
For decades, the internet has run on a quiet promise: that it would take millions of years for any computer to crack the encryption locking your passwords, bank transactions, and private messages. That promise just got a lot shakier.
In late March and early April 2026, two separate research teams — one from Google Quantum AI and another from Oratomic, a Caltech spin-off — published findings that have sent shockwaves through the cybersecurity world. The core conclusion: quantum computers capable of breaking today’s encryption could arrive much sooner than previously thought, possibly within three to four years.
Breaking news context: Quantum computing researcher Scott Aaronson of UT Austin called the two new papers “quantum computing bombshells” in a blog post on April 1, 2026. Cloudflare, which secures approximately one quarter of all internet traffic, responded by accelerating its post-quantum security deadline from 2035 to 2029.
What makes this a genuine turning point — not just another overhyped research claim — is the combination of two things happening at once. First, the math got dramatically simpler. Second, artificial intelligence helped make it happen.
Understanding the Threat: A Quick Primer
Most of the internet’s security rests on a type of encryption called RSA and elliptic curve cryptography (ECC). These systems are secure because they rely on math problems — like factoring enormous numbers — that are practically impossible for today’s computers to solve in any reasonable timeframe. A standard computer trying to crack a 2048-bit RSA key would need, in theory, millions of years.
Quantum computers are different. They exploit the strange rules of quantum mechanics to run certain calculations in parallel, making them exponentially faster at exactly the kind of math that breaks encryption. A sufficiently powerful quantum computer running an algorithm called Shor’s algorithm could crack RSA in hours or minutes.
The catch? Until recently, “sufficiently powerful” meant roughly 20 million quantum bits (qubits) — an engineering challenge so enormous that most experts placed the threat a decade or more away. That estimate just collapsed.
20M
Qubits previously estimated to break RSA-2048
<1M
Qubits now estimated after recent research
10,000
Qubits Oratomic estimates to break P-256 encryption
2029
Cloudflare’s new post-quantum security deadline
The Role of AI: An Unexpected Accelerant
Here is where the story gets particularly striking. Dolev Bluvstein, one of Oratomic’s lead researchers, told TIME magazine that artificial intelligence was integral to arriving at the new algorithm. “There is no question that we used AI to accelerate this development,” Bluvstein said.
This is not AI in a metaphorical sense — researchers used AI systems to explore mathematical solution spaces that would have taken human researchers far longer to navigate manually. The same technology that powers modern chatbots and coding assistants is now helping discover quantum algorithms capable of undermining the cryptographic systems that keep the internet secure.
It is a development that carries a certain dark irony: the AI boom that has driven trillions in investment in 2025 and 2026 may have inadvertently accelerated one of the most significant security threats in digital history.
“The world is currently, in my view, not prepared.” — Dolev Bluvstein, Oratomic co-founder
What the Two Papers Actually Found
Google’s research team focused on a cryptographic method called elliptic curve cryptography, specifically the P-256 standard used to secure most digital signatures and authentication systems. Their finding: a drastically improved quantum algorithm could break this system with far fewer resources than any prior estimate. Notably, Google chose to release a cryptographic proof that their algorithm works without revealing the algorithm itself — a signal that the company considered the raw methodology too sensitive to publish openly.
Oratomic’s paper took a different angle. Rather than hiding results, the team published detailed resource estimates showing that P-256 could be cracked with as few as 10,000 qubits on a neutral atom quantum computer. For context, today’s most advanced quantum machines are already operating in this ballpark in terms of qubit count, though reliability and error correction remain significant challenges.
Why “harvest now, decrypt later” matters today: State actors and sophisticated hackers are already collecting encrypted data right now — banking records, government communications, medical files — with the plan to decrypt them once powerful quantum computers arrive. If your sensitive data has a shelf life beyond 2029, it may already be at risk.
The Industry Response So Far
The cybersecurity industry’s reaction has been swift. Cloudflare announced it was “accelerating” its entire post-quantum roadmap, targeting full post-quantum security across its products by 2029. The company noted that 65% of human traffic flowing through its network is already post-quantum encrypted, but that authentication systems — the keys that verify who you actually are — remain the urgent unsolved problem.
Google has separately set an internal 2029 deadline for migrating all of its own infrastructure to post-quantum cryptography. The U.S. government’s National Institute of Standards and Technology (NIST) finalized its first post-quantum cryptography standards in August 2024, giving the industry a framework to work from. But migrating global infrastructure is slow, expensive, and technically complex — especially for government agencies, hospitals, and financial systems running legacy software built decades ago.
What Does This Mean for Ordinary People?
For most individuals, the immediate practical risk is low. Consumer-facing products from major tech companies — your iPhone, Gmail, banking apps — will be updated before quantum computers reach the capability needed to pose a live threat. The bigger concern is for your data that exists right now, in transit or in storage, that could be harvested by adversaries today and cracked in the future.
Researchers advise that anyone handling long-term sensitive information — medical records, legal documents, proprietary business data, government communications — should be pressing their service providers on post-quantum migration timelines. The NIST has finalized post-quantum standards (ML-KEM, ML-DSA, SLH-DSA), and any vendor not actively planning migration is already behind.
Important Caveats
It is worth noting that neither paper has yet been peer-reviewed, and several quantum computing experts have cautioned against panic. Each reduction in qubit count required shifts the difficulty to harder engineering problems: sustaining fault-tolerant computation across hundreds of thousands of qubits reliably remains a serious unsolved challenge. Princeton professor and quantum researcher Jeff Thompson noted that many of the assumptions the Oratomic authors make are still “untested.”
The science is moving fast, but building a machine that actually executes these algorithms at scale is a different problem from proving mathematically that it could be done. The window is narrowing — but it has not closed.
Frequently Asked Questions
Is my online banking at immediate risk from quantum computers?
No, not today. Current quantum computers do not have the scale or reliability to break encryption in practical use. The threat window most experts cite is 2029–2032, and major banks and tech companies are already planning migrations.
What is post-quantum cryptography?
It refers to a new generation of encryption algorithms — standardized by NIST in 2024 — designed to be secure against both classical and quantum computers. These algorithms rely on mathematical problems that even quantum computers cannot solve efficiently.
What is “harvest now, decrypt later”?
It is a strategy where adversaries collect large amounts of encrypted data now and store it, waiting until quantum computers become powerful enough to decrypt it. Data with long-term sensitivity — classified communications, medical files, intellectual property — is particularly at risk.
Should I be changing my passwords or doing anything right now?
For most individuals, no immediate personal action is required. The more important step is asking your critical service providers — banks, healthcare systems, employers — what their post-quantum migration timeline looks like, and whether they are using NIST-standardized algorithms.
Did AI really help break encryption research?
AI was used to accelerate the mathematical discovery process in Oratomic’s research, helping the team find algorithmic improvements faster than traditional methods. It did not “hack” anything directly, but it meaningfully shortened the research timeline.
