Palo Alto Networks Announces New Quantum Security Innovations

New Cryptography Inventory Tool, Quantum-Optimized Firewalls and PAN-OS 12.1 Enable Quantum Readiness

The cybersecurity landscape is rapidly shifting due to a risk that’s quietly brewing in the background: the race to achieve quantum supremacy. Quantum computing has long promised to redefine what’s possible in technology, with its ability to solve complex problems exponentially faster than classical computers. This technological breakthrough promises many benefits likely to unlock trillions in economic value but will also introduce major new risks to the cryptographic foundations of modern cybersecurity. Despite this significance, quantum is still often dismissed as a problem too far away to worry about.

That’s changing with the convergence of AI and quantum computing. Researchers are now leveraging AI to reduce some of the key barriers to quantum computing, like automating qubit error correction and optimizing quantum algorithms. This means cryptographically relevant quantum computing (CRQC) – the point at which quantum systems can break today’s public key cryptography – could arrive sooner than the industry initially projected. McKinsey (2024) predicted a CRQC could break the most common public-key encryption algorithms as soon as 2027, while Gartner (2025) predicts that most conventional asymmetric cryptography would be unsafe to use by 2029.

Governments around the world have taken notice, developing new national quantum readiness strategies, including requirements to migrate to new quantum resistant Post-Quantum Cryptographic (PQC) standards, like those developed by the United States National Institute of Standards and Technology (NIST). Organizations are also experimenting with solutions beyond PQC migration, adopting technologies like Quantum Random Number Generation (QRNG) and Quantum Key Distribution (QKD) to build additional resilience to unforeseen computational advancements.

These emerging quantum readiness strategies have another common thread: emphasizing the critical role technology providers can play to proactively lead in the quantum era. At Palo Alto Networks, we’re meeting this moment by announcing a comprehensive suite of new quantum security capabilities as part of PAN-OS 12.1 Orion and our new quantum-optimized fifth-generation Next-Generation Firewalls (NGFW). These capabilities will empower organizations globally, across government and critical infrastructure, to accelerate their quantum readiness in alignment with emerging global and regional standards. Here is how our new capabilities can help your organization meet some of the fundamental imperatives of quantum readiness:

Discover — Conducting Automated Cryptographic Inventories

• Challenge: Establishing foundational visibility of your organization’s cryptographic usage is often cited as the best first step to kick-start quantum readiness. But legacy cryptographic inventory technologies have been insufficient, providing an incomplete and static snapshot of cryptography usage, failing to connect cryptography to sensitive data, and unable to empower users to take remediation action in real-time.
• Solution: Palo Alto Networks announced Strata Cloud Manager's ‘Quantum Readiness’ view and a forthcoming ‘Cryptographic Inventory’ insights dashboard to help you prepare for the quantum era. Organizations can gain visibility and take control of their cryptographic risk posture across users and applications from a single management interface. With Quantum Readiness view, we’re introducing several capabilities:

1. 1. Inventory and assess cryptography usage as secure, weak or vulnerable.
   2. Validate compliance with a range of government standards and regulations.
   3. Remediate and upgrade to PQCs through an inline workflow.

Deploy — Migrating to PQC-Enabled Technologies

• Challenge: Once an organization establishes visibility of its cryptographic risk posture through inventorying, then migrating high-risk systems to new PQC standards is another critical step in quantum readiness. This action is particularly time sensitive for organizations that hold data with long-term value. Adversaries are already conducting ‘harvest now, decrypt later’ attacks with the intent to decrypt once a quantum computer becomes available. Collaborating with technology partners who are proactive and transparent about their products’ supportability with PQC standards is a critical part of quantum readiness.
• Solution: PAN-OS 12.1 Orion, running on our fourth-generation and newly announced fifth-generation NGFWs, now includes support for all NIST standard algorithms: FIPS 203: ML-KEM, FIPS 204: ML-DSA, FIPS 205: SLH-DSA and other emerging nonstandard algorithms – HQC, Classic McEliece, BIKE, Frodo. PAN-OS 12.1 Orion also delivers Quantum-safe site-to-site VPN Tunnels and SSL/TLS sessions to protect against more immediate “harvest now, decrypt later” attacks.

Our implementation is focused on providing a more seamless transition to quantum-safe algorithms with prioritization:

1. Global interoperability through alignment with international standards and regional requirements, such as those in the European Union, United Kingdom, United States, Australia, India and more.
2. Cryptographic agility through flexible support for multiple standard and nonstandard algorithms.
3. Hybrid algorithms through support for concatenation of classical and post-quantum algorithms for enhanced security in encryption.

Deploy — Adopting Quantum-Optimized Hardware

• Challenge: Given the significant compute and memory requirements for hybrid and cryptographically agile implementations of PQC, not all IT systems will be able to be made quantum-ready through software upgrades alone. Hardware modernization will be necessary, and organizations will need to be judicious to ensure they’re not simply replacing legacy IT with more legacy IT for the quantum era.
• Solution: Palo Alto Networks just announced our fifth-generation NGFW which are performance optimized with a suite of additional capabilities to future-proof your investment for quantum security defense-in-depth. Our PA-5500 Series NGFW is Quantum Optimized with up to 256 cores of compute and hardware acceleration to process encryption at scale. With network packet processing powered by the FE400 ASIC, the PA-5500 series NGFWs support 400 Gbps interfaces to meet the needs of modern data centers.

Deploy — Enabling Layered Defense through PQC and Quantum-Key Distribution Support

• Challenge: While PQC migration has been the primary focus for securing digital communications against future quantum computer attacks, there is no guarantee around the long-term efficacy of the PQC standards as they just begin to undergo large-scale global testing. To address this risk, many organizations are seeking additional methods to build quantum-resistant infrastructure as either a fallback mechanism or a primary solution.
• Solution: With PAN-OS 12.1, Palo Alto Networks is announcing support for ETSI 014 protocol integration, leveraging Quantum Key Distribution (QKD) capabilities to establish cryptographic keys resistant to unforeseen computational advancements. With the support for both PQC and QKD in PAN-OS 12.1, we provide organizations with a hybrid and agile approach, offering a robust, multilayered security posture, to bolster resilience in an evolving and unpredictable quantum landscape.

Protect — Secure Legacy Applications and IoT/IT Infrastructure with Cipher Translation Proxy

• Challenge: Organizations face a difficult balance between efficiently migrating systems to PQC while also prioritizing near-term operational continuity for their organization. This challenge is particularly acute for organizations with high levels of dependency on legacy systems, such as in manufacturing and other operational technology (OT)-dependent environments.
• Solution: With PAN-OS 12.1, we introduce a "cipher translation proxy" that offers a critical bridge for web applications that cannot be migrated to PQC and must be protected. This intelligent proxy acts as an intermediary, seamlessly translating classical cryptographic communications into quantum-safe ones and vice versa. This capability allows organizations to bolster their security against future quantum threats without immediately overhauling legacy systems, ensuring continuous operations, data protection and achieving PQC compliance as they strategically transition their entire infrastructure.

The surge in global attention around quantum computing-related risks should be a wake-up call for any organization across the public and private sector seeking to accelerate their own quantum readiness. It should also be a call to action for all technology providers to ensure they’re doing their part to proactively develop technologies prepared for the unique risks of the quantum era.

At Palo Alto Networks, we’re answering that call by delivering advanced, integrated solutions that offer the visibility, agility, as well as remediation capabilities essential for true quantum readiness. We also recognize that public-partnership is critical in this global effort, which is why we’re also embracing a leadership role within the broader ecosystem — establishing a QRNG Open API Coalition and as proud partners at NIST’s Migration to Post Quantum Cryptography project.

As attention shifts to this next significant cybersecurity challenge, Palo Alto Networks remains committed to lead through both technological innovation and partnerships, as a strategic partner in the global pursuit of quantum readiness.

To learn more about the cybersecurity risks of quantum computing and how your organization can begin its Quantum Readiness journey, check out our PAN-OS webpage, learn from our product leaders' CISO’s Guide to Quantum Security video series, and join our discussion forum on Quantum Security Live Community for the latest updates.