Inside Black Hat Asia 2026: What We Learned from Deploying Quantum-safe Security
The reality of quantum computing is no longer a distant academic theory; it is an impending shift that demands immediate action from cybersecurity leaders. While cryptographically relevant quantum computers (CRQCs) may still be on the horizon, the threat they pose is already here in the form of "Harvest Now, Decrypt Later" (HNDL) attacks. Threat actors are likely siphoning encrypted data today, intending to break it tomorrow.
At Palo Alto Networks, we recently announced Quantum Safe Security to help organizations navigate this transition. To put it to the ultimate test, we deployed it in one of the world's most hostile network environments: Black Hat.
Chosen on merit to serve as the Official Partner for Network Security and Security Operations, our teams operationalized our Next-Generation Firewalls (NGFW) and XSIAM to protect the event's highly segmented infrastructure, encompassing numerous VLANs, zones, and SSIDs. In the Black Hat NOC (Network Operations Center), we turned on the Quantum-safe Security [QSS] to gain unprecedented visibility into the cryptographic posture of a modern, high-stakes network. Here is what we found at Black Hat Asia 2026.
The Baseline: Total Visibility in a Hostile Environment
You cannot protect against what you cannot see. The first step in any post-quantum transition is establishing a comprehensive baseline of your cryptographic landscape. During the event, Quantum-safe Security [QSS] monitored and categorized a staggering amount of data in motion, using the NGFWs already operationalized to provide network security controls.
Out of 20.1 TB data in motion, spanning 5.3K assets, the app parsed the traffic into actionable categories, providing a clear picture of what was secure, what was vulnerable, and what required immediate remediation.
| Traffic Category | Volume (TB) | Session Count | Key Takeaway |
|---|---|---|---|
| Quantum Secure (Post-Quantum Cryptography) | 4.00 TB | 8.5 Million | Early adoption of PQC algorithms is actively happening. |
| Classical Cryptography (HNDL Risk) | 16.1 TB | 28.9 Million | The vast majority of traffic remains vulnerable to future decryption. |
| Deprecated Cryptography / Protocols | 59.2 GB | 3.1 Million | Legacy protocols still present an immediate data exposure risk. |
In a high-stakes environment like the Black Hat NOC, simply knowing that risky traffic existed wasn't enough; we needed to understand exactly where it originated and why it was vulnerable. QSS allowed us to trace vulnerable sessions directly back to the specific assets causing the exposure. Because the platform automatically generates a quantum readiness assessment across a completely heterogeneous environment – evaluating everything from third-party network devices and backend servers to individual employee workstations – we could pinpoint the exact root cause. We instantly knew whether a vulnerability stemmed from legacy hardware limitations, an unsupported operating system, or a non-compliant browser. This allowed our team to isolate the top risk-contributing assets and route precise context to the correct operational team, transforming complex forensic analysis into a clear, actionable remediation plan.
The Good: The Shift to Quantum Secure is Underway
The data reveals a silver lining: the transition to Post-Quantum Cryptography (PQC) has officially begun. Quantum-Safe Security [QSS] identified 4.00TB of traffic (roughly 20% of the total) utilizing quantum-secure algorithms across 8.5 million sessions.
Drilling down into the top sources, we observed widespread use of emerging standards such as X25519MLKEM768 (accounting for 8.4 million sessions) and X25519Kyber768Draft00 (36.6K sessions). This demonstrates that forward-leaning platforms and early adopters are already integrating NIST-backed algorithms into their communications. Organizations that delay their PQC migration strategy risk falling behind industry standards.
By collaborating with Black Hat ahead of the event, we prioritized quantum-safe protection for the most critical traffic: the registration system. Consequently, every digital interaction involving the sensitive PII of attendees, volunteers, and staff was secured with quantum-resistant algorithms. We ensured that this high-value data was never exposed to the legacy cryptographic vulnerabilities we observed elsewhere in the network.
The Bad: The "Harvest Now, Decrypt Later" Threat is Real
Despite the positive momentum, the core vulnerability remains massive. Over 16.1TB (approximately 80% of total traffic) relied entirely on classical cryptography, representing 28.9 million sessions exposed to HNDL risk.
Our visibility dashboards highlighted that ubiquitous classical algorithms like ECDHE (28.7 million sessions) and curve group X25519 (9.0 million sessions) are still carrying the bulk of the network's data. These algorithms are increasingly recognized as vulnerable to quantum-era threats, as highlighted by recent research into cryptocurrency vulnerabilities and broader risks to digital infrastructure.
For threat actors embedded in networks, or passively monitoring internet exchanges, this data is ripe for harvesting. Intellectual property, state secrets, and long-term PII transmitted using these algorithms today are virtually guaranteed to be exposed when CRQCs come online.
The monumental challenge ahead is this: organizations must migrate an immense volume of data and systems to post-quantum encryption before the 2029 migration window. The scale of this transition requires immediate, strategic planning – especially when it comes to the complexities of maintaining seamless interoperability between newly upgraded quantum-safe systems and the legacy infrastructure that still surrounds them.
The Ugly: The Lurking Ghosts of Deprecated Cryptography
Before organizations can fully look to the future of cryptography, they must reconcile with the past. The Quantum Safe app's Data Exposure Risk metrics revealed 59.2GB of traffic relying on deprecated cryptography and protocols.
This included 3.1 million sessions still utilizing SHA, as well as outdated protocols like TLS 1.1 (4.6K sessions) and TLS 1.0 (2.9K sessions). Furthermore, the app identified 425 impacted certificates utilizing deprecated standards.
This highlights a critical reality: achieving a quantum-safe posture isn't just about implementing new algorithms; it requires rigorous cryptographic hygiene to eliminate legacy vulnerabilities that pose immediate risks.
Once devices relying on deprecated protocols or legacy hashes are identified, a typical enterprise faces a classic operational bottleneck: filing tickets and waiting for system owners to manually patch their endpoints. This is where network-based compensating controls become essential. Quantum-Safe Security [QSS] bridges the gap between discovery and enforcement by mapping out the exact policy changes needed to adopt PQC and restrict the use of vulnerable cryptography. As a result, security teams can instantly reduce data exposure at the network edge – long before a legacy application or device is upgraded.
From Visibility to Action: Preparing for the Quantum Era
While this data represents a specific point in time at Black Hat Asia 2026, the overarching trends are universal. Organizations across every sector are heavily reliant on classical cryptography and remain largely blind to their specific HNDL exposure.
The availability of Palo Alto Networks' Quantum-safe Security [QSS], powered by Strata Cloud Manager [SCM] platform, provides the granular, asset-level visibility required to navigate this shift. By integrating directly into SCM, QSS allows security teams to move from blind spots to actionable roadmaps.
To prepare for the quantum era, organizations must take action now:
- Establish Cryptographic Visibility: Deploy tools like the Quantum-safe Security [QSS] to audit your network and quantify your HNDL risk.
- Enforce Cryptographic Hygiene: Identify and eliminate deprecated protocols (like TLS 1.0/1.1 and legacy SHA) that expose data today.
- Develop a Prioritized PQC Migration Plan: Use asset and application visibility to map out a phased transition to NIST-approved post-quantum algorithms, focusing on highly sensitive, long-lasting data first.
Conclusion
The findings from Black Hat Asia 2026 are clear: the post-quantum transition is not a future event; it is an active, ongoing process. The risk of Harvest Now, Decrypt Later is acute, but we can actively mitigate this by using solutions like Quantum-safe Security (QSS) to move beyond static snapshots toward a live, comprehensive Cryptographic Bill of Materials (CBOM). By leveraging Next-Generation Firewalls as active sensors for monitoring crypto hygiene across all critical data and assets, organizations can gain the real-time visibility needed to secure their environments for the quantum era today.
Deep Dive into the Technology
Learn how we help organizations identify cryptographic exposure and prioritize remediation.