Cloudflare Fast-Tracks Plans to Defeat Q-Day Threat

By  |  April 7, 2026
 | 
Cloudflare site and app

Cloudflare has moved up its target date for full post-quantum security and now plans to achieve it by 2029, the company said in a Tuesday (April 7) blog post.

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    The move follows the announcement by Google that it drastically improved upon the quantum algorithm to break elliptic curve cryptography and the announcement by Oratomic that it requires only 10,000 qubits to break P-256 on a neutral atom computer, according to the post.

    Following these developments, Google accelerated its post-quantum migration timeline to 2029 and placed a priority on quantum-secure authentication.

    Cloudflare Principal Research Engineer Bas Westerbaan wrote in the blog post that “this priority indicates that Google is concerned about Q-Day coming as soon as 2030.”

    In addition, IBM Quantum Safe Chief Technology Officer Michael Osborne predicted quantum moonshot attacks as soon as 2029.

    “The quantum threat is well known: Q-Day is the day that sufficiently capable quantum computers can break essential cryptography used to protect data and access across systems today,” Westerbaan said.

    Advertisement: Scroll to Continue

    Cloudflare has been making progress toward full post-quantum security for over a decade, according to the post.

    Next, with its new target date of 2029, Cloudflare plans to add support for post-quantum authentication (ML-DSA) to origin connections by the middle of this year, achieve post-quantum authentication support for visitor to Cloudflare connections using Merkle Tree Certificates by mid-2027, add PQ authentication to Cloudflare One SASE suite to make it fully quantum secure by early 2028, and become fully post-quantum secure by 2029, per the post.

    Cloudflare customers will not need to take any mitigating action, as the company will turn on post-quantum security by default, the post said.

    “Privacy and security are table stakes for the internet,” Westerbaan said in the post. “That’s why every post-quantum upgrade we build will continue to be available to all customers, on every plan, at no additional cost. Making post-quantum security the default is the only way to protect the Internet at scale.”

    PYMNTS reported March 26 that Google’s announcement about developments in quantum computing threw out many executives’ previous assumptions that Q-Day was something important and inevitable, but still relatively distant. With that announcement, the tech giant suggested that if firms don’t migrate their data over to post-quantum cryptography by 2029, they’ll be exposed to one of the most existential threats in 21st century business history.


    Recommended

    Cloudflare site and app

    Cloudflare Fast-Tracks Plans to Defeat Q-Day Threat

    BNPL

    Velera Wants Consumers to Turn to Credit Unions for BNPL

    AI model

    Anthropic Making $200 Million Bet on New Enterprise Arm

    CHIPS High-Value Payment System Gained 9% in Average Daily Value in 2025

    See More In: , , , , , , ,