
When Lock and Key Fall at the Same Time
Security debates usually run in two separate rooms. In one, people talk about AI and cyberattacks; in the other, about quantum computers and encryption. I consider that separation the central error in reasoning. Because the one devalues the attack on our systems, the other the defence itself. Read both together, and you see a window that is closing.
Attacking becomes a mass-market commodity
Let’s start with what’s measurable. In February 2026, Anthropic set its model Claude Opus 4.6 loose, together with Mozilla, on roughly 6,000 C++ files of the Firefox codebase. The result: 112 standalone bug reports, from which Mozilla issued 22 CVEs, 14 of them high-severity — fixed in Firefox 148. That was the “find” tier. Remarkable, but humans find holes too.
The qualitative leap came a month later. On 7 April 2026, Anthropic announced “Claude Mythos Preview” — and deliberately did not release it. This model doesn’t just find zero-days, it writes working exploits to go with them. The comparison is the most telling number in the whole story: the same Firefox holes that Opus 4.6 could turn into a functioning exploit only twice in several hundred attempts, Mythos turned into one 181 times. In a test against the Linux kernel, the model filtered 40 potentially exploitable ones out of a list of known vulnerabilities and wrote a privilege-escalation exploit for more than half of them. The oldest find was a 27-year-old bug in OpenBSD. In one case the model independently chained four vulnerabilities into a browser escape through every protective layer.
The passage that unsettles me most isn’t a number, it’s a sentence from Anthropic’s own report: engineers without security training asked the model in the evening to find a remote-code-execution hole — and woke up in the morning to a finished, working exploit. That’s the tipping point. The ability to take over a system was rationed for decades by expensive, rare specialist knowledge. That rationing falls away. Anthropic itself speaks of “thousands” of further high- and critical-rated holes that it is disclosing responsibly — over 99 % of them still unpatched. That is precisely the rationale for withholding the model.
To synchronise offence and defence, Anthropic founded “Project Glasswing” — a defensive alliance with twelve founding partners (among them AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA and the Linux Foundation) and usage credits of up to 100 million US dollars, so that defenders can secure the most important systems before comparable capabilities become widely available.
And this is where the scepticism belongs. The cryptographer Bruce Schneier calls the staging “very much a PR play by Anthropic” and criticises reporters who breathlessly parroted the company’s talking points. More importantly: the security firm Aisle was able to reproduce the holes Anthropic found using older, cheaper, publicly available models. Schneier himself draws the decisive line: finding a vulnerability is one thing, turning it into a working attack another — and it’s exactly that difference that still gives the defender an advantage today. My reading: whether it’s exactly this one model hardly matters. The economics of attacking tip either way — and a single consortium of a dozen companies cannot replace the distributed expertise of the entire research community.
And the lock itself becomes worthless
The second curve concerns not the break-in but the lock. As early as 1994, Peter Shor described an algorithm that factors large numbers exponentially faster than any classical method — thereby breaking RSA and elliptic-curve cryptography, the backbone of HTTPS, digital signatures and key exchange. The blueprint has been out in the open for over thirty years. Only the machine was missing.
That machine doesn’t exist yet — and this point has to stay sober, or the story goes wrong. In late 2024, Google’s Willow chip ran a benchmark in under five minutes that a supercomputer would notionally need 10 septillion (10²⁵) years to complete. That sounds like the end of encryption, but it isn’t: the test (random circuit sampling) is an artificial comparison with no practical use, and Google’s announcement doesn’t mention cryptography with a single word. The real breakthrough was a different one — error correction that gets better rather than worse as the qubit count rises. Willow has 105 physical qubits.
What shifts the deadline is the resource estimate. In 2025, the Google researcher Craig Gidney showed that RSA-2048 could be broken in under a week with fewer than one million noisy qubits — around twenty times fewer qubits than the 2019 estimate. Important: the “20-fold” reduction concerns the qubit count, not the runtime, and a fault-tolerant million-qubit machine does not exist today. Many years lie between 105 qubits and that machine. But the gap is shrinking faster than expected — and that is exactly why CISA, NSA and NIST have jointly warned since August 2023 about “harvest now, decrypt later”: attackers intercept encrypted data today in order to decrypt it later. For anything that stays worth protecting for more than a few years, Q-Day is already relevant now.
That state actors bring the capabilities and the financial motivation for large-scale, well-funded cyber operations is not theory. According to the forensics firms Elliptic and Chainalysis, North Korean actors stole crypto assets worth over 2 billion US dollars in 2025; the Bybit hack of February 2025 alone — attributed by the FBI to North Korea — amounted to around 1.5 billion US dollars and is the largest single theft in history. These cases are direct asset theft, not the quiet interception of data — but they show that the resources, persistence and motivation for cyber operations exist at exactly the scale that “harvest now, decrypt later” presupposes.
The constructive resolution
The obvious answer is computational: new mathematics that even a quantum computer can’t crack. In August 2024, NIST finalised the first three standards for this — ML-KEM (from CRYSTALS-Kyber) for key exchange, ML-DSA and, as a reserve, SLH-DSA for signatures — and urges organisations to begin integration immediately. Google is pulling its internal migration timeline forward to 2029, more aggressive than the NSA’s final deadline for national security systems (end of 2031) and the US government mandate (2035). Post-quantum cryptography (PQC) runs on conventional hardware; its larger keys cost some compute, but that’s manageable. It is the main path — on this, the NSA, the BSI, France’s ANSSI and the UK’s NCSC all agree.
But there is a second, physics-based path — and here honesty beats enthusiasm. Quantum key distribution (QKD) secures not through mathematical hardness but through the laws of nature: every eavesdropping attempt measurably disturbs the quantum state of the photons. No computer in the world gets around that. Only: QKD distributes merely keys, not the data; the actual encryption stays classical. Over fibre it reaches only about 100 kilometres commercially, because quantum signals can’t be amplified the way classical ones can; beyond that it needs chains of “trusted nodes” that re-key the key in plaintext — a built-in security hole. It costs specialist hardware and dedicated fibres. That’s why the BSI is clear: QKD is “currently not ready for deployment from a security standpoint” and is suited only for “very specific applications”; the priority lies with PQC. Anyone who sells QKD wholesale as the answer to the quantum threat — as I’ve occasionally read it pointedly put myself — is overreaching. And the thesis that QKD needs “simpler” hardware than PQC is simply wrong: it’s exactly the reverse — PQC runs on standard chips, while QKD demands single-photon detectors and dark fibre.
Where QKD does make sense shows in Jena. Quantum Optics Jena GmbH, a spin-off from Fraunhofer IOF, relies on entangled photon pairs and in 2023, together with ADVA/Adtran, secured a 60-kilometre link between data centres of the Thuringian state computing centre — over 46,000 secure 256-bit keys, “made in Germany”. This is embedded in the state-funded QuNET initiative (a planned 125 million euros over roughly seven years), which is building highly secure quantum communication for public authorities. It’s precisely in this modesty that the value lies: not as a blanket internet replacement, but as a physical anchor of trust for individual, especially critical links — and, not incidentally, as European sovereignty in a key technology we would otherwise have to import.
What preoccupies me about this story isn’t the single sensational figure, but the simultaneity. We’ve grown used to attack and defence balancing each other out. Both foundations are wobbling at once right now — and the only honest answer is an uncomfortable one: start, now, with the migration, without waiting for the perfect solution.
Sources (selection):
- Anthropic – Mythos Preview (Firefox 2 vs. 181, Linux kernel, 27-year-old bug, after-hours RCE, “thousands”/>99 % unpatched): https://www.anthropic.com/research/mythos-preview
- Anthropic / Mozilla – Firefox security (112 reports, 22 CVEs, 14 High): https://www.anthropic.com/news/mozilla-firefox-security
- Anthropic – Project Glasswing (12 founding partners, up to $100M): https://www.anthropic.com/glasswing
- Bruce Schneier – “On Anthropic’s Mythos Preview and Project Glasswing” (PR critique, Aisle reproduction): https://www.schneier.com/blog/archives/2026/04/on-anthropics-mythos-preview-and-project-glasswing.html
- Craig Gidney (Google) – RSA-2048 with <1M noisy qubits (arXiv:2505.15917): https://arxiv.org/abs/2505.15917
- Google – Willow chip (105 qubits, 10 septillion years, error correction): https://blog.google/innovation-and-ai/technology/research/google-willow-quantum-chip/
- Google – PQC migration timeline 2029: https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/
- CISA/NSA/NIST – Factsheet “Quantum-Readiness” (Harvest now, decrypt later, Aug. 2023): https://media.defense.gov/2023/Aug/21/2003284212/-1/-1/0/CSI-QUANTUM-READINESS.PDF
- NIST – first 3 PQC standards (ML-KEM/ML-DSA/SLH-DSA, Aug. 2024): https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
- FBI/IC3 – Bybit hack, North Korea, ~$1.5B (Feb. 2025): https://www.ic3.gov/psa/2025/psa250226
- Elliptic – >$2B in crypto stolen by North Korea in 2025: https://www.coindesk.com/business/2025/10/06/north-korean-hackers-have-stolen-over-usd2-billion-in-2025-elliptic
- Chainalysis – $2.02B in crypto stolen by North Korea in 2025: https://thehackernews.com/2025/12/north-korea-linked-hackers-steal-202.html
- BSI – Quantum cryptography (QKD “not ready for deployment”, priority PQC): https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Quantentechnologien-und-Post-Quanten-Kryptografie/Quantenkryptografie/quantenkryptografie.html
- NSA – Quantum Key Distribution (QKD) and Quantum Cryptography (five limits, PQC preferred): https://www.nsa.gov/Cybersecurity/Quantum-Key-Distribution-QKD-and-Quantum-Cryptography-QC/
- Adtran / Quantum Optics Jena – 60-km QKD field test TLRZ Thuringia (2023): https://www.adtran.com/en/newsroom/press-releases/20230605-adva-network-security-and-quantum-optics-jena-showcase-german-made-qkd-solution
- Fraunhofer IOF – QuNET initiative (125 million euros): https://www.iof.fraunhofer.de/en/pressrelease/2025/QuNet_paper.html
