Palo Alto Networks Reports on Quantum-Safe Security Deployment Strategies at Black Hat Asia 2026
TL;DR
- Only 20% of network traffic currently utilizes post-quantum cryptographic standards.
- 80% of data remains vulnerable to the 'Harvest Now, Decrypt Later' threat.
- Palo Alto Networks audited 20TB of data across 5,300 assets at Black Hat.
- Hybrid algorithms like X25519MLKEM768 are leading the shift to quantum resilience.
At Black Hat Asia 2026, Palo Alto Networks stepped into the role of Official Partner for Network Security and Security Operations. But they didn't just show up to hand out swag. They brought a massive, real-world experiment to the table: a deep dive into the deployment of Quantum-Safe Security (QSS). By keeping a close eye on network traffic and stress-testing cryptographic readiness across the event’s high-density environment, they uncovered a reality check for the industry. While 20% of the traffic was already playing by the new, quantum-secure rules, the other 80%? Still wide open to whatever the future holds.
The project was a massive undertaking. We’re talking about 20.1 terabytes of data pulled from 5,300 individual assets. The goal was simple but ambitious: figure out exactly how our current hodgepodge of devices, operating systems, and infrastructure handles the leap from legacy encryption to post-quantum standards. It’s a snapshot of the industry’s current posture, and frankly, it shows we have a long road ahead.
The Cryptographic Traffic Reality
The numbers tell a story of inertia. Most of the traffic at the conference was still relying on classical cryptography. Why does that matter? Because of the "Harvest Now, Decrypt Later" (HNDL) threat. If you’re an adversary, you don’t need a quantum computer today. You just need to scoop up encrypted traffic now and store it until the hardware catches up to the math.
| Cryptographic Category | Data Volume (TB) | Percentage of Total |
|---|---|---|
| Post-Quantum Cryptography (PQC) | 4.00 TB | 20% |
| Classical/Legacy Cryptography | 16.1 TB | 80% |
As detailed in the Palo Alto Networks Blog, the assessment was exhaustive. They didn't just look at laptops. They audited IoT sensors, core network infrastructure, and a dizzying array of operating systems. Using everything from packet inspection via Wireshark to rigorous browser audits and load balancer stress tests, they mapped out how these systems negotiate—or fail to negotiate—quantum-safe handshakes.

What’s Actually Working?
The shift toward quantum resilience isn't just theory anymore; it’s being driven by specific, battle-tested algorithms. During the monitoring period, researchers caught a few key players in action:
- X25519MLKEM768: This is the hybrid workhorse. It’s a key exchange mechanism that gives you that sweet layer of quantum resistance while keeping the lights on for older, classical infrastructure. It’s the bridge we need right now.
- X25519Kyber768Draft00: A specific implementation of the Kyber algorithm. It’s become a go-to for organizations that are tired of waiting and want to start locking down data in transit against future decryption threats.
These standards are fundamentally changing how we encapsulate and secure traffic. But as noted in discussions on LinkedIn, this isn't a "plug and play" situation. It requires delicate, precise configuration on both sides of the handshake. If your client and server aren't speaking the same language, the connection simply drops. It’s a reminder that cryptographic agility is as much about configuration management as it is about the math itself.
The Hard Truth About Infrastructure
The 20/80 split between PQC and legacy traffic highlights the real bottleneck: the sheer complexity of our existing infrastructure. It’s easy to talk about upgrading to quantum-safe standards, but it’s a nightmare to actually do it when you’re dealing with legacy IoT devices or critical load balancers that have been running fine for years.
These components are often the "black boxes" of a network. They’re embedded in critical workflows, and upgrading their cryptographic capabilities without breaking the entire system is a high-wire act. The findings from Black Hat Asia 2026 make it clear: the tools are here, and they work, but widespread adoption is still in its infancy.
So, how do we actually move the needle? The data points to a few non-negotiables:
- Continuous Monitoring: You can’t fix what you can’t see. You need to be actively hunting for assets still clinging to deprecated or vulnerable encryption.
- Protocol Negotiation: Your network devices need to be smart enough to negotiate PQC algorithms on the fly without causing a performance bottleneck or a connection timeout.
- Asset Auditing: Keep a clean inventory. Know exactly which devices can handle the new standards and which ones need to be prioritized for an upgrade or, eventually, a replacement.
As we look toward a future where quantum computing is a reality rather than a looming threat, this data acts as a vital baseline. The ability to differentiate between traffic that’s safely tucked away behind PQC and traffic that’s still exposed is the first step for any security operations center. We aren't just hardening networks anymore; we’re preparing them for a completely different kind of fight.