What Does Meta Know? Inside Their Post-Quantum Cryptography Migration

by Sean Lennon IT Hardware

On April 16, 2026, Meta’s engineering team published the framework they have been using to migrate their infrastructure to post-quantum cryptography (PQC). Not a preview. Not a research paper. An operational playbook, complete with algorithm choices, a five-level maturity model, and lessons from the first phase of rollout.

That raises the question you are probably asking: what does Meta know that the rest of us do not?

The honest answer, after a week of digging, is that Meta is not ahead. Apple shipped post-quantum iMessage (PQ3) in early 2024. Signal was earlier still. Cloudflare has over 50% of human HTTPS traffic running hybrid post-quantum TLS as of late 2025. What Meta did do is publish the internal playbook the rest of Big Tech kept private. Inside that playbook is a quieter, more important signal. The quantum timeline just got shorter, and the cryptographic migration that security teams were told to start “sometime this decade” is already happening inside every platform you use.

If you run infrastructure for a South Florida business in a regulated vertical (banking, fintech, healthcare, insurance, legal), this is the memo to read.

What Meta Actually Shipped

The short version: Meta has moved a significant portion of its internal server-to-server traffic onto hybrid post-quantum TLS using a combination of NIST’s new ML-KEM standard (FIPS 203) and the classical X25519 key exchange. They are doing this through their in-house TLS library, Fizz, the same library that underpins WhatsApp’s messaging transport.

Three things in the playbook are worth calling out.

The algorithm choice. Meta defaulted to ML-KEM-768 (NIST Security Level 3) as the post-quantum half of the handshake, paired with X25519 as the classical half. Both sides of the handshake must be broken for a session to be exposed, so a future attacker needs both a working quantum computer and a break against elliptic-curve crypto. This hybrid design is the industry’s de-facto answer to the question “what if lattice cryptography turns out to have a hidden flaw?”. It refuses to bet the house on either side.

The real problem was not the math. Meta’s engineers flagged that the hardest part of the migration was not choosing an algorithm. It was building a cryptographic inventory: figuring out where, across thousands of services, ciphers were actually in use. “You cannot migrate what you cannot see” is the summary. This echoes what the U.S. federal PQC transition has run into. A NIST survey from early 2025 found only about 7% of federal agencies have a formal transition plan with a dedicated team.

They maintain a backup plan. Meta cryptographers are listed as co-authors on HQC, a code-based key encapsulation mechanism NIST selected in March 2025 as a non-lattice backup to ML-KEM. Meta is not only deploying the standard. They are investing in the hedge in case the standard turns out to have a structural weakness.

That is the playbook. It is practical, conservative, and (crucially) not unusual. Apple, Google, AWS, Cloudflare, and Signal are all doing variations of the same thing.

So Does Anyone Actually Have a Working Quantum Computer?

Your instinct is right. As of April 2026, no one has a cryptographically relevant quantum computer, the kind that could actually break RSA-2048 in any useful time. What exists is a frantic hardware race across at least seven different technology bets.

⚛️ Superconducting qubits (IBM, Google, Rigetti, China USTC). IBM Condor sits at 1,121 physical qubits with a 2026 roadmap target of 4,158 qubits across linked modules. Google’s Willow (105 qubits) achieved the first below-threshold error correction in late 2024, meaning adding qubits actually reduces the logical error rate. Rigetti launched the 108-qubit Cepheus-1-108Q earlier this month. China’s USTC runs Zuchongzhi 3.0 at 105 qubits and has opened an 880-qubit cluster for commercial access.

🔗 Trapped-ion qubits (Quantinuum, IonQ). Quantinuum demonstrated 94 logical qubits in March 2026 with a logical error rate around 10⁻⁴. IonQ publicly claims they will have a cryptographically relevant system by 2028, a claim that is aggressive and treated skeptically by most cryptographers.

⚪ Neutral-atom qubits (Microsoft + Atom Computing, QuEra). Microsoft’s “Magne” system (50 logical / 1,200 physical qubits) targets early 2027. QuEra delivered a commercial-scale system to Japan’s AIST late last year. Both camps aim at 100,000 atoms per vacuum chamber within a few years.

💡 Photonic qubits (PsiQuantum, China Jiuzhang). PsiQuantum is skipping the NISQ era entirely and aiming directly at fault tolerance. Jiuzhang 3.0 demonstrates photonic sampling, which is a specialized advantage claim rather than a general-purpose machine.

🌀 Topological qubits (Microsoft Majorana 1). Microsoft announced the world’s first topological-qubit QPU in February 2025, targeting a million qubits on a single chip. The underlying physics is still contested in peer review, so treat this as a wild card rather than a shipped product.

🏭 Silicon-spin (CMOS) qubits (Intel). See the next section. This one deserves more space because it is the bet with the longest timeline and the most manufacturing muscle behind it.

Each of these is a “working” quantum computer in the narrow sense that they run quantum circuits and produce results. None of them can run Shor’s algorithm against the keys protecting your online banking session. Yet.

What is Intel Doing?

You asked specifically. The answer is interesting: Intel is playing a completely different game from IBM and Google.

Intel’s quantum team produced the Tunnel Falls chip in 2023, a 12-qubit silicon spin-qubit device manufactured on a standard 300mm wafer at Intel’s D1 fab, the same production line that makes CPUs. Yield was reportedly 95%, with over 24,000 quantum dots per wafer. By 2026, Intel’s silicon spin qubits have demonstrated single-qubit fidelities around 99.9% and coherence times of hundreds of microseconds to over a millisecond in isotopically purified silicon.

Twelve qubits sounds tiny next to IBM’s 1,121. It is tiny.

But Intel’s bet is long-dated and unusual: when a cryptographically relevant quantum computer finally arrives, it will need not thousands but millions of qubits. At that scale, the industry that knows how to pattern billions of near-identical features on silicon wafers has a manufacturing advantage that no exotic trapped-ion lab can match. Intel is not racing to have the biggest NISQ demo this year. They are positioning to mass-produce the qubits that everyone else will need to buy when fault-tolerant systems scale up.

Whether that bet pays off is an open question. But if you were writing a check on quantum-hardware futures, “Intel is behind” and “Intel is positioned to dominate manufacturing” can both be true at the same time.

The Signal Buried in the Noise

Here is the piece most of the coverage missed. In May 2025, a Google researcher named Craig Gidney published a paper estimating that breaking RSA-2048 would require fewer than one million noisy qubits running for under a week. His previous estimate, from 2019, was 20 million qubits running for 8 hours. That is a 20× reduction in six years, and the research community believes the number is still falling.

Combine three facts:

  • NIST finalized FIPS 203, 204, and 205 in August 2024. The standards are set and compiler-ready.
  • Gidney 2025 cut the quantum-resource requirement by an order of magnitude.
  • Every major platform (Apple, Google, Cloudflare, AWS, Signal, Meta) has shipped or is shipping PQC in production right now.

That is the “what does Meta know” story. Not that Meta has spies at Los Alamos. The people who build the internet’s crypto infrastructure watched the threat estimate collapse in half between 2019 and 2025, looked at how long real migrations actually take, and decided they had exactly enough runway.

The U.S. government’s Grand Challenge, announced this month, targets the first fault-tolerant quantum computer by 2028. Note the year. Not 2035. Not “sometime in the 2030s.” 2028.

What Your Business Should Actually Do

If you are running IT for a regulated South Florida business (we covered the practical angle on this in our earlier look at federally regulated stablecoins and how compliance drives infrastructure choices), three things are worth doing this quarter. None of them are expensive.

1. Build a cryptographic inventory. This is the step Meta said was the hardest and the one nobody wants to do. You cannot migrate what you cannot see. List every TLS endpoint, every VPN, every code-signing certificate, every database-at-rest encryption configuration. That is the boring, necessary first step.

2. Test harvest-now-decrypt-later exposure. The realistic quantum threat is not someone breaking your TLS session live. It is someone recording your encrypted traffic today and decrypting it in 2030. Any data that must stay confidential past 2030 (contracts, medical records, financial history, trade secrets) is already at risk today.

3. Follow Meta’s playbook, not their timeline. Hybrid PQ (ML-KEM + X25519) is the right default for anything new you deploy. OpenSSL 3.5 supports it natively. Most major cloud providers (AWS, Google Cloud, Cloudflare) have hybrid PQ TLS available right now. You do not need to wait for standards to mature. They are mature.

You do not need to panic. You do not need to rip and replace. But if you are the person in your organization responsible for “will our encrypted data stay encrypted in 2032?”, the answer depends on the work you start this year.

AI is also reshaping the research pipeline that feeds this stuff. We covered Claude’s recent work on a Knuth-era combinatorics problem as one example of how quickly the tools for attacking hard math problems are improving. The same kind of progress is happening in quantum hardware design.

Meta just handed you the playbook. It is not secret knowledge. It is a diligent engineering team saying, out loud, that the timeline they built against has tightened, and the work is neither exotic nor optional.

Need help auditing your organization’s cryptographic inventory or planning a post-quantum migration roadmap? Get in touch with SBLOCK.

Sources

Primary references:

Quantum hardware status:

Industry adoption and policy: