Forescout Research – Vedere Labs has published a review on the status of Post-Quantum Cryptography (PQC) adoption on the internet and associated cybersecurity risks. The report indicates that PQC migration is underway but uneven, identifying a potential future compliance and cybersecurity risk for organizations. Key findings show approximately 6% of all 186 million SSH servers globally currently use quantum-safe encryption, with this percentage reaching over 20% for OpenSSH servers only.
Between October 2024 and March 2025, adoption of SSH key exchange with ML-KEM (a NIST standard) increased by 554%, and with SNTRUP (an early PQC method) by 21%. However, the report anticipates a slowdown in growth as initial deployments are completed. A significant challenge noted is that almost three-quarters of OpenSSH versions online, released between 2015 and 2022, do not support quantum-safe encryption. Additionally, less than 20% of TLS servers utilize TLSv1.3, which is the only version that supports PQC.
The report highlights that if regulators mandate quantum-safe encryption, organizations with outdated infrastructure could face compliance and security gaps. Beyond the “harvest now, decrypt later” threat, non-adoption presents risks for network assets including IT, OT, IoT, and medical devices, such as unauthorized remote access through exploited public keys for authentication, tampering with device-to-device communication via decrypted traffic, and persistent malware leveraging signatures used for secure boot and firmware integrity checks. Current global PQC migration roadmaps mandate transitions between 2030 and 2035, particularly for critical assets.
Forescout Research recommends that organizations initiate preparations for PQC migration, beginning with an inventory of assets that support PQC. The Forescout 4D Platform™ is presented as a tool for asset discovery, risk mapping, and planning support for upgrades. The platform also detects TLS 1.3 connections utilizing quantum-safe PQC algorithms standardized by NIST and IANA/IETF, enabling the monitoring of PQC adoption.
Read the full report from Forescout Research – Vedere Labs here.
July 18, 2025
Leave A Comment