From if to how: A year of post-quantum reality

From if to how: A year of post-quantum reality The victory: RHEL is the anchor The reality check: Apps and hardware are the brake The unexpected win: Skeleton hunting 2026: From discovery to standardization Take a page from our book 1. Inventory is archaeology, not just a scanning effort 2. Governance requires executive air cover 3. Your supply chain sets the speed limit on what you can get done The road ahead Red Hat Product Security About the author Emily Fox More like this Introducing OpenShift Service Mesh 3.2 with Istio’s ambient mode End-to-end security for AI: Integrating AltaStata Storage with Red Hat OpenShift confidential containers Data Security 101 | Compiler AI Is Changing The Threat Landscape | Compiler Keep exploring Browse by channel Automation Artificial intelligence Open hybrid cloud Security Edge computing Infrastructure Applications Virtualization Share For the last 5 years, post-quantum cryptography (PQC) has largely been discussed as a research topic. It was a question of if—if the standards are ratified, if the algorithms perform, if the threat is real. In 2025, Red Hat changed the conversation. We stopped asking “if” and started defining “how. ” This past year, we moved PQC out of the laboratory and into the operating system (OS). It wasn’t just about upgrading libraries, it was about pushing the entire modern software supply chain. We found that while the foundation is ready, the ecosystem has a long way to go. Here is the story of how we made Red Hat Enterprise Linux (RHEL) quantum-ready, the skeletons we found in the closet along the way, and why 2026 is the year of the bridge for PQC. The primary mission for 2025 was straightforward and simple: Prove that the plumbing works.