The Most Trusted Skeptic in Quantum Computing Just Told the World to Act. Who Are You Still Waiting to Hear From?
For twenty years, Scott Aaronson has been the voice telling the industry to calm down about quantum computing. Within twenty-four hours of his election to the National Academy of Sciences, he told the world to act.
Briefing mode
15 referencesRead this first
- Scott Aaronson, a leading long-time quantum computing skeptic, publicly told organizations to start moving to quantum-resistant encryption.
- His warning matters because it comes from a source whose reputation was built on resisting quantum hype, not amplifying it.
- For enterprises with data confidentiality horizons beyond 2030, the practical first deliverable is still cryptographic inventory.
Decision context
What this should trigger
- Takeaway
- Treat a skeptical expert warning as a signal to inventory long-lived cryptographic exposure now.
- Proof type
- Sourced analysis
- Best for
- CISO, Board, Procurement
Visual evidence concept
Skeptic-to-action signal chain from research credibility to board-ready inventory.
If you have not heard of Scott Aaronson, here is what you need to know before you read another word.
Aaronson is the Schlumberger Centennial Chair and Founding Director of the Quantum Information Center at the University of Texas at Austin. He later spent two years working on model safety. He won the ACM Prize in Computing. He invented BosonSampling, PostBQP, and shadow tomography. He sits on Coinbase’s evidence-led advisory team for quantum computing and blockchain alongside Stanford’s Dan Boneh, the same Dan Boneh who co-authored the Google Quantum paper showing that elliptic-curve cryptography may break under significantly fewer qubits than previously estimated.
What makes him important is the tagline at the top of his blog, which has been there since 2005: quantum computers will not solve hard problems instantly by just trying all solutions in parallel. For two decades, Aaronson has been one of the field’s most conservative voices, telling the technology industry to calm down about quantum hype.
On April 28, 2026, Aaronson was elected to the United States National Academy of Sciences. On April 29, less than twenty-four hours later, he published a blog post titled ”Will you heed my warnings NOW?“
What He Said
The post opens with the NAS news. Then it pivots. Aaronson writes that some of the most reputable people in quantum hardware and quantum error correction, people whose judgment he trusts more than his own on those topics, are now telling him a fault-tolerant quantum computer capable of breaking deployed cryptosystems should be possible by around 2029.
He hedges, briefly. Maybe they are overoptimistic. Maybe it will take longer. Then he stops hedging: the companies racing to build fault-tolerant quantum computers have no plans to slow down to give cybersecurity time to adapt.
Aaronson then writes the line that matters. He tells readers ”this post is your warning” and instructs them to start switching to quantum-resistant encryption and to urge their company, organization, blockchain, or standards body to do the same.
Why This Matters More Than Any Other Voice
The cybersecurity industry has spent the last several years collecting warnings about post-quantum risk from interested parties: vendors, standards bodies, hardware companies, and government agencies. Every one of those voices is dismissible by a sophisticated CISO who wants to dismiss them.
Aaronson does not fit those categories. He is not selling a PQC migration product. His professional identity and reputation are built on the position that quantum computing claims should be approached with extreme rigor and skepticism.
The Skeptic Spectrum
Where each voice on quantum risk sits, and why Aaronson's shift matters
Most warnings about post-quantum risk have come from voices a sophisticated buyer can dismiss based on commercial or institutional incentive. Aaronson sits at the far end of that spectrum, which is why his April 29 shift is the signal that closes the loop.
He published the warning on the day after his election to the National Academy of Sciences. That timing makes the post a material signal for security leaders watching the field.
When the most rigorous skeptic in your field tells you to act within twenty-four hours of his election to the most prestigious scientific body in the country, the question is no longer whether to listen. The question is who you are still waiting to hear from.
The Wait-And-See Case Is Harder To Defend
For organizations still in a wait-and-see posture on post-quantum cryptography, the typical defense has been some version of ”we will act when the experts agree the threat is real.“ That defense has been getting harder to sustain as technical, standards, and policy signals converge.
The 2026 Convergence
Twenty months of accumulated signals, with most landing in the last sixty days
Signals arrived months apart, then compressed sharply in the final stretch of March and April 2026. Google, Caltech/Oratomic, Cloudflare, Meta, and Aaronson all landed within weeks of each other.
NIST finalized post-quantum cryptography standards in August 2024.
Google and Cloudflare moved toward explicit 2029 migration planning in March and April 2026.
Caltech/Oratomic, Meta, and IBM Quantum Safe added architecture, migration, and timeline-pressure signals that make the planning window harder to ignore.
NSA, the European Commission, the G7 Cyber Expert Group, and state-level policy are turning cryptographic inventory into an evidence requirement.
And now Scott Aaronson, a leading long-time skeptic in the field, has told the world this is real.
What This Year Looks Like
For most organizations with long-lived sensitive data, regulated obligations, or public-sector exposure, the first serious move in 2026 is the same. You need a cryptographic inventory.
Without an inventory, migration plans are difficult to fund, risk assessments are difficult to defend, and procurement attestations are difficult to support. Most serious 2026 deliverables begin there.
That is what QScout was built to produce: external cryptographic exposure, an HNDL signal, a migration signal, and an external risk grade. If the signal is material, a scoped assessment can produce CBOM-style inventory, framework mapping, timeline modeling, and a board-ready evidence package.
Where To Start Today
If you are a security leader, start with a QScout public intake. It can provide an initial evidence point for budget, audit-prep, or board-risk conversations without pretending an external scan is a complete internal cryptographic inventory.
If you are forwarding this to a colleague who is still on the fence, send it with one sentence: a leading long-time skeptic in quantum computing just told the world to act.
Devil’s Advocate
A skeptical reader could argue that Aaronson is one voice, that his timing assessment is hedged, and that he himself acknowledges he is not a timing person. They could argue that the warning, while striking in its source, does not contain new technical information. The Google paper. The Caltech paper. The vendor responses. All of that was already public. Aaronson is interpreting, not reporting.
That is fair. It is also why the piece is significant rather than dispositive. Aaronson did not break news. He told the cybersecurity industry that, in his judgment, people inside quantum hardware whose technical opinions he trusts now believe the migration window is shorter than the last public consensus suggested.
For organizations whose data has a confidentiality horizon beyond 2030, the operational answer does not change either way. Cryptographic inventory is the prerequisite to every migration plan, procurement attestation, audit response, and insurance renewal.
Public-to-private proof path
Start here
Submit one domain and verify a business email to receive an initial browser-safe executive snapshot. If the signal is material, a scoped assessment is available when deeper validation is warranted.
Request QScout assessmentFor procurement, federal contracting, or scoping conversations: info@qtonicquantum.com
Sources
Source register
- Aaronson, S. "Will you heed my warnings NOW?" Shtetl-Optimized. April 29, 2026.
- National Academy of Sciences 2026 NAS election announcement. April 28, 2026.
- Coinbase position paper Quantum Computing and Blockchain. April 15, 2026.
- Google Post-quantum cryptography migration timeline. March 25, 2026.
- Google Quantum ECC resource estimates. March 31, 2026.
- Cain, M. et al. Shor's algorithm is possible with as few as 10,000 reconfigurable atomic qubits. March 30, 2026.
- Cloudflare Targets 2029 for full post-quantum security. April 7, 2026.
- NIST FIPS 203, FIPS 204, and FIPS 205. Finalized August 2024.
- NSA CNSA 2.0 compliance requirements for National Security Systems.
- European Commission PQC coordinated implementation roadmap. June 23, 2025.
- G7 Cyber Expert Group Statement on PQC transition for the financial sector. January 13, 2026.
- Apple PQ3 Post-quantum cryptographic protocol for iMessage. Announced February 21, 2024.
- Meta Engineering Post-Quantum Cryptography Migration at Meta. April 16, 2026.
- IBM Quantum Safe CTO assessment on timeline acceleration, cited in Cloudflare blog. April 7, 2026.
- Arizona House Bill 2809 Statewide post-quantum cybersecurity requirements. 2026.
Informational purposes only
Use and limitations
This material is provided for informational purposes only and does not constitute legal, regulatory, compliance, investment, or other professional advice. References to Scott Aaronson, the National Academy of Sciences, Coinbase, Google, Cloudflare, Apple, Meta, IBM, NIST, NSA, the European Commission, the G7 Cyber Expert Group, and other organizations reflect publicly available statements and do not imply endorsement of or affiliation with Qtonic Quantum Corp.
© 2026 Qtonic Quantum Corp. All rights reserved.
Continue the briefing
Related signal briefs
Signal Brief
Twenty-Three Days, Eleven Signals: The Post-Quantum Window Compressed Faster Than Most Enterprise Plans Assumed
10 min read
Signal Brief
Seven Signals in Fourteen Days: The Post-Quantum Migration Window Just Compressed and Most Organizations Are Not Ready
9 min read
Technical Analysis
The $20 Million Question: Why a Special-Purpose Quantum Computer Built to Break Encryption Is Closer Than Most Enterprise Planning Cycles Assume
16 min read
Signal file
- Type
- Signal Brief
- Published
- April 29, 2026
- Reading time
- 11 min read
- References
- 15
- Proof type
- Sourced analysis
- Audience
- CISO, Board, Procurement