Is Zoom Quantum Safe?
Not yet fully quantum safe. Zoom uses AES-256-GCM encryption for meeting content (quantum-resistant), but TLS key exchange for establishing connections uses classical RSA/ECDSA. Zoom has announced PQC support for Zoom Workplace with ML-KEM in 2024.
Key Takeaway: Zoom is in transition to quantum safety. Scan your communication infrastructure with QScout to identify all TLS-dependent integrations. Enable Zoom PQC E2EE features. Audit Zoom Phone and Zoom Rooms for PQC support availability.
- Modality
- Communication Platform
- Vulnerability
- TLS key exchange for Zoom session establishment is vulnerable to quantum attack. AES-256-GCM content encryption is quantum-resistant, but session keys derived via classical key exchange are the weak link.
- NIST status
- Zoom has deployed ML-KEM-768 (aligned with NIST FIPS 203) for PQC E2EE in Zoom Workplace.
- Replaced by
- Zoom is migrating to ML-KEM-768 for key exchange in E2EE mode
- Deprecation
- Zoom has begun PQC deployment for Workplace E2EE. Full platform-wide PQC migration timeline is not publicly confirmed.
Technical Analysis
Zoom is NOT fully quantum safe today, but has taken early steps.
Current State
Zoom uses AES-256-GCM for encrypting meeting audio, video, and screen share content. End-to-end encryption (E2EE) is available but not default. The TLS connections establishing sessions use classical key exchange.
PQC Progress
Zoom announced PQC work in 2024:
- Zoom Workplace: Announced post-quantum end-to-end encryption using ML-KEM-768, making Zoom one of the first major communication platforms to deploy PQC.
- Meeting encryption: AES-256-GCM content encryption is quantum-resistant.
- Signaling and key exchange: The session establishment layer still uses classical TLS in most configurations.
HNDL Risk
Recorded Zoom meetings, especially those containing board discussions, M&A talks, legal proceedings, or classified briefings, are vulnerable to HNDL if the key exchange is intercepted. The content encryption (AES-256) is resistant, but if the key exchange is broken, the session keys are exposed.
What Organizations Should Do
Enable Zoom's PQC E2EE features where available. Audit which Zoom integrations (Zoom Phone, Zoom Rooms, API webhooks) use classical TLS. Use QScout to discover all communication platform cryptographic dependencies.
At a glance
| Full Name | Zoom Video Communications |
| Category | communication |
| Quantum Vulnerability | TLS key exchange for Zoom session establishment is vulnerable to quantum attack. AES-256-GCM content encryption is quantum-resistant, but session keys derived via classical key exchange are the weak link. |
| NIST Status | Zoom has deployed ML-KEM-768 (aligned with NIST FIPS 203) for PQC E2EE in Zoom Workplace. |
| Deprecation Timeline | Zoom has begun PQC deployment for Workplace E2EE. Full platform-wide PQC migration timeline is not publicly confirmed. |
| Replaced By | Zoom is migrating to ML-KEM-768 for key exchange in E2EE mode |
Migration Guidance
Scan your communication infrastructure with QScout to identify all TLS-dependent integrations. Enable Zoom PQC E2EE features. Audit Zoom Phone and Zoom Rooms for PQC support availability.
How Qtonic Quantum Can Help
Don’t Know Where Zoom Lives in Your Stack?
QScout discovers instances of Zoom across your infrastructure in 7 days — designed to minimize operational disruption. 72-hour time to first findings.