What a QStrike engagement actually delivers.

Enterprise buyers validate vendors by the artifact, not the promise. This page renders the structure of a representative QStrike engagement report so procurement, security, and audit teams can evaluate the deliverable before the engagement starts.

QStrike engagement evidence bundle

Representative QStrike Engagement

Illustrative scope — six service classes, forty-two public endpoints

Period: Q1 illustrative cycle|ID: QS-SAMPLE-ENGAGEMENT

HNDL methodology

Sample structure. Synthetic QStrike engagement output showing the artifact structure. Service names, endpoints, hash fragments, and finding identifiers are synthesized. Scoped reports add organization-specific evidence only under approved engagement controls and an independent validator signature.

Executive summary

This representative engagement surfaced fifty-two cryptographic-debt findings across forty-two endpoints, with twelve rated critical under Mosca-theorem framing.

Twelve findings are exploitable under a harvest-now-decrypt-later threat model today; none require future cryptanalytic progress to matter.
Classical RSA and finite-field Diffie–Hellman still dominate TLS handshakes at the enterprise edge — representative of industry baseline.
Every code-signing and release-integrity primitive in scope was classical; none offered a post-quantum alternative path at the time of scan.
Forty-seven of fifty-two findings map to a defined ML-KEM or ML-DSA remediation under FIPS 203 / 204.

HNDL exposure window

12+ year lookback

Recorded traffic encrypted to the weakest in-scope primitive can be decrypted retroactively once a cryptographically relevant quantum computer is available.

Signature brittleness

100% classical

All observed code-signing and release-integrity signatures use classical primitives with no hybrid or PQ fallback configured.

Remediation coverage

47 / 52 mapped

Forty-seven of fifty-two findings have a primary migration path defined under NIST post-quantum standards; five require architectural change.

Finding density by service class

Counts reflect the representative engagement. Bars are stacked by severity; widths scale to the densest class in scope.

Edge TLS termination

Internal service mesh

Release signing pipeline

Identity and SSO

Secrets management

Observability and logs

Critical12

High18

Medium15

Low7

Total findings in scope: 52

Representative findings

CriticalQS-F-0001Effort: medium
edge-gateway-prod
https://edge-gateway-prod.example-corp.internal:443
Primitive
RSA-2048 / SHA-256
Issue
RSA-2048 static key in TLS 1.2 handshake — classical, pre-quantum, no hybrid fallback configured.
HNDL exposure
Recorded traffic harvestable from current period backward; exposure window grows with time-to-migrate.
Path to exploit today
Public edge; ciphertext observable from any ASN on the path. Recorded sessions are retroactively decryptable under the Mosca threat model.
Recommended remediation
Terminate with an ML-KEM-768 hybrid key agreement under the draft TLS 1.3 hybrid profile (X25519Kyber768 or equivalent). Retain classical for fallback only until client base migrates.
Signed artifact fragmenta50e…f7d3ML-DSA-65
CriticalQS-F-0002Effort: medium
release-signer
artifact registry, release-signer-prod
Primitive
RSA-3072 / SHA-384
Issue
Release artifacts signed with RSA-3072 only; no ML-DSA-65 or SLH-DSA signature attached.
HNDL exposure
Signature forgery is a future risk tied to CRQC availability; brittleness is present today because no hybrid path is configured.
Path to exploit today
All downstream consumers trust a single classical signature. A future forgery would be indistinguishable from a legitimate release.
Recommended remediation
Dual-sign every artifact with ML-DSA-65 under FIPS 204 in addition to the classical signature. Publish the attestation hash alongside the signed artifact.
Signed artifact fragment13b1…7a90ML-DSA-65
HighQS-F-0003Effort: medium
sso-oidc
sso-oidc.example-corp.internal:443 — JWKS endpoint
Primitive
RSA-2048 / SHA-256 (JWS RS256)
Issue
OIDC tokens signed with RS256 (RSA-2048) only. Token rotation cadence is measured in months, not days.
HNDL exposure
Tokens recorded today can be analyzed offline; forgery becomes a risk once classical signatures are broken.
Path to exploit today
Every federated SaaS consumer relies on this signer. A single forged token grants broad access under current policy.
Recommended remediation
Introduce an ML-DSA-65 JWS algorithm alongside RS256. Rotate signing keys on a weekly cadence. Pin validators to an allowlist that includes the PQ alg.
Signed artifact fragment9ce2…b441ML-DSA-65
HighQS-F-0004Effort: high
internal-kv-store
kv-store-prod.example-corp.internal:6443
Primitive
AES-128-GCM + RSA-OAEP-2048 wrap
Issue
Secrets-at-rest encrypted under AES-128-GCM with key derivation from an RSA-OAEP wrapping key.
HNDL exposure
The wrapping key is the choke point. Retroactive unwrap risk applies once the RSA-OAEP primitive is defeated.
Path to exploit today
Exfiltrated vault contents are decryptable whenever the wrapping primitive is broken, regardless of symmetric strength.
Recommended remediation
Re-wrap data-encryption keys under an ML-KEM-1024 KEM. Rotate DEKs on a documented cadence; retire RSA-OAEP wrap paths after soak.
Signed artifact fragment4a7f…22dcML-DSA-65
HighQS-F-0005Effort: medium
service-mesh-mtls
mesh workload-to-workload mTLS
Primitive
ECDHE P-256 / AES-256-GCM
Issue
Mesh mTLS uses ECDHE P-256 key exchange. Strong classical, no PQ or hybrid variant negotiated.
HNDL exposure
Workload-to-workload traffic is recordable in any colocated capture position. Exposure window is long.
Path to exploit today
East-west traffic is at parity with public edge under the HNDL threat model. Breach blast radius is the mesh surface.
Recommended remediation
Move mesh key agreement to X25519Kyber768 hybrid. Pin workload certificates to a shorter rotation cadence. Dual-sign mesh certificates.
Signed artifact fragment6b11…09f2ML-DSA-65
MediumQS-F-0006Effort: low
log-aggregator
log-agg-prod.example-corp.internal:9200
Primitive
TLS 1.2 (legacy cipher order)
Issue
Log transport uses TLS 1.2 with legacy cipher order; weak MAC algorithms still present in the offered suite list.
HNDL exposure
Logs in flight contain credentials and session tokens; retroactive decryption yields both.
Path to exploit today
Internal-only but broadcast to every ingest collector. A compromised collector unlocks historical log replay.
Recommended remediation
Enforce TLS 1.3 only. Remove weak-MAC suites from the offered list. Add an ML-KEM-768 hybrid group once the log agent supports it.
Signed artifact fragment8d44…ce77ML-DSA-65
MediumQS-F-0007Effort: low
ingress-legacy
ingress-legacy.example-corp.internal:443
Primitive
DHE-2048 / TLS 1.1
Issue
One legacy ingress host still accepts TLS 1.1 for a small partner set; exchange uses DHE with a 2048-bit group.
HNDL exposure
Protocol downgrade paths are reachable today; HNDL exposure is elevated relative to peers.
Path to exploit today
Partner-facing endpoint. Any observer on the path can capture handshakes and retain them for future decryption.
Recommended remediation
Deprecate TLS 1.1 behind a short sunset notice. Move partner integrations to a TLS 1.3 hybrid-enabled endpoint.
Signed artifact fragment2f0b…41a8ML-DSA-65
LowQS-F-0008Effort: low
cbom-gap
build pipeline — CycloneDX 1.7 emission
Primitive
CycloneDX 1.7 (partial)
Issue
CBOM is emitted but does not include primitive-level detail for three internal service classes; coverage gaps are unreported.
HNDL exposure
Not directly HNDL-exposed; gap reduces the ability to attest to coverage during procurement.
Path to exploit today
Procurement and audit teams cannot validate PQ readiness claims without primitive-level CBOM.
Recommended remediation
Extend CBOM emission to cover all three service classes. Publish the CycloneDX artifact under the Talon signature alongside the release manifest.
Signed artifact fragment1e87…aa3eML-DSA-65

Migration playbook preview

Abbreviated phase outline. Full playbook delivered with the customer engagement includes per-phase runbooks, rollback gates, and signed attestation hooks.

Step 1Weeks 1 to 4
Phase 1 — Crypto inventory and CBOM baseline
CycloneDX 1.7 CBOM covering every in-scope service class; primitive-level detail; signed attestation.
Owner: Platform security with Qtonic Quantum engagement lead
Step 2Weeks 3 to 10
Phase 2 — Edge TLS hybrid pilot
X25519Kyber768 hybrid terminated on one representative edge pool; telemetry records the planned no-impact change window.
Owner: Edge platform and Qtonic Quantum field engineer
Step 3Weeks 6 to 12
Phase 3 — Release-signer dual-sign
Release-signer dual-sign path validated for selected artifacts; downstream validator update plan and rollback rehearsal documented.
Owner: Release engineering with Qtonic Quantum cryptographer
Step 4Weeks 10 to 16
Phase 4 — SSO JWS algorithm expansion
Identity provider issues ML-DSA-65 JWS alongside RS256; validators accept both; cadence shortened to weekly.
Owner: Identity team with Qtonic Quantum engagement lead
Step 5Weeks 12 to 24
Phase 5 — Wrapping-key migration
Data encryption keys re-wrapped under ML-KEM-1024; RSA-OAEP paths retired after documented soak.
Owner: Platform security and storage engineering
Step 6Ongoing
Phase 6 — Continuous CBOM and governance
QScout continuous discovery plus QStrike spot engagements on release-signing and identity surfaces; governance cadence locked.
Owner: Qtonic Quantum governance partner

What a QStrike engagement actually delivers.

QStrike engagement evidence bundle

Representative QStrike Engagement

Illustrative scope — six service classes, forty-two public endpoints

Period: Q1 illustrative cycle|ID: QS-SAMPLE-ENGAGEMENT

HNDL methodology

Executive summary

This representative engagement surfaced fifty-two cryptographic-debt findings across forty-two endpoints, with twelve rated critical under Mosca-theorem framing.

Twelve findings are exploitable under a harvest-now-decrypt-later threat model today; none require future cryptanalytic progress to matter.
Classical RSA and finite-field Diffie–Hellman still dominate TLS handshakes at the enterprise edge — representative of industry baseline.
Every code-signing and release-integrity primitive in scope was classical; none offered a post-quantum alternative path at the time of scan.
Forty-seven of fifty-two findings map to a defined ML-KEM or ML-DSA remediation under FIPS 203 / 204.

HNDL exposure window

12+ year lookback

Recorded traffic encrypted to the weakest in-scope primitive can be decrypted retroactively once a cryptographically relevant quantum computer is available.

Signature brittleness

100% classical

All observed code-signing and release-integrity signatures use classical primitives with no hybrid or PQ fallback configured.

Remediation coverage

47 / 52 mapped

Forty-seven of fifty-two findings have a primary migration path defined under NIST post-quantum standards; five require architectural change.

Finding density by service class

Counts reflect the representative engagement. Bars are stacked by severity; widths scale to the densest class in scope.

Edge TLS termination

Internal service mesh

Release signing pipeline

Identity and SSO

Secrets management

Observability and logs

Critical12

High18

Medium15

Low7

Total findings in scope: 52

Representative findings

CriticalQS-F-0001Effort: medium
edge-gateway-prod
https://edge-gateway-prod.example-corp.internal:443
Primitive
RSA-2048 / SHA-256
Issue
RSA-2048 static key in TLS 1.2 handshake — classical, pre-quantum, no hybrid fallback configured.
HNDL exposure
Recorded traffic harvestable from current period backward; exposure window grows with time-to-migrate.
Path to exploit today
Public edge; ciphertext observable from any ASN on the path. Recorded sessions are retroactively decryptable under the Mosca threat model.
Recommended remediation
Terminate with an ML-KEM-768 hybrid key agreement under the draft TLS 1.3 hybrid profile (X25519Kyber768 or equivalent). Retain classical for fallback only until client base migrates.
Signed artifact fragmenta50e…f7d3ML-DSA-65
CriticalQS-F-0002Effort: medium
release-signer
artifact registry, release-signer-prod
Primitive
RSA-3072 / SHA-384
Issue
Release artifacts signed with RSA-3072 only; no ML-DSA-65 or SLH-DSA signature attached.
HNDL exposure
Signature forgery is a future risk tied to CRQC availability; brittleness is present today because no hybrid path is configured.
Path to exploit today
All downstream consumers trust a single classical signature. A future forgery would be indistinguishable from a legitimate release.
Recommended remediation
Dual-sign every artifact with ML-DSA-65 under FIPS 204 in addition to the classical signature. Publish the attestation hash alongside the signed artifact.
Signed artifact fragment13b1…7a90ML-DSA-65
HighQS-F-0003Effort: medium
sso-oidc
sso-oidc.example-corp.internal:443 — JWKS endpoint
Primitive
RSA-2048 / SHA-256 (JWS RS256)
Issue
OIDC tokens signed with RS256 (RSA-2048) only. Token rotation cadence is measured in months, not days.
HNDL exposure
Tokens recorded today can be analyzed offline; forgery becomes a risk once classical signatures are broken.
Path to exploit today
Every federated SaaS consumer relies on this signer. A single forged token grants broad access under current policy.
Recommended remediation
Introduce an ML-DSA-65 JWS algorithm alongside RS256. Rotate signing keys on a weekly cadence. Pin validators to an allowlist that includes the PQ alg.
Signed artifact fragment9ce2…b441ML-DSA-65
HighQS-F-0004Effort: high
internal-kv-store
kv-store-prod.example-corp.internal:6443
Primitive
AES-128-GCM + RSA-OAEP-2048 wrap
Issue
Secrets-at-rest encrypted under AES-128-GCM with key derivation from an RSA-OAEP wrapping key.
HNDL exposure
The wrapping key is the choke point. Retroactive unwrap risk applies once the RSA-OAEP primitive is defeated.
Path to exploit today
Exfiltrated vault contents are decryptable whenever the wrapping primitive is broken, regardless of symmetric strength.
Recommended remediation
Re-wrap data-encryption keys under an ML-KEM-1024 KEM. Rotate DEKs on a documented cadence; retire RSA-OAEP wrap paths after soak.
Signed artifact fragment4a7f…22dcML-DSA-65
HighQS-F-0005Effort: medium
service-mesh-mtls
mesh workload-to-workload mTLS
Primitive
ECDHE P-256 / AES-256-GCM
Issue
Mesh mTLS uses ECDHE P-256 key exchange. Strong classical, no PQ or hybrid variant negotiated.
HNDL exposure
Workload-to-workload traffic is recordable in any colocated capture position. Exposure window is long.
Path to exploit today
East-west traffic is at parity with public edge under the HNDL threat model. Breach blast radius is the mesh surface.
Recommended remediation
Move mesh key agreement to X25519Kyber768 hybrid. Pin workload certificates to a shorter rotation cadence. Dual-sign mesh certificates.
Signed artifact fragment6b11…09f2ML-DSA-65
MediumQS-F-0006Effort: low
log-aggregator
log-agg-prod.example-corp.internal:9200
Primitive
TLS 1.2 (legacy cipher order)
Issue
Log transport uses TLS 1.2 with legacy cipher order; weak MAC algorithms still present in the offered suite list.
HNDL exposure
Logs in flight contain credentials and session tokens; retroactive decryption yields both.
Path to exploit today
Internal-only but broadcast to every ingest collector. A compromised collector unlocks historical log replay.
Recommended remediation
Enforce TLS 1.3 only. Remove weak-MAC suites from the offered list. Add an ML-KEM-768 hybrid group once the log agent supports it.
Signed artifact fragment8d44…ce77ML-DSA-65
MediumQS-F-0007Effort: low
ingress-legacy
ingress-legacy.example-corp.internal:443
Primitive
DHE-2048 / TLS 1.1
Issue
One legacy ingress host still accepts TLS 1.1 for a small partner set; exchange uses DHE with a 2048-bit group.
HNDL exposure
Protocol downgrade paths are reachable today; HNDL exposure is elevated relative to peers.
Path to exploit today
Partner-facing endpoint. Any observer on the path can capture handshakes and retain them for future decryption.
Recommended remediation
Deprecate TLS 1.1 behind a short sunset notice. Move partner integrations to a TLS 1.3 hybrid-enabled endpoint.
Signed artifact fragment2f0b…41a8ML-DSA-65
LowQS-F-0008Effort: low
cbom-gap
build pipeline — CycloneDX 1.7 emission
Primitive
CycloneDX 1.7 (partial)
Issue
CBOM is emitted but does not include primitive-level detail for three internal service classes; coverage gaps are unreported.
HNDL exposure
Not directly HNDL-exposed; gap reduces the ability to attest to coverage during procurement.
Path to exploit today
Procurement and audit teams cannot validate PQ readiness claims without primitive-level CBOM.
Recommended remediation
Extend CBOM emission to cover all three service classes. Publish the CycloneDX artifact under the Talon signature alongside the release manifest.
Signed artifact fragment1e87…aa3eML-DSA-65

Migration playbook preview

Abbreviated phase outline. Full playbook delivered with the customer engagement includes per-phase runbooks, rollback gates, and signed attestation hooks.

Step 1Weeks 1 to 4
Phase 1 — Crypto inventory and CBOM baseline
CycloneDX 1.7 CBOM covering every in-scope service class; primitive-level detail; signed attestation.
Owner: Platform security with Qtonic Quantum engagement lead
Step 2Weeks 3 to 10
Phase 2 — Edge TLS hybrid pilot
X25519Kyber768 hybrid terminated on one representative edge pool; telemetry records the planned no-impact change window.
Owner: Edge platform and Qtonic Quantum field engineer
Step 3Weeks 6 to 12
Phase 3 — Release-signer dual-sign
Release-signer dual-sign path validated for selected artifacts; downstream validator update plan and rollback rehearsal documented.
Owner: Release engineering with Qtonic Quantum cryptographer
Step 4Weeks 10 to 16
Phase 4 — SSO JWS algorithm expansion
Identity provider issues ML-DSA-65 JWS alongside RS256; validators accept both; cadence shortened to weekly.
Owner: Identity team with Qtonic Quantum engagement lead
Step 5Weeks 12 to 24
Phase 5 — Wrapping-key migration
Data encryption keys re-wrapped under ML-KEM-1024; RSA-OAEP paths retired after documented soak.
Owner: Platform security and storage engineering
Step 6Ongoing
Phase 6 — Continuous CBOM and governance
QScout continuous discovery plus QStrike spot engagements on release-signing and identity surfaces; governance cadence locked.
Owner: Qtonic Quantum governance partner

Executive summary

Finding density by service class

Representative findings

edge-gateway-prod

release-signer

sso-oidc

internal-kv-store

service-mesh-mtls

log-aggregator

ingress-legacy

cbom-gap

Migration playbook preview

Phase 1 — Crypto inventory and CBOM baseline

Phase 2 — Edge TLS hybrid pilot

Phase 3 — Release-signer dual-sign

Phase 4 — SSO JWS algorithm expansion

Phase 5 — Wrapping-key migration

Phase 6 — Continuous CBOM and governance

Want the real bundle?

Executive summary

Finding density by service class

Representative findings

edge-gateway-prod

release-signer

sso-oidc

internal-kv-store

service-mesh-mtls

log-aggregator

ingress-legacy

cbom-gap

Migration playbook preview

Phase 1 — Crypto inventory and CBOM baseline

Phase 2 — Edge TLS hybrid pilot

Phase 3 — Release-signer dual-sign

Phase 4 — SSO JWS algorithm expansion

Phase 5 — Wrapping-key migration

Phase 6 — Continuous CBOM and governance

Want the real bundle?