In September 2025, the Federal Reserve published a research paper with a title that should have made front pages but barely registered outside academic circles: “Harvest Now, Decrypt Later.” The paper described a threat that intelligence agencies, cryptographers, and a small number of cybersecurity researchers have been warning about for years — and that most of the public still does not understand.
The concept is disarmingly simple. Every encrypted message, every bank transaction, every medical record, every government communication that travels across the internet today can be intercepted and stored. Current encryption makes that stolen data unreadable. But encryption does not last forever. When a sufficiently powerful quantum computer is built — an event researchers call “Q-Day” — the mathematical foundations that protect today’s encryption will collapse. And every piece of encrypted data that was ever collected will become readable. All of it. Retroactively.
In February 2026, Gartner ranked post-quantum cryptography as one of the top cybersecurity priorities globally, specifically citing “harvest now, decrypt later” attacks targeting long-term sensitive data. The World Economic Forum’s Global Cybersecurity Outlook 2026 — based on data from 800 global leaders — identified AI and quantum threats as the fastest-growing risks in the cyber domain.
This is not a future problem. The harvesting has already started.
How the Attack Works
The attack requires no advanced technology today. Intercepting encrypted data as it travels across fiber optic cables, through internet exchange points, or between cloud servers is technically straightforward. Governments and intelligence agencies have been doing this at scale for decades — it was one of the core revelations of the Snowden disclosures in 2013.
What changed is the reason for doing it. Previously, intercepted encrypted data was essentially useless without the decryption key. Now, adversaries collect and store encrypted data with the explicit intention of decrypting it later, once quantum computers become powerful enough to break the encryption algorithms that protect it.
The math behind this threat is specific. Most internet encryption today relies on RSA and Elliptic Curve Cryptography (ECC), both of which depend on mathematical problems that classical computers cannot solve in a reasonable timeframe. RSA depends on the difficulty of factoring very large numbers. ECC depends on the discrete logarithm problem. Both have protected the digital world for decades.
But in 1994, mathematician Peter Shor demonstrated that a quantum computer running what is now called Shor’s algorithm could solve both problems in hours rather than billions of years. The only barrier was building a quantum computer with enough stable qubits to run the algorithm. That barrier is eroding rapidly. Early 2025 research showed that breaking RSA-2048 would require fewer than a million physical qubits — a number that IBM, Google, and IonQ all project to reach by the late 2020s or early 2030s.
The consensus estimate for Q-Day is 2030, plus or minus two years.
Who Is Doing the Harvesting
The Federal Reserve paper does not name specific actors, but the intelligence community has been less circumspect. NSA, CISA, and the UK’s NCSC assess with high confidence that nation-states and sophisticated criminal groups are actively harvesting encrypted data.
China has invested more heavily in quantum research than any other country, operating the world’s first quantum communication satellite (Micius) and building a 2,000-kilometer quantum-secured communication link between Beijing and Shanghai. Russia and Iran are assessed to be conducting HNDL campaigns targeting diplomatic communications, military planning data, and financial infrastructure. The specific targets are logical: any data that will still be valuable in 5-10 years is worth harvesting now.
That includes diplomatic cables (geopolitical strategies play out over decades), medical records (personal health data does not expire), financial transaction histories (useful for intelligence and economic leverage), corporate trade secrets (patent applications, R&D data, merger plans), and military communications (force structure, weapons capabilities, intelligence assessments).
The Federal Reserve’s analysis focused specifically on blockchain networks, and its conclusion was stark: because blockchains are designed to preserve every transaction permanently, they cannot be retroactively re-encrypted. Even if Bitcoin migrates to quantum-resistant encryption tomorrow, every transaction recorded before the migration remains permanently vulnerable to future quantum decryption.
Why You Should Care Even If You Are Not a Government
There is a tendency to dismiss quantum threats as a problem for governments and large corporations. This misses the scope of what HNDL means in practice.
Consider what encrypted data exists about an ordinary person right now: bank account details, tax filings, medical diagnoses, location histories, private messages, passwords, biometric data stored in government databases for passport and visa applications. All of this is encrypted in transit and at rest. All of it is vulnerable to harvesting. And all of it will become readable if the encryption is broken.
IBM’s cybersecurity predictions for 2026 identify a related threat: 13% of companies already reported an AI-related security incident in 2025, with 97% of those affected acknowledging they lacked proper AI access controls. The intersection of AI and quantum threats creates what IBM calls “shadow AI” — unauthorized AI tools deployed by employees that handle proprietary data across multiple environments, creating harvesting opportunities that security teams cannot monitor.
The data breach cost is already measured in billions. IBM’s Cost of a Data Breach Report 2025 places the global average breach cost at $4.4 million. Organizations using AI in security reported $1.9 million in savings — but most organizations are not using AI defensively, and the attackers are moving faster than the defenders.
The Defense That Is Not Moving Fast Enough
NIST (the National Institute of Standards and Technology) finalized the first post-quantum cryptography (PQC) standards in August 2024, including algorithms like CRYSTALS-Kyber for encryption and CRYSTALS-Dilithium for digital signatures. In March 2025, NIST selected HQC as the fifth PQC algorithm. The NSA issued its CNSA 2.0 guidance requiring federal agencies to begin transitioning to quantum-resistant encryption.
On paper, the defense exists. In practice, migration is barely underway. The transition from current encryption to PQC requires organizations to inventory every encryption key and certificate in their systems, identify which data requires long-term protection, implement new algorithms, test for compatibility with existing infrastructure, and retrain technical staff. For large enterprises with decades of accumulated infrastructure, this process takes years.
Gartner’s recommendation for 2026 emphasizes “cryptographic agility” — the ability to swap encryption algorithms without rebuilding entire systems. Organizations that built their infrastructure with a single encryption standard hardcoded into every application, database, and communication protocol now face the prospect of rewriting code that has been accumulating for 20+ years. Most are not remotely prepared for this.
The WEF Global Cybersecurity Outlook 2026 found that while 64% of organizations now assess AI tool security before deployment (up from 37% the year before), quantum preparedness lags far behind. The encryption transition has not reached the urgency level that its timeline demands.
The Time Math That Matters
The Federal Reserve paper introduces a framework based on what cryptographers call Mosca’s Theorem, and the math is unforgiving.
Three variables determine whether data is safe: X is how long the data needs to remain protected (its “shelf life”), Y is how long it takes to migrate to quantum-safe encryption, and Z is how many years until Q-Day arrives. If X + Y is greater than Z, the data is already compromised — even if no one can read it yet.
Consider a hospital system that stores patient records for 25 years (X = 25). Migrating its encryption infrastructure will take approximately 5 years (Y = 5). Q-Day is estimated at 2030, roughly 4 years away (Z = 4). X + Y = 30, which is far greater than Z = 4. Every patient record in that system is already a target for HNDL, and no amount of future migration will protect data that is harvested before the transition is complete.
This is the core insight that distinguishes HNDL from every other cybersecurity threat. Most attacks produce immediate consequences — a stolen password grants instant access, ransomware locks files today. HNDL operates across decades. The theft is invisible. The damage is deferred. And by the time it materializes, the window to prevent it has already closed.
What Happens Next
The next 3-5 years will determine whether the world manages this transition in an orderly fashion or experiences a series of catastrophic retrospective breaches once quantum decryption becomes operational.
The optimistic scenario: organizations accelerate PQC migration, governments enforce transition timelines through regulation, and the “cryptographic agility” that Gartner recommends becomes standard practice. Sensitive data generated from 2026 onward is protected. The damage is limited to data harvested before the transition.
The pessimistic scenario: migration continues at its current pace — slow, underfunded, deprioritized against more immediate threats like ransomware and phishing. Q-Day arrives on schedule. And the accumulated harvest of a decade’s worth of encrypted government communications, financial records, medical data, and corporate secrets becomes an open library for any actor with a sufficiently powerful quantum computer.
The uncomfortable truth is that for data already harvested, there is no retroactive fix. No future encryption standard can protect information that was intercepted and stored before that standard existed. The Federal Reserve’s paper on blockchain data made this explicit: immutability — the feature designed to ensure trust — becomes the greatest vulnerability against quantum threats, because it preserves every past encryption weakness permanently.
For individuals, the practical steps are limited but meaningful: minimize the amount of sensitive data transmitted digitally, use messaging platforms that implement forward secrecy (which limits the value of any single intercepted session), and pressure institutions that hold personal data — banks, hospitals, government agencies — to disclose their quantum migration timelines.
For organizations, the message from every major cybersecurity authority in 2026 is identical: start now. Not next quarter. Not after the next budget cycle. The harvest is already underway, and every day of delay adds to the pile of data that will one day be readable by machines that do not yet exist but almost certainly will.
Sources:
- Federal Reserve Board — “Harvest Now Decrypt Later”: Post-Quantum Cryptography and Data Privacy Risks (September 2025)
- Gartner — Top Cybersecurity Trends for 2026 (February 2026)
- World Economic Forum — Global Cybersecurity Outlook 2026
- IBM — Cybersecurity Trends: Predictions for 2026 (December 2025)
- The Quantum Insider — Federal Reserve Warns Quantum Computers Could Expose Bitcoin’s Past (October 2025)
- Marine Link / SENTRIQS — Harvest Now, Decrypt Later (May 2025)
- ResearchGate — Harvest Now, Decrypt Later: A Time-Dependent Threat Model for Post-Quantum Cryptography (January 2026)
Disclaimer: This article discusses cybersecurity research and emerging technological threats for informational purposes. It does not constitute professional security advice. Organizations seeking to assess their quantum readiness should consult certified cybersecurity professionals and refer to NIST’s Post-Quantum Cryptography Standards (FIPS 203, 204, 205) for technical guidance.
