This website uses cookies

Read our Privacy policy and Terms of use for more information.

Everyone agrees that a big enough quantum computer will break the encryption that the internet runs on. That part is settled. The strange part is the money. Almost all of it is going into building those computers, and almost none of it is going into defense.

Venture investors put $3.9 billion into quantum computing across 125 deals in 2025, the biggest year the category has ever had. Every company building the defense against those machines raised about $258 million across 14 deals. That is a 15-to-1 gap in the offense's record year. Throughout the history of quantum security, the category has raised about $2.5 billion, but one company has accounts for $2 billion of that.

If quantum is the threat everyone says it is, the defense should be a gold rush, but historically, it looks like a rounding error.

Then, on June 22, 2026, the White House signed two executive orders on the same day. One pays to build the machine that breaks encryption. One orders the country to defend against it. So the government is now bankrolling both sides of a trade that the private market will not touch evenly. The data shows just how lopsided that market still is.

Quantum computing out-raised all of quantum security by about 15 to 1 in 2025. (Click to enlarge.)

Who is writing the checks?

The marquee names from the computing boom show up on the defense, too. NVIDIA, Google, BNP Paribas, Ray Dalio, T. Rowe Price, Eric Schmidt, Marc Benioff, In-Q-Tel, and Bahrain's sovereign wealth fundMumtalakat, have all written checks for quantum security. Almost all of that money went to one company, SandboxAQ, the AI-and-quantum company spun out of Alphabet. Pull SandboxAQ out of the data, and most of those names go with it. What remains is a thin pipeline of seed-stage startups living on government grants and strategic corporate funding.

The four segments of quantum security

Quantum security is really two different jobs and four product segments, and I track them separately because they behave nothing alike. (If you want the defender's playbook instead of the investor's view, I wrote a full primer on quantum security and defense in depth.)

Security for quantum: hardening the crypto we already use

This is the job of rebuilding today's cryptography so it survives a future quantum computer. The Signal files it under the Post-Quantum Security domain, and it holds nearly all the money.

  • Post-Quantum Cryptography (PQC). The new, quantum-resistant encryption and signature algorithms (the ones NIST blessed in 2024). About $2.3 billion raised all time, and roughly $2 billion of that is SandboxAQ. The rest of the segment is basically BTQ, PQShield, and QuSecure.

  • Crypto-Agility and Migration. The unglamorous tooling that actually finds and swaps an organization's encryption. This is the one segment with a hard federal mandate pointed at it, and it is the least-funded corner of the whole field. About $115 million, ever. Most of that is Arqit.

Quantum for security: physics as the defense

This is the job of using quantum mechanics itself as the security mechanism. The Signal files it under Quantum for Security. It is older, stranger, and tiny.

  • Quantum Key Distribution (QKD). Encryption keys are exchanged as quantum states, where any attempt to intercept them is detectable by design. About $142 million all-time. QuintessenceLabs, Qunnect, and ID Quantique lead it.

  • Quantum Random Number Generation (QRNG). True randomness pulled straight from quantum physics is used to build stronger keys. The smallest segment of all, about $20 million ever. That is Quside, Crypto Quantique, and Quantum Dice, and not much else.

Where the defensive dollars actually go

Put the dollars on those four segments, and the concentration is obvious. Post-Quantum Security appears well-funded only because of SandboxAQ. Take SandboxAQ out, and PQC is three companies in a trenchcoat (BTQ, PQShield, QuSecure).

Interestingly, crypto-agility, the exact layer the deadline lands on, is the smallest slice on the board.

Post-Quantum Security funding is real, but it is mostly SandboxAQ (black). The migration layer (amber) barely registers. (Click to enlarge.)

The Quantum for Security side is smaller still. Add up every QKD and QRNG company on earth, and you get about $163 million, combined, across the entire history of the field. It has never cleared $50 million in a single year.

The quantum-as-security field (QKD and QRNG hardware) has never crossed $50M in a single year. (Click to enlarge.)

One company is the market

SandboxAQ is most of quantum security by itself. The Signal puts its lifetime funding at about $1.98 billion, on a $5.6 billion valuation. That is roughly 78 cents of every dollar ever raised in the category. Its 2025 rounds pulled in Nvidia, Google, Eric Schmidt, In-Q-Tel, and Mumtalakat, and in June 2026, a $500 million U.S. Department of Commerce commitment topped it off (days before the same executive orders named Commerce as the agency running the federal PQC pilot). Take SandboxAQ out of the count, and everyone else on the board, combined, has raised about $555 million. Ever.

Take out SandboxAQ, and the whole field is a few mid-size names and a long, mostly European tail. (Click to enlarge.)

Washington moved the deadline up five years

The two June 22 orders split the work cleanly. The first one (Ushering in the Next Frontier of Quantum Innovation) funds the offense. It kicks off a national push to build a large-scale quantum computer at a Department of Energy lab, points to about $625 million already committed to quantum research institutes, and (per the reporting around it) sits next to roughly $2 billion in CHIPS Act money steered toward firms like IBM and GlobalFoundries. When the orders dropped, the quantum computing stocks popped.

The second order (Securing the Nation Against Advanced Cryptographic Attacks) handles the defense, and this is the one security teams should be reading. It hands OMB and the National Cyber Director a nationwide migration to post-quantum cryptography, and it puts real dates on the calendar. Federal high-value systems move to PQC encryption by 2030 and authentication by 2031. Commerce runs a migration pilot due in 2027. Contractors fall in line by 2030. The old, soft target was somewhere around 2035. These orders yanked it forward about five years.

The market is funding the wrong half (so far)

So far, the market has funded the wrong half. The half it skipped happens to carry both the biggest opportunity and the most miserable, unglamorous work in security. Here is what is actually going on underneath that.

Quantum security is a hard sell, and that is most of the story. The whole pitch is 'spend real money now against a computer that does not exist yet.' It loses to the breach sitting in your inbox this morning, every single time. (It is also why the offense raised so easily. A quantum computer you can fund, benchmark, and put in a press release is a far better story than a threat you have to take on faith.) A distant risk almost never wins a budget fight against a present one, and quantum is about as distant a risk as it gets.

The work is enormous, and almost none of it is the shiny new math. The algorithms are basically finished. The hard part is the archaeology. You have to find every place cryptography is buried: keys, certificates, libraries, protocols, third-party vendors, embedded gear, the load-bearing script some engineer wrote in 2014 before they left the company. Most organizations cannot produce that map today. 2030 looks far away on a slide. For a discovery-and-migration program across a real enterprise or a federal agency, it is next quarter's problem that should have started four quarters ago.

We have run a smaller version of this before. The move from SSL 3.0 to TLS 1.0 was the same drill: hunt down every weak cipher and rip it out. It is that same project all over again, except this time you get even less to show for it at the end. What pushed SSL over the line to TLS was the browsers. Chrome and Firefox started marking the old protocol as insecure and eventually stopped negotiating it altogether, so any site that had not migrated displayed a warning to every visitor or failed to load. The cost of doing nothing landed on the customer's screen right away. Quantum security has no Chrome. Nothing refuses to load your bank because the backend is not quantum-safe yet. The deadline is real, but there is no consumer-facing cliff behind it, and that pressure is exactly what gets a migration like this done.

And it taught a lesson that the quantum conversation keeps skipping. Every one of these changes has two sides, and you only ever control one of them. Plenty of companies cleaned up their own house and then slammed into a wall: some third party running a business-critical process (the nightly batch job that moves the actual money) on a system that simply could not speak TLS. So they cut a business-critical exception, and the dead cipher lived on for years (and is likely still living). Post-quantum migration is going to be that, at a much bigger scale. You can make your side perfectly quantum-safe and still be stuck in a chain next to a partner who never will.

That is the opening, and it is a big one. The dollars chased the original science (which is exactly why it got so little traction), but the White House deadline landed on the last mile logistics. Logistics we cannot science our way out of. Somebody still has to walk into the bank, the agency, the hospital, find the crypto, rank it by risk, and swap it out without taking the business down. Turn that from a multi-year manual slog into a fast, provable path, and you own the most valuable and least-funded corner of this whole market. Crypto-agility and migration have raised $115 million in total ever. The rule it now serves covers every federal high-value system and every contractor, on a 2030 clock. The money has not caught up to that yet.

The threat was always a hard sell, but the deadline is not. Whoever can take a federal agency or a Fortune 500 from chaos to quantum-safe, with proof, before 2030 is going to print money. The market just has not figured that out yet.

Data: The Signal by Return on Security (funding figures current as of June 2026). Quantum computing totals per PitchBook and Fortune. Executive order details per the White House fact sheets from June 22, 2026, and contemporaneous reporting. The $2 billion CHIPS figure comes from press reporting, not the White House fact sheets.

References

Sources

Companies mentioned (profiles on The Signal)

Reply

Avatar

or to participate

Keep Reading