惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
GbyAI
GbyAI
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 三生石上(FineUI控件)
美团技术团队
Last Week in AI
Last Week in AI
WordPress大学
WordPress大学
L
LangChain Blog
雷峰网
雷峰网
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 叶小钗
Engineering at Meta
Engineering at Meta
腾讯CDC
Recent Announcements
Recent Announcements
The Register - Security
The Register - Security
有赞技术团队
有赞技术团队
Blog — PlanetScale
Blog — PlanetScale
博客园 - Franky
博客园 - 司徒正美
The Cloudflare Blog
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
C
Check Point Blog
小众软件
小众软件
V
Visual Studio Blog
V
V2EX
F
Full Disclosure
J
Java Code Geeks
MongoDB | Blog
MongoDB | Blog
罗磊的独立博客
人人都是产品经理
人人都是产品经理
量子位
Apple Machine Learning Research
Apple Machine Learning Research
F
Fortinet All Blogs
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 【当耐特】
博客园_首页
Y
Y Combinator Blog
N
Netflix TechBlog - Medium
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
Recorded Future
Recorded Future
G
Google Developers Blog
Vercel News
Vercel News
大猫的无限游戏
大猫的无限游戏
Microsoft Azure Blog
Microsoft Azure Blog
U
Unit 42
爱范儿
爱范儿
Jina AI
Jina AI

PostQuantum – Quantum Computing, Quantum Security, PQC

Lightning Network's Quantum Problem Bitcoin's Quantum Vulnerability — Anatomy How Close Is the Quantum Threat? Resource Estimates The Quantum Threat to Cryptocurrencies: What's Real Lattice-Based PQC "Limitations" Paper — A Reality Check China's Hanyuan-2 Dual-Core Quantum Computer Pick One Layer First for Your Post-Quantum Migration Cisco Quantum Switch: Room-Temperature Qubit Routing IonQ Claims Q-Day by 2029 — Here's What They Actually Said Project Eleven's 110-Page Quantum Blockchains Report QuantWare Raises $178M Series B Q-CTRL Claims Practical Quantum Advantage Quantum Computing Simulates 12,635-Atom Protein How Quantum Snake Oil Vendors Respond to Hard Questions Simulated Quantum Entanglement | PostQuantum.com Quantum Snake Oil: Guide to Misleading Quantum Terms Quantum AI Trading — Quantum Snake Oil Dictionary Quantum-Proof — Quantum Snake Oil Dictionary Quantum-Grade Encryption — Quantum Snake Oil Dictionary Quantum-Safe Certified — Quantum Snake Oil Dictionary Military-Grade Quantum Encryption | PostQuantum.com What Is a QBOM? Quantum Bill of Materials vs CBOM Explained Quantum-Inspired Encryption — Quantum Snake Oil Dictionary What Is Trust Now, Forge Later (TNFL)? Quantum Blockchain — Quantum Snake Oil Dictionary What Is PQC Migration? The Largest Cryptographic Overhaul Quantum Financial System (QFS) | PostQuantum.com What Is QKD (Quantum Key Distribution)? What Is Quantum Error Correction (QEC)? Unhackable Quantum Encryption | PostQuantum.com Unconditionally Secure — Quantum Snake Oil Dictionary Perfect Secrecy — Quantum Snake Oil Dictionary Information-Theoretic Security | PostQuantum.com Quantum Encryption / Quantum Cryptography Quantum-Enhanced — Quantum Snake Oil Dictionary Quantum-Safe vs Quantum-Resistant vs Post-Quantum Anatomy of Quantum Denial: Bitcoin's Example What Is a Logical Qubit? The Metric That Actually Matters What Is a CRQC? Quantum Computer That Breaks Encryption What Is Q-Day? When Quantum Computers Break Encryption What Is Harvest Now, Decrypt Later (HNDL)? What Is Grover's Algorithm? What Is Shor's Algorithm? The Quantum Threat Explained What Is Quantum Safe? What the Label Means for CISOs What Is Quantum Computing Security? What Is Quantum Cyber Security? What Is Quantum Cryptography? QKD, PQC, and related? Quantum Security: A Complete Guide for Security Leaders What Is Post-Quantum Cryptography (PQC)? Crypto-Agility Is an Architecture Problem, Not a Library Swap IBM Quantum Advantage 2026: Heron + Fugaku Analyzed Aaronson Warns: CRQC by 2029 Is Plausible U.S. Quantum Policy: NQI Reauthorization and PQC Bills The Narrow Advantage: Why Quantum Computing Will Transform Five Industries and Disappoint Twenty The Error Correction Revolution Rewriting Quantum Timelines The Signature Supply Chain: How Deep Does Digital Trust Go? Quantum Chemistry's Honest Ledger: What the Resource Estimates Actually Say About Drug Discovery, Catalysis, and Materials Design Why Quantum Won't Save Wall Street (Yet): An Honest Assessment of Quantum Computing in Finance PQC Standards Fragmentation Quantum Sovereignty and the Utility Trap The Decoder Bottleneck: The CRQC Challenge Nobody Is Talking About IonQ Publishes Complete Fault-Tolerant Blueprint for Trapped Ions — The Walking Cat Architecture Quantum Computing by 2033: Which Industries Win, Which Wait, and Why Nature Reviews Publishes the Definitive CMOS–Spin Qubit Compatibility Assessment IonQ Photonic Interconnect: First Networked Commercial Quantum Computers QuEra Achieves 2:1 Physical-to-Logical Qubit Ratio With Ultra-High-Rate qLDPC Codes Grover's Algorithm vs AES - Why "Ignore It" Is Almost Right McKinsey Quantum Monitor 2026: Tipping Point? Meta PQC Migration Playbook: Lessons for CISOs NVIDIA Ising: Open AI Models for Quantum Calibration and Error Correction Harvard's Cascade Neural Decoder PQC Signature Migration Before Encryption Architecture Matters as Much as the Algorithm: Q-CTRL's Heterogeneous Quantum Computer Design Cuts RSA-2048 to 190k-381k Qubits China's Quantum Sensing Ecosystem: From Deep-Sea Diamonds to Drone-Mounted Submarine Hunters China's Quantum Sensing Ecosystem: From Deep-Sea Diamonds to Drone-Mounted Submarine Hunters China's Quantum Networking and QKD — World's Most Ambitious Quantum Communication Program Anthropic's Mythos Preview and the End of a Twenty-Year Cybersecurity Equilibrium China's Quantum Networking and QKD — World's Most Ambitious Quantum Communication Program Cloudflare Joins Google: Two Internet Giants Now Say 2029 for Post-Quantum Migration China's Quantum Computing Hardware: The Core Capability the West Keeps Misjudging China's Quantum Computing Hardware: The Core Capability the West Keeps Misjudging QuiX Quantum Achieves First Below-Threshold Error Mitigation in Photonic Quantum Computing China's Quantum Talent Ecosystem: Building a Superpower's Workforce Quantum Threat Timeline Report 2025: Record Predictions, But Can the Survey Keep Up? China's Quantum Talent Ecosystem: Building a Superpower's Workforce China's Hefei National Laboratory: The Nerve Center of a Quantum Superpower China's Hefei National Laboratory: The Nerve Center of a Quantum Superpower Gauge Theory Meets Quantum Computing China's 15th Five-Year Plan Makes Quantum an Industrial Imperative — Not Just a Research Priority China's 15th Five-Year Plan Makes Quantum an Industrial Imperative — Not Just a Research Priority QuantumShield360 AI Achieves World's First Complete Post-Quantum Cryptography Migration — Full Quantum Resilience Across All Enterprise Systems 10,000 Qubits to Run Shor's Algorithm Google Quantum AI Achieves 10x Reduction in Resources to Break Bitcoin's Cryptography The U.S. Intelligence Community Just Put Quantum on Equal Footing with AI. And Expanded the Threat Definition Google Just Drew a Line in the Sand: PQC Migration by 2029 Silicon Crosses the Logical Threshold: First Universal Logical Operations Demonstrated in a Silicon Quantum Processor The 1,000-Qubit Ceiling That Probably Isn't Science Confirms What Large Corporate Survivors Already Knew - Organizational Bullshit Makes You Worse at Your Job A New Algorithm Shrinks the Quantum Attack Surface for ECC Quantinuum Squeezes 94 Logical Qubits from 98 Physical — But What Does It Actually Mean?
Removing the Attack Surface: An Impossible Claim
Marin Ivezic · 2026-06-25 · via PostQuantum – Quantum Computing, Quantum Security, PQC
Removing Attack Surface

Table of Contents

This article is part of the Quantum Snake Oil Dictionary a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Red Flag Term.

“Removes the Attack Surface”

A note before we begin. This entry examines claims that a product “removes,” “eliminates,” or leaves “no” attack surface. I am not writing about any specific company or product. Reducing attack surface is a real and valuable goal. Removing it entirely is not a goal, because it is not achievable, and a vendor who claims to have done it has told you something important about the vendor.

There Is No Such Thing as Zero Attack Surface

A system’s attack surface is the sum of all the points where an attacker could try to get in or extract data: network interfaces, software dependencies, configuration, credentials, the people who operate it, the physical hardware. Good security work shrinks that surface. It removes unused services, narrows permissions, patches dependencies, and limits who can touch what.

What it cannot do is reduce the surface to nothing, because a system that does useful work must accept input, process data, and produce output, and each of those is a point of contact. A system with no attack surface is a system with no function. The moment data is decrypted to be read, a key is loaded to be used, or a person logs in to do their job, surface exists. This is not pessimism. It is the definition of what a working system is.

Encryption Relocates the Surface, It Does Not Remove It

Strong cryptography is one of the best tools for shrinking and shifting attack surface, which is exactly why the overclaim is tempting. Encrypt data at rest and an attacker who steals the disk gets ciphertext instead of secrets. The exposure has moved from the data to the key.

That move is the point worth understanding. Encryption relocates the valuable target. It does not delete it. After you encrypt everything, the attack surface becomes the key management, the implementation that performs the cryptography, the endpoints where data must be decrypted to be used, and the humans who hold access. Those are smaller and better-defended targets than plaintext lying in the open, which is real progress. They are not the absence of a target. A vendor who says encryption removed the attack surface has skipped the part where the surface moved to the keys.

The Absolute-Security Tell

Claims of completeness are among the most durable warning signs in the field, and they predate quantum marketing by decades. “Unbreakable,” “unhackable,” “zero exposure,” and “no attack surface” all make the same move: they replace a measurable, bounded claim with an absolute one. Security professionals distrust absolutes for a simple reason. Real systems are evaluated by how much risk they carry and how it is managed, never by a promise that risk has reached zero. As the long history of cryptographic snake oil shows, the vendors most confident that they have eliminated all risk are usually the ones who have looked least hard for it.

The accurate version of the claim is quantitative. A good architecture reduces attack surface, names what remains, and explains how the residual risk is contained. A snake-oil version skips the measurement and jumps to elimination, because elimination sounds stronger and asks the buyer to stop counting.

Questions to Ask a Vendor

“What attack surface remains after your product is deployed, and how is it defended?” Every honest answer includes a remainder: keys, endpoints, operators, dependencies. An answer of “none” is the finding.

“Where did the protected target move to?” Good security relocates value to a smaller, harder target. Ask the vendor to name it. If they cannot, they have not thought in those terms.

“How would an attacker who already has a foothold on an endpoint proceed?” This bypasses the perimeter framing and tests whether the vendor has modeled the surface that always remains.

The Bottom Line

Reducing attack surface is one of the most useful things a security product can do. Removing it is not something any product can do, because a system that functions must expose points of contact, and encryption moves the valuable target rather than erasing it. Treat “removes the attack surface” the way you would treat “unbreakable”: as a claim that has crossed from engineering into marketing. The trustworthy version tells you what surface remains and how it is held. The other version tells you to stop asking.

Quantum Upside & Quantum Risk - Handled

My company - Applied Quantum - helps governments, enterprises, and investors prepare for both the upside and the risk of quantum technologies. We deliver concise board and investor briefings; demystify quantum computing, sensing, and communications; craft national and corporate strategies to capture advantage; and turn plans into delivery. We help you mitigate the quantum risk by executing crypto‑inventory, crypto‑agility implementation, PQC migration, and broader defenses against the quantum threat. We run vendor due diligence, proof‑of‑value pilots, standards and policy alignment, workforce training, and procurement support, then oversee implementation across your organization. Contact me if you want help.

Talk to me Contact Applied Quantum

Photo of Marin Ivezic

I am the Founder of Applied Quantum (AppliedQuantum.com), a research-driven consulting firm empowering organizations to seize quantum opportunities and proactively defend against quantum threats. A former quantum entrepreneur, I’ve previously served as a Fortune Global 500 CISO, CTO, Big 4 partner, and leader at Accenture and IBM. Throughout my career, I’ve specialized in managing emerging tech risks, building and leading innovation labs focused on quantum security, AI security, and cyber-kinetic risks for global corporations, governments, and defense agencies. I regularly share insights on quantum technologies and emerging-tech cybersecurity at PostQuantum.com.