New research from Forescout reveals that while the migration to post-quantum cryptography is underway, progress remains uneven, creating future risks for compliance and cybersecurity. According to the study, approximately 6% of the 186 million SSH servers currently accessible on the internet have adopted quantum-safe encryption. Among OpenSSH servers specifically, that figure climbs to over 20%.
To deal with these issues, Forescout unveiled its Forescout 4D Platform to continuously identify, protect, and ensure compliance of managed and unmanaged cyber assets across IT, IoT (Internet of Things), IoMT (Internet of Medical Things), and OT (operational technology), without business disruption. It delivers comprehensive capabilities for network security, risk and exposure management, and extended detection and response.
Forescout identified that between October last year and March this year, quantum adoption rates increased significantly. The use of ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism, and a National Institute of Standards and Technology (NIST)-approved standard for SSH key exchange, surged by 554%. Meanwhile, adoption of SNTRUP, an earlier post-quantum cryptographic method, rose by 21% during the same period.
While adoption of quantum-safe technologies has accelerated, the pace is likely to taper off as early adopters complete their migrations. A major barrier is outdated infrastructure. Nearly 75% of OpenSSH servers still run versions released between 2015 and 2022, none of which support quantum-safe encryption. In the case of TLS, adoption is even slower, with less than 20% of TLS servers currently using TLS 1.3, the only version that enables post-quantum cryptography.
Since quantum migration has already begun, Forescout wanted to understand its progress. To understand the current use of PQC, the company used two internet scanning tools, Censys and Shodan, to examine two relevant protocols: SSH and TLS.
“Using a Censys query to list the most used SSH key exchange algorithms results in over 186 million hosts on the Internet. These hosts use OpenSSH and other servers, such as Dropbear, which is very common in embedded devices — and also added support for PQC in its latest version 2025.87,” Vedere Labs researchers disclosed in a Thursday blog. “The most popular algorithms currently are curve25519-sha256, diffie-hellman-group-exchange-sha256, and ecdh-sha2-*. These are all quantum-unsafe and run on around 30 million hosts each (16% of the total).”
The post identified that almost three-quarters of OpenSSH servers on the Internet nowadays run versions between 7.0 and 8.9, which were released between 2015 and 2022, just before OpenSSH added support for PQC by default. Even older versions are still common. Versions 9.0 through 10, which have SNTRUP and then ML-KEM as default key exchange mechanisms, are around 21% of OpenSSH servers.
It added “That same 21% is seen in the next chart, which now uses Shodan data. The percentage of OpenSSH servers supporting sntrup761x25519-sha512 grew quickly until it reached the 20-25% range last year. Now it has been oscillating in that range since most servers that could be easily updated – or that had a strong reason to be updated quickly – already did.”
“For TLS, we could not directly measure the new algorithms being supported by servers and clients, but we used TLS version as a proxy for that information,” Forescout noted. “The IETF is only adding PQC support for TLSv1.3. However, the figure below – using data from Shodan – shows how TLSv1.3 (released in 2018) is still only the third most popular version of the protocol supported by servers nowadays.”
Forescout’s analysis points to two key findings. First, the migration to post-quantum cryptography is already underway, with the foundational technologies and standards now in place for organizations to begin adoption. Second, while organizations with the ability to easily upgrade servers and devices are likely to move quickly, the overall pace of adoption is expected to slow over time as the initial, low-complexity deployments are completed and more difficult upgrades remain.
“The main difference of the PQC migration – compared to TLSv1.3 and other previously slow adoption of encryption technology – is that this migration will soon be mandated for critical assets and organizations,” the post added. “Therefore, organizations will need to understand what assets already support PQC, what needs to be migrated or replaced, and what risk those devices bring to the network.”
This is where the Forescout 4D Platform comes in. It delivers intelligent control and continuous governance for any device, anywhere in the enterprise. The platform relies on four core capabilities of discovery, assessment, control, and governance, to manage cyber assets across both managed and unmanaged environments. These capabilities extend from the connected edge to the cloud, offering full visibility and continuous vulnerability scanning across the entire network.
Developed in 2023 and patented in 2024, the Forescout 4D Platform continuously analyzes device encryption to identify vulnerabilities that could be exploited in a post-quantum world. As the threat of quantum decryption accelerates, the urgency to build resilience has never been more critical.
According to a recent Omnia study, 40% of manufacturers expect customers to begin using quantum technologies by 2026. This has raised concerns about ‘harvest now, decrypt later’ attacks, where attackers collect encrypted data today in the hopes of decrypting it once quantum capabilities mature.
“Quantum computing is no longer a far-off concept,” Barry Mainz, CEO of Forescout, said in a media statement. “It’s a fast-approaching reality that will challenge the foundations of digital trust. Every organization, public or private, needs to start thinking about post-quantum resilience across IT, OT, and IoT environments today. This is a rare opportunity to get ahead of a generational shift in cybersecurity before urgency overtakes strategy.”
“As organizations prepare for a post-quantum future, detecting systems using outdated encryption is critical,” said Robert McNutt, chief strategy officer at Forescout. “Forescout is already delivering on this with our patented technology—the only solution that identifies non-quantum-safe ciphers in real time. Whether it’s PHI from medical devices or financial data crossing the web, this level of visibility empowers our customers to assess risk accurately and prioritize remediation where it matters most.”
Forescout’s technology analyzes the cryptographic ciphers each device supports, scoring them against post-quantum safety standards and flagging encryption risks, regardless of whether the device is managed, unmanaged, compliant, or actively evading detection. Operating at the network layer, the platform can identify insecure encryption use even when devices attempt to conceal their identity or security posture.
The Forescout 4D Platform delivers a four-part strategy for achieving quantum-safe resilience. It begins with detection, using patented technology to identify post-quantum-safe assets in real time and provide visibility into the cryptographic posture of hybrid networks. The Forescout 4D Platform provides cybersecurity solutions at scale, giving customers the insights and flexibility they need to govern cyber assets continuously and in near real-time, no matter what their deployment model is.
Enforcement follows through network segmentation with Forescout eyeSegment, which isolates critical systems and secures communication paths. Mitigation is driven by proprietary threat intelligence from Forescout Research – Vedere Labs, helping detect rogue assets or misconfigurations and enabling rapid policy enforcement. Finally, the control phase protects at-risk devices by limiting or restricting their network traffic.
