Cloudflare, Inc. Announced Tuesday that its Cloudflare One platform is now the first Secure Access Service Edge (SASE) solution to fully support post-quantum encryption across its entire stack, encompassing Zero Trust and Wide Area Network (WAN) services.
The upgrade extends post-quantum cryptographic protections to Cloudflare IPsec and the Cloudflare One Appliance, building on the company’s 2025 launch of post-quantum capabilities for its Secure Web Gateway and Zero Trust solution. This move addresses growing concerns about the potential for quantum computers to break existing encryption standards, a threat highlighted by the National Institute of Standards and Technology (NIST).
NIST has warned organizations to upgrade cryptographic algorithms by 2030 to protect against future quantum computing capabilities. According to Cloudflare, the platform’s novel capabilities allow organizations to protect sensitive data against next-generation cyber threats and ensure a smooth transition to new cryptographic standards.
“Securing the Internet against future threats shouldn’t be a complex burden, or a reason to fragment the web,” said Matthew Prince, CEO and co-founder of Cloudflare. “Since 2017, we’ve been doing the heavy lifting to bake post-quantum standards directly into the fabric of our network. By bringing this protection to our entire SASE platform, we’re making post-quantum security the default—no hardware upgrades, no complex configurations, and no added cost. We’re ensuring that the secure connections our customers rely on today stay secure for the long haul.”
Cloudflare IPsec, the company’s cloud-native WAN-as-a-Service, now leverages the IPsec protocol to establish encrypted tunnels from a customer’s network to Cloudflare’s global network. Traffic is automatically routed to the nearest available data center, ensuring high availability. The Cloudflare One Appliance upgrade, version 2026.2.0, is generally available, whereas the Cloudflare IPsec upgrade is currently in closed beta.
The company highlighted that its IPsec implementation adheres to the latest Internet standards, supporting cross-vendor collaboration and security at scale. Cloudflare’s post-quantum encryption utilizes hybrid ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) across major network access and egress points.
Experts have noted that the transition to post-quantum cryptography is a significant undertaking, and that threat actors are already engaging in “harvest now, decrypt later” attacks, collecting encrypted data with the intention of decrypting it once quantum computers become powerful enough. Cloudflare’s move aims to mitigate this risk by securing network flows with post-quantum encryption.
