KXCO Post-Quantum Cryptography

When the company that built the AI race asks the world to slow down, it is worth understanding why — and what it means for everything that depends on cryptography.

In late May 2026, Anthropic closed a 65 billion dollar Series H round at a 965 billion dollar post-money valuation, overtaking OpenAI to become the most valuable private company in artificial intelligence and arriving within touching distance of a trillion dollars. Weeks later, the same company published a paper through its newly formed Anthropic Institute, When AI Builds Itself, arguing that frontier developers should build the ability to slow or pause development — and that Anthropic would do so if rivals at or near the frontier verifiably did the same.

That is a striking position. One of the principal architects of the current acceleration is warning that the finish line may arrive faster, and more dangerously, than anyone planned for. The reason is a dynamic the paper calls recursive self-improvement: AI systems increasingly capable of building their own successors, with shrinking human involvement.

The evidence Anthropic cites is concrete, measurable, and sobering. It is also the clearest argument yet for why post-quantum cryptography can no longer be treated as a problem for later.

What Anthropic actually reported

As of May 2026, Anthropic says more than 80 percent of the code merged into its production codebase was authored by Claude — up from low single digits when Claude Code launched in February 2025. By its own account, a typical engineer now merges several times more code per day than in 2024.

The company also ran an experiment that is hard to dismiss. Claude-powered agents were given an open problem in AI safety and left to work it: propose hypotheses, run experiments, share findings, and iterate. Two human researchers, working the same problem for about a week, recovered roughly 23 percent of the available performance gap. The agents recovered 97 percent — over some 800 cumulative hours of work and about 18,000 dollars of compute.

Its experimental Mythos Preview system goes further. It can work autonomously for sixteen hours or more. On research navigation — the harder test of whether a model can exercise judgment rather than merely follow instructions — it outperformed skilled Anthropic researchers 64 percent of the time, up from 51 percent for the previous generation. On certain code-optimization tasks it produced speedups of around 52 times, and in an internal security project it surfaced more than ten thousand high- and critical-severity software vulnerabilities in its first weeks.

The trajectory is the headline. In early 2024, the longest tasks Claude could complete reliably and autonomously were measured in minutes. By 2026, Anthropic reports twelve-hour autonomous tasks, with the length of task a frontier model can handle doubling roughly every four months — faster than the seven-month doubling that the independent evaluator METR measured across the longer 2019 to 2025 run. Extrapolated, that points to week-long autonomous tasks in 2027.

Why this compresses the quantum timeline

The instinct is to read all of this as a story about software jobs or AI safety. It is also, directly, a story about cryptography.

Nearly every digital interaction you rely on — banking, identity, supply-chain integrity, blockchain transactions, the certificates behind every padlock in your browser — is protected by public-key cryptography such as RSA and elliptic-curve schemes. Those rest on mathematical problems that a sufficiently powerful quantum computer can solve efficiently using Shor's algorithm. A cryptographically relevant quantum computer would render that protection obsolete for any data or signature still relying on it.

The threat is not purely future-tense. The "harvest now, decrypt later" strategy is already active: sophisticated adversaries intercept and archive encrypted traffic today, betting they can decrypt it once the hardware exists. Anything that must stay confidential for a decade or more — state secrets, intellectual property, long-dated financial contracts, medical records, private keys, AI model weights — is already exposed in storage.

What the Anthropic disclosures add is pressure on the supply side of that threat. AI is no longer only a consumer of compute; it is becoming an accelerator of scientific discovery itself. The same capability curve that turned a week of human research into a near-complete autonomous run can be turned on the bottlenecks of quantum engineering — algorithm design, error correction, qubit control, materials discovery — and on cryptanalysis. If AI compresses its own timeline, it can compress the quantum timeline with it. The window marked "later" is getting shorter.

Why classical crypto cannot wait

Most organizations still treat post-quantum migration as a compliance exercise for a future budget cycle. Three converging realities make that posture untenable.

Data longevity. Anything that must remain secret for ten to thirty years is already at risk if it is protected only by classical public-key cryptography. Once exfiltrated, it is compromised the moment a capable quantum computer comes online — whenever that is.

Signature longevity and non-repudiation. Signatures created today often need to be verifiable and legally binding decades from now: contracts, regulatory filings, audit trails, software supply-chain attestations. ML-DSA, standardized as FIPS 204, was designed for exactly this durability.

An AI-native attack surface. As autonomous agents begin to sign transactions, authorize actions, and attest to outputs, classical signatures on those artifacts become single points of future failure. The code those agents generate and deploy must itself be signed with algorithms that cannot be forged later — or the whole software supply chain becomes suspect.

There is also a geopolitical reality that removes any illusion of a coordinated global pause. As commentators across the political spectrum have noted, no leading power wants to slow down while rivals press ahead, and a nation unwilling to pause its AI effort will not voluntarily slow its quantum or cryptanalytic one. In that environment, cryptographic agility and quantum resistance stop being hygiene and become competitive and strategic necessities.

The standards exist. Adoption is the gap.

The cryptographic community has done its part. In August 2024, after years of public evaluation, NIST finalized its first post-quantum standards:

• FIPS 203 (ML-KEM) — the primary standard for quantum-resistant key exchange and encryption.

• FIPS 204 (ML-DSA) — the primary standard for quantum-resistant digital signatures, formerly CRYSTALS-Dilithium.

• FIPS 205 (SLH-DSA) — a hash-based backup signature scheme built on different mathematics, for diversity.

For most enterprise and institutional use, ML-DSA-65 (NIST security Level 3) has become the practical sweet spot: strong security margins with manageable sizes — public keys around 1.9 KB, private keys around 4 KB, signatures around 3.3 KB. National-security systems set a higher bar; the NSA's CNSA 2.0 suite mandates the Level 5 parameters, ML-DSA-87 and ML-KEM-1024. Either way these are production-ready, with growing library and hardware support. The remaining challenge is integration at scale — especially for organizations building the AI systems and infrastructure that will operate for years.

KXCO: verifiable post-quantum infrastructure, live today

This is the gap KXCO was built to close — a quantum-native cryptographic infrastructure designed for AI-scale operations, institutional compliance, and long-term verifiability.

At the foundation sits Armature L1, KXCO's live, permissioned, EVM-compatible Layer 1 blockchain. It is a post-quantum-hardened, permissioned chain with QBFT consensus and instant finality, and — crucially — native on-chain ML-DSA-65 (FIPS 204) signature verification built directly into the protocol as a precompile. Post-quantum signatures are verified by the chain itself, not bolted on in application code. KXCO uses Armature as its verification substrate: ML-DSA-65 identities are registered on-chain, and signatures from across the platform — document signing, deployment attestations, and publishing provenance — are anchored to it, so any party can verify them independently without trusting KXCO. A public explorer at chain.kxco.ai makes the record auditable. This is not a roadmap promise — it is infrastructure operating now.

Layered on Armature are capabilities purpose-built for the AI and institutional world:

PQC Hosting and Bastion (pqc.kxco.ai). For developers and DevOps teams, Bastion scans codebases, dependencies, container configs, and TLS setups for quantum-vulnerable algorithms. Each scan result is signed with ML-DSA-65 and anchored on Armature, producing a tamper-evident, timestamped record of when an environment was assessed and what was found. For deployments KXCO hosts, Bastion goes further — measuring the live post-quantum (hybrid ML-KEM) TLS key exchange and hardening flagged dependencies — and attests the result, so an organization has an independently verifiable record of what was remediated and when, rather than an unprovable blanket claim.

KXCO Sign (sign.kxco.ai). Long-dated legal and financial documents need signatures that stay valid for decades. KXCO Sign signs contracts, board resolutions, and filings with ML-DSA-65 and anchors the verification record on Armature, so any counterparty — human or automated — can confirm authenticity without trusting an intermediary.

KXCOIdentity and KXCO Verified. In an agentic world, both people and the AI agents that act for them need persistent, verifiable identities. KXCOIdentity registers entities on Armature as ML-DSA-65 key pairs, verified directly on-chain with no central database to breach. KXCO Verified adds compliance-grade attestations bound into on-chain credentials.

KnightsVault. For licensed financial institutions, KnightsVault provides white-label, post-quantum software for accounts, settlement, and related operations. The point is the boundary: institutions keep their own regulatory licenses and hold their own assets; KXCO supplies the quantum-safe rails and never takes custody.

Across all of it, KXCO implements the NIST post-quantum standards (FIPS 203, 204, and 205) in production. The architecture is aligned with the direction regulators are setting: the G7 Cyber Expert Group's January 2026 roadmap for the financial sector, which points at the mid-2030s with the most critical systems urged to migrate by 2030 to 2032; the NSA's CNSA 2.0 timeline, which begins requiring quantum-resistant software and firmware signing in 2027 and full National Security Systems coverage by 2035; and US federal guidance under NSM-10, targeting national security systems by 2030 and broad migration by 2035.

What AI builders and institutions should do now

For anyone building or deploying frontier AI, quantum-resistant cryptography has moved from defensive hygiene to prerequisite — for protecting model IP and training data over multi-year horizons, for enabling agents that can sign and transact with durable legal validity, for keeping a software supply chain trustworthy when most new code is machine-generated, and for meeting customers who are themselves under pressure to show a credible PQC plan.

A practical path:

1. Inventory cryptographic dependencies now — data at rest, data in transit, long-lived signatures, and anything that will interact with autonomous agents.

2. Make crypto-agility a design requirement in new AI pipelines and infrastructure.

3. Pilot production post-quantum signing and attestation for high-value artifacts: model deployments, critical documents, agent credentials.

4. Anchor verification on immutable, independently auditable ledgers rather than opaque intermediaries.

5. Choose partners whose architecture is quantum-native rather than retrofitted.

The path forward

The Anthropic warning and the geopolitical reality together draw a clear picture. The AI race will not pause. The capabilities it unlocks will accelerate other technologies — including those that threaten today's cryptographic foundations. The prudent response is not to slow the beneficial uses of AI, but to harden the digital substrate AI runs on.

The question is no longer whether quantum computers will arrive, or whether AI will accelerate their practical impact. It is whether the institutions and AI systems that define the next era are built on cryptographic foundations that can survive the convergence of the two. Those built on verifiable, durable, agent-ready post-quantum infrastructure will be positioned to lead. Those that are not will be defending an increasingly brittle perimeter.

The race is on. It is not waiting. Neither should we.

About the author. Shayne Heffernan, Ph.D., is an economist, founder of Live Trading News and the KnightsBridge Group, and founder of the KXCO ecosystem — including Armature L1, KnightsVault, sign.kxco.ai, pqc.kxco.ai, and KXCOIdentity. He writes on AI, markets, Bitcoin, biotechnology, and the intersection of emerging technologies with institutional infrastructure. KXCO builds production-grade post-quantum cryptographic systems for corporates, financial institutions, and autonomous AI agents.

Sources and further reading

• Anthropic, When AI Builds Itself (Anthropic Institute, 2026): https://www.anthropic.com/institute/recursive-self-improvement

• Anthropic, Series H funding announcement: https://www.anthropic.com/news/series-h

• METR, Measuring AI Ability to Complete Long Tasks: https://metr.org/blog/2025-03-19-measuring-ai-ability-to-complete-long-tasks/

• NIST post-quantum standards (FIPS 203, 204, 205): https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

• G7 Cyber Expert Group Quantum Roadmap (January 2026): https://home.treasury.gov/system/files/136/G7-CEG-Quantum-Roadmap.pdf

• Explore Armature L1 and on-chain verification: https://chain.kxco.ai

• PQC Hosting and Bastion scanning: https://pqc.kxco.ai

• KXCO Sign for long-term document security: https://sign.kxco.ai