The Mythos Shock: When AI Becomes the Threat
In April 2026, Anthropic revealed that its next-generation model, Claude Mythos Preview, had autonomously discovered thousands of high-risk vulnerabilities across major operating systems and web browsers. Due to its potential risks, access to the model was not made public but instead restricted to select partners under Project Glasswing.
Somewhere in a government data center, a server rack is quietly archiving petabytes of encrypted network traffic—financial records, merger documents, engineering blueprints, executive communications. The encryption protecting those files is unbreakable today. The bet is that it will not be unbreakable in 2031.
This strategy has a name: Harvest Now, Decrypt Later (HNDL). It is not a theoretical future risk. Intelligence agencies, cybersecurity researchers, and government regulators are in agreement: nation-state actors are executing HNDL campaigns right now, and the window for organizations to respond is narrowing faster than most security teams realize.
What Is “Harvest Now, Decrypt Later”?
HNDL is a two-phase attack strategy. In the first phase, adversaries intercept and store encrypted data at scale, targeting high-value communications and document traffic. In the second phase, once a sufficiently powerful quantum computer exists, the harvested data is decrypted.
The attack exploits a structural vulnerability in modern encryption. Algorithms like RSA-2048 and Elliptic Curve Cryptography (ECC), which protect the vast majority of HTTPS connections, VPN tunnels, and encrypted email, derive their strength from mathematical problems that classical computers cannot solve in a practical timeframe. A quantum computer running Shor’s algorithm can solve those same problems exponentially faster. The implication is stark: any document that crosses a network today can be harvested and held until that moment arrives.
The Timeline Just Got Shorter
For years, security professionals treated quantum computing as a distant horizon, something to plan for in the 2030s or 2040s. Three research papers published between May 2025 and March 2026 have materially changed that assessment. They reduced the estimated quantum computing resources needed to break RSA-2048 from the previously accepted figure of 20 million qubits to potentially as low as 100,000, using newer architectural approaches. The consistent direction of these advances has prompted leading organizations to revise their timelines upward.
NIST finalized three post-quantum cryptography (PQC) standards in August 2024—ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205)—marking the formal starting gun for enterprise migration. The NSA has set 2030 as its compliance deadline for transitioning national security systems. The critical insight is this: organizations do not have until quantum computers arrive to act. They have until adversaries finish collecting data that will still be sensitive when those computers become available.
Who Is Being Targeted
HNDL campaigns are primarily executed by nation-state intelligence services, though sophisticated criminal organizations are increasingly capable of executing the data-collection phase. The targets are sectors where information retains long-term strategic value:
- Government and defense contractors: classified technical specifications, contract details, personnel records
- Financial institutions: M&A communications, trading strategies, long-term investment positions, client data
- Healthcare and life sciences: clinical trial data, drug formulations, patient records with PII
- Technology companies: source code, product roadmaps, patent filings, licensing negotiations
The common thread is data longevity. An adversary who decrypts a 2026 merger communication in 2031 can still act on that information. A nation-state that decrypts an engineering specification for a critical infrastructure system in 2030 retains a meaningful strategic advantage. If your organization produces any information that would be sensitive five or more years from today, it is a viable HNDL target right now.
The Gap in Most Security Architectures
Most enterprise security addresses encryption at the transport and storage layers. TLS/SSL encrypts data in transit; full-disk encryption protects data at rest on servers and endpoints. These are necessary controls, but they are structurally insufficient against HNDL. Once data leaves a protected perimeter, the transport channel is all that stands between that data and an adversary’s collection infrastructure.
Consider a realistic document lifecycle: a senior engineer emails a product specification to a partner company. The email travels over TLS. The partner stores it in their cloud environment and shares it internally across multiple systems. At any point where that data crosses a network boundary, it can be intercepted and archived. The TLS session ends when the message is delivered. The document then exists in an unprotected state inside the partner’s environment, and every transit hop before that delivery was a potential collection point.
This gap – between protecting the channel and protecting the content- is at the heart of why HNDL cannot be solved by perimeter-centric security models alone.
Why Document-Level Encryption Changes the Equation
Document-level encryption, also called data-centric security or Enterprise DRM, applies cryptographic protection directly to the file itself, not to the channel over which it travels. A protected document carries its encryption regardless of where it goes: email attachment, cloud storage, USB drive, or intercepted network packet. It remains protected after the TLS session ends, after it leaves your environment, and after it reaches an adversary’s archive.
An adversary who harvests a DRM-protected document does not capture a payload that future quantum hardware can brute-force on its own. The access control and key management infrastructure govern whether the document can ever be opened, and a properly implemented platform can be updated to post-quantum cryptographic algorithms without requiring organizations to re-distribute or re-encrypt existing documents.
Beyond encryption, document-level security provides several capabilities that are uniquely relevant to the HNDL threat model:
- Persistent access controls: authorization can be revoked after a document has been distributed. A document harvested today can be rendered permanently inaccessible if access rights are withdrawn before the adversary’s decryption window opens.
- Audit trails: every open, edit, and print event is logged with user and IP address, enabling accurate scope assessment after a suspected collection event.
- Expiry controls: documents can be configured to expire automatically, preventing future access even if an adversary stores them indefinitely.
Building a Quantum-Ready Security Posture
Organizations do not need to solve the full post-quantum migration problem overnight. The practical priority is building toward cryptographic agility, the ability to swap cryptographic algorithms without disrupting the broader security architecture, while implementing document-level protections that provide resilience today.
| Priority | Action |
| Immediate | Inventory sensitive document types with long retention requirements (contracts, IP, regulated data, strategic plans). These are the highest-priority HNDL targets. |
| Short-term | Apply document-level encryption to high-value categories. Establish access controls that can be updated independently of the documents themselves. |
| Medium-term | Audit transport-layer cryptography. Identify systems using RSA or ECC for long-retention data and prioritize for PQC migration. |
| Ongoing | Validate that key security vendors have published PQC migration timelines and track NIST standards adoption across the stack. |
The NSA’s 2030 deadline should be treated as a ceiling, not a target. Organizations in defense, financial services, healthcare, and critical infrastructure should treat post-quantum readiness as an active program today—not a future roadmap item.
Fasoo AI’s Approach
Fasoo Enterprise DRM platform applies persistent encryption and access controls at the document level—the architectural layer where HNDL resilience must ultimately be built. Documents protected by FED carry their authorization policy with them regardless of where they travel, providing a layer of protection that is independent of transport-layer cryptographic vulnerabilities.
Key capabilities relevant to the quantum threat include file-level encryption, centralized key management, post-distribution access revocation, document expiry controls, and a comprehensive audit trail. As NIST-standardized post-quantum algorithms mature, Fasoo’s architecture is designed to adopt updated cryptographic primitives without requiring organizations to rebuild their document security workflows.
The Harvest Is Already Underway
The most important thing to understand about HNDL is the tense: present, not future. The accumulation of encrypted enterprise data by nation-state actors is an ongoing activity, not a hypothetical scenario. The documents your organization transmits today—over encrypted channels, through cloud platforms, via secure email—may already be in an adversary’s archive.
Post-quantum migration is a multi-year program. The organizations that begin the inventory, implement document-level protections, and build cryptographic agility into their security architecture today are the ones that will navigate this transition on their own terms. The ones that wait will be managing it as an emergency.