Post-Quantum Readiness Platform · v0.1

Is your infrastructure quantum-safe?

Scan any domain for ML-KEM support, assess your organization, and explore the four NIST standards. Every page is a tool — no blog, no news feed, no filler.

Try: cloudflare.com · signal.org · github.com

35.2%

Human HTTPS to Cloudflare using PQC

Cloudflare Radar · live

1,614

Days until NSA NSS PQC deadline

Jan 2, 2030

X25519MLKEM768

Dominant hybrid KEM in deployment

IETF draft-ietf-tls-hybrid-design

7,856 B

SLH-DSA-128s signature — breaks DNS UDP

RFC 1035 limit: 512 B

01 · Scan

Scan a Domain

Real TLS handshake against any target. Detects hybrid ML-KEM groups, TLS version, and certificate chain details. Powered by OpenSSL 3.6 + liboqs.

→ 02 · Assess

Assess Your Org

15-question guided assessment across governance, inventory, vendors, and crypto-agility. Radar chart + letter grade + remediation plan.

→ 03 · Explore

See the Threat

Harvest-Now-Decrypt-Later simulator. Set data lifespan, Q-Day estimate, and migration timeline — see your exposure window.

→

Vendor readiness · Snapshot

Who's actually shipping PQC?

Open full matrix →

Cloudflare Widely Available

X25519MLKEM768 (default)

CDN/Edge

AWS Widely Available

X25519MLKEM768 (KMS, ALB, CloudFront)

Cloud

Google Cloud Widely Available

X25519MLKEM768

Cloud

Microsoft Azure Transitioning

Hybrid ML-KEM in SymCrypt

Cloud

Akamai Transitioning

Hybrid PQ TLS on select endpoints

Palo Alto Networks Widely Available

Cipher Translation Proxy (hybrid in, classical out)

SASE/Firewall

Zscaler Widely Available

PQC IPsec PPK + inline PQ inspection

SASE/Firewall

Methodology

Domain scans are run against a containerized OpenSSL 3.6 compiled with the oqs-provider from the Open Quantum Safe project. Browser self-tests fall back to Cloudflare Research's PQ endpoint when a local probe isn't possible. A self-hosted PQ test endpoint is on the roadmap as primary.