The cipher is almost never the thing that breaks. In thirty years of public cryptographic failure, the algorithm itself has held the line far more reliably than the people and systems built around it. The Advanced Encryption Standard has not been broken. The lattice mathematics behind the new post-quantum signatures is sound. What fails, again and again, is everything that surrounds the mathematics. The key that was never rotated. The signing credential left valid for a decade. The certificate nobody could revoke because no process existed to revoke it. We obsess over the strength of the lock and lose the building because someone left a master key in a drawer.
The proof is in the year just gone
On the eleventh of June 2026, South Korea's Personal Information Protection Commission fined Coupang 624.6 billion won, roughly 409 million United States dollars, the largest privacy penalty in the country's history. The personal data of 37.55 million people, around two thirds of the population, was exposed. The cause was not a cracked cipher. A former employee, the very person who had built Coupang's alternative authentication system, walked out at the end of 2024 carrying the signing key that underpinned it. That key was never revoked. He used it, by the regulator's account, to generate legitimate-looking tokens long after he had any right to. The mathematics worked perfectly. That was the problem.
It is not an isolated story. Microsoft's Storm-0558 intrusion turned on a consumer signing key that engineers later found had been captured in a Windows crash dump, then used to forge access tokens for cloud mail. The 2025 disclosure of CVE-2025-3052, a memory-corruption flaw in a Microsoft-signed Unified Extensible Firmware Interface module, showed how a single trusted key can be turned into a Secure Boot bypass across millions of machines. Datadog's package-signing key was exposed through a breach at a continuous-integration vendor, CircleCI. Different companies, different decades, one pattern. The key, not the cipher, is the soft target.
Why the hard part is the part we ignore
There is a comfortable reason we focus on algorithms. They are legible. A cipher has a name, a key length, a paper, a competition. You can put it on a slide and feel secure. Key management has none of that glamour. It is custody, rotation schedules, revocation lists, hardware boundaries, and the unglamorous question of what happens at three in the morning when a key is suspected compromised and nobody is sure which systems still trust it.
Key management is a lifecycle problem, and lifecycles are where organisations are weakest. A key is generated, distributed, used, rotated, and retired. Every one of those transitions is a place to fail. The Coupang key failed at retirement, because there was no retirement. The Datadog key failed at custody, because it sat where a third party could reach it. The hardest property to engineer is not secrecy on day one. It is the ability to change your mind safely on day one thousand, to rotate or revoke a key without breaking everything that ever trusted it.
Crypto agility, the discipline almost nobody has
Janus, who looks both backward and forward. A long-lived record must carry its past proof across every key change into its future, intact.
The 2026 deadline the security industry keeps circling is post-quantum migration. In August 2024 the National Institute of Standards and Technology published its first finished standards: Federal Information Processing Standard 203 for key encapsulation, 204 and 205 for digital signatures. The National Security Agency's Commercial National Security Algorithm Suite 2.0 requires quantum-safe algorithms in new national security systems from January 2027. The pressure is real, and it is sharpened by the harvest-now-decrypt-later threat, where an adversary records encrypted traffic today to open it once a quantum computer arrives. Between May 2025 and March 2026, three results cut the estimated quantum resources to break two-thousand-and-forty-eight-bit Rivest-Shamir-Adleman from twenty million qubits toward fewer than a million, in some architectures as low as a hundred thousand. The horizon moved closer while most people were not looking.
Here is the uncomfortable finding. An industry survey in 2025 reported that 62 percent of technology professionals worried quantum computing would break current encryption, while only 5 percent had made it a near-term priority. The gap between concern and action is the whole story. Migrating algorithms is not a download. It is crypto agility, the organisational capability to swap a cryptographic primitive across every system and dependency without breaking them. Almost nobody has it, because almost nobody designed for it. They hard-wired one algorithm into the foundations and assumed the foundations were permanent. Nothing in security is permanent. The cipher you trust today is the legacy liability you must rip out tomorrow.
Where this lands for anything that has to last
Now take the hardest case. Picture a record that has to stay verifiable not for a session or a year, but for the working life of an institution. An audit trail a regulator, an auditor, or a court might check long after the keys that signed it have been rotated out and the algorithm that signed it has been deprecated. That record cannot afford a single key event to invalidate its history. It must rotate signing keys and migrate algorithms while every entry ever written stays provable. That is the engineering problem most systems quietly fail, because they treat verifiability and change as enemies. They are not. They have to be designed as friends from the first line.
I built Mickai, our Sovereign Intelligence Operating System, around that requirement rather than bolting it on afterward. Every action the system takes is signed before it executes and written to the Open Audit Record, an append-only, hash-chained ledger. The signatures use the post-quantum standard, Federal Information Processing Standard 204, ML-DSA-65, so the chain is not waiting for a migration it never planned. Signing keys live in hardware custody, not in a configuration file a leaver can copy. And the chain is built to survive its own key rotations. When a key is retired, the record carries the proof of succession forward, so the history before the rotation stays as verifiable as the history after it. The audit root anchors to Bitcoin through Pantheon, our sovereign Layer 1 blockchain, so the order of events is fixed beyond our own reach.
Verifiable by you, not vouched for by me
An append-only chain whose links stay sealed through every rotation, its root anchored to something beyond the vendor's reach.
The point that matters most is who gets to check the work. A claim of security you cannot independently verify is not security, it is a promise, and the year just described is a catalogue of promises that did not hold. The Open Audit Record is verifiable offline by a browser-resident verifier. No network call. No trust in the vendor. No trust in me. You hold the chain, you run the verifier, you see for yourself whether the signatures and the hashes line up across every rotation and every algorithm change. The mathematics that makes this possible is the easy part, available to anyone. The hard part is building a system honest enough to hand you the means to audit it, and durable enough that handing it over still works ten years and three key rotations from now.
Mickai is built, live, and production-ready, fifty brains across twenty-five domain and twenty-five operational functions running on the Poseidon silicon substrate. The architecture sits behind 101 filed United Kingdom patent applications, roughly 2,234 claims, owned by Mickai LTD, Companies House number 17166618, with myself as named inventor. None of that is the point of this essay. The point is the principle the year keeps teaching us. Pick the strongest cipher you like. It will not save you. What saves you is custody, rotation, agility, and a record that stays provable while everything underneath it changes. Cryptography is the easy part. We should start spending our attention on the hard one.
Top comments (0)