Security
Quantum Security and Post-Quantum Cryptography Companies
Post-quantum cryptography, cryptographic migration, hardware security, quantum-safe networks, and AI cybersecurity companies. QSECDEF independent directory.
Security is the largest tab in this directory because it is where most organisations are spending procurement time right now. The trigger is clear: NIST finalised ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) in August 2024, and those standards have activated migration timelines across government, financial services, critical infrastructure, and defence sectors globally. Every organisation running RSA or elliptic-curve cryptography has a dated asset. The question is no longer whether to migrate; it is how fast, in what order, and with which vendors.
This tab is organised into two sub-groups. Quantum Security covers eight categories: Post-Quantum Cryptography (vendors whose primary product is a FIPS-compliant algorithm implementation), Cryptographic Discovery and Migration (CBOM generation, inventory scanning, crypto-agility platforms), Quantum Threat Intelligence (harvest-now-decrypt-later risk modelling, Q-Day timeline assessment), Hardware Security (HSMs, TEEs, secure elements, and PUFs that will need to run PQC algorithms), Quantum-Safe Networks (VPNs, IPsec/IKEv2, SD-WAN, and tunnelling appliances encrypting traffic with PQC or QKD-derived keys), Quantum-Safe Identity and PKI (certificate authorities and key management systems with documented PQC migration capability), Quantum-Safe IoT (constrained-device implementations for LPWAN, embedded microcontrollers, and SCADA endpoints), and Quantum-Resilient Blockchain (DLT platforms applying PQC primitives to consensus and wallet security).
AI Security covers seven categories for organisations whose threat model now includes adversarial AI: AI Threat Detection, AI SOC Automation, AI Threat Intelligence, AI Model and Application Security, AI Red Teaming, AI Governance and Compliance, and Deepfake and Synthetic Media Security.
The category definitions are sharp. A VPN vendor that added a PQC cipher suite sits in Quantum-Safe Networks, not Post-Quantum Cryptography. A compliance platform addressing EU AI Act obligations sits in AI Governance, not in the Governance tab. If you are tracking a specific procurement requirement, the category boundary descriptions on each company profile show where a vendor was placed and why.