QIZ Security Secures $17 Million in Seed Funding to Address Post-Quantum Cryptographic Risks

QIZ Security Lands $17M Seed Round to Address Impending 'Q-Day' Quantum Threat

INFORMATIONAL
July 11, 2026
3m read
Threat IntelligencePolicy and Compliance

Related Entities

Organizations

Other

QIZ SecurityBessemer Venture PartnersMerlin VenturesGartner

Full Report

Executive Summary

QIZ Security, a startup specializing in post-quantum cryptographic (PQC) risk management, has successfully closed a US$17 million seed funding round. The investment, led by Bessemer Venture Partners and Merlin Ventures, will fuel the development of its platform designed to help organizations navigate the transition to quantum-resistant encryption. The funding highlights the growing market concern over "Q-Day," the hypothetical day when a sufficiently powerful quantum computer will render current public-key cryptography obsolete. With experts from Google, IBM, and Gartner forecasting Q-Day could arrive as early as 2029, the threat of "harvest now, decrypt later" attacks has become a tangible, urgent problem for organizations handling long-term sensitive data.

The Post-Quantum Threat

The core of the post-quantum threat lies in Shor's algorithm, a quantum algorithm that can efficiently factor large numbers. This capability will allow a fault-tolerant quantum computer to break widely used asymmetric encryption algorithms like RSA and Elliptic Curve Cryptography (ECC), which underpin the security of most digital communication, from web traffic (HTTPS) to financial transactions and secure software updates.

While Q-Day may be several years away, the risk is immediate. Malicious actors are believed to be engaging in "harvest now, decrypt later" campaigns, where they exfiltrate large volumes of encrypted data today with the intention of decrypting it once a powerful quantum computer becomes available. This makes long-lived secrets—such as government intelligence, intellectual property, and personal health information—vulnerable right now.

Regulatory and Standards Landscape

The investment in QIZ Security comes amid a global push by governments and standards bodies to address the quantum threat:

  • NIST PQC Standardization: The U.S. National Institute of Standards and Technology (NIST) is in the final stages of standardizing a suite of PQC algorithms designed to be resistant to attack from both classical and quantum computers.
  • NSA CNSA 2.0: The U.S. National Security Agency (NSA) has released its Commercial National Security Algorithm Suite 2.0, which mandates timelines for transitioning to quantum-resistant algorithms for national security systems.
  • EU Regulations: Directives like DORA (Digital Operational Resilience Act) for the financial sector and the NIS2 Directive for critical infrastructure are creating pressure on organizations to manage their cryptographic risks, including the impending quantum threat.

QIZ Security's Role

QIZ Security aims to provide a platform that helps organizations manage this complex transition. The typical challenges enterprises face are a lack of visibility into their "crypto-agility"—they often do not have a complete inventory of where and how cryptography is used across their vast IT estates. QIZ's platform is designed to:

  1. Discover: Automatically scan applications, networks, and systems to create an inventory of all cryptographic assets (e.g., certificates, keys, libraries).
  2. Assess: Analyze the inventory to identify the use of quantum-vulnerable algorithms and prioritize assets based on risk and data sensitivity.
  3. Manage & Remediate: Provide a roadmap and tools to help organizations plan and execute their migration to the new NIST-approved PQC standards.

Impact Assessment

The transition to post-quantum cryptography is one of the largest and most complex security migrations in the history of computing. It will affect nearly every piece of software, hardware, and communication protocol. Organizations that fail to plan for this transition risk having their most sensitive data decrypted in the future. The funding of companies like QIZ Security indicates that the market is beginning to recognize the scale of this challenge and the need for specialized tools to manage it. For critical infrastructure, finance, and government sectors, starting the PQC transition is no longer a theoretical exercise but a present-day strategic imperative.

Timeline of Events

1
July 11, 2026
This article was published

Sources & References

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)

Tags

Post-Quantum CryptographyPQCQuantum ComputingQ-DayNISTEncryptionCybersecurity

📢 Share This Article

Help others stay informed about cybersecurity threats

🎯 MITRE ATT&CK Mapped

Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.

🧠 Enriched & Analyzed

Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.

🛡️ Actionable Guidance

Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.

🔗 STIX Visualizer

Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.

Sigma Generator

Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.