March 4, 2026
Tucker Saxon · 8 min read
Citigroup just published what may be the financial sector’s most candid assessment of Quantum+AI threats to date — and the timeline they’re projecting should alarm every CISO in banking. According to Citigroup’s new quantum threat analysis, the institution estimates that cryptographically relevant quantum computers (CRQCs) capable of breaking current encryption could emerge within 5-10 years, with harvest now, decrypt later attacks already underway against their transaction data.
The report, released by Citi’s Technology Infrastructure group, doesn’t mince words: traditional RSA and ECC cryptography protecting trillions in daily transactions will become obsolete the moment a sufficiently powerful quantum computer comes online. What makes this analysis particularly significant isn’t just the threat assessment — it’s that a systemically important financial institution is publicly acknowledging the operational impossibility of responding after Q-Day arrives.
Citigroup’s analysis centers on a critical observation that most enterprise security teams are still missing: the transition to post-quantum cryptography isn’t a project you can schedule for 2030. It’s an operational transformation that takes years to complete — and the math on adversarial patience is brutal.
If CRQCs arrive in 2031 and your encrypted data has a 10-year sensitivity window, any data encrypted after 2021 is already at risk from harvest now, decrypt later attacks.
The report specifically calls out Shor’s algorithm as the primary threat to asymmetric cryptography, noting that a quantum computer with approximately 20 million qubits could factor a 2048-bit RSA key in under eight hours. For context, IBM’s current roadmap targets 100,000+ qubits by 2033 — well within the window where previously harvested data becomes actionable intelligence for adversaries.
But here’s where Citigroup’s analysis gets operationally interesting: they’re not just concerned about quantum computers. The report explicitly links quantum capabilities with AI-enhanced cryptanalysis, noting that machine learning models can already identify patterns in encrypted traffic that reduce the computational burden for quantum attacks. This is the Quantum+AI threat convergence we’ve been tracking — and financial services are ground zero.
Citigroup’s candor about sector-specific risks is refreshing. Financial services face three compounding vulnerabilities that most industries don’t:
Transaction permanence. Unlike healthcare records that can be re-encrypted or corporate emails that lose relevance, financial transaction data has permanent evidentiary and compliance value. A wire transfer record from 2024 can be used to reconstruct trading strategies, identify counterparties, or prove fraud in 2035. This means the sensitivity window for financial data is effectively unlimited — and harvest now, decrypt later attacks have already won if institutions haven’t migrated to quantum-resistant encryption.
Regulatory archaeology. The report notes that financial institutions must retain certain records for up to 7 years under regulations like PCI DSS and various SEC requirements. But litigation and regulatory investigations routinely pull data older than that. Any encrypted archive from 2020-2024 that hasn’t been re-encrypted with PQC algorithms is a ticking time bomb — and retroactive re-encryption of archived data at Citigroup’s scale is a multi-year infrastructure project.
Cross-border complexity. Unlike a single-jurisdiction enterprise, global financial institutions operate under conflicting cryptographic standards across dozens of regulatory regimes. Citigroup specifically flags this as a migration risk: while NIST’s PQC standards (ML-KEM, ML-DSA, SLH-DSA) were finalized in 2024, China published competing PQC standards, and the EU is still harmonizing quantum-readiness requirements under NIS2. A bank can’t simply “flip a switch” to PQC when different jurisdictions mandate different algorithms.
The most operationally damaging revelation in Citigroup’s analysis isn’t about quantum computers — it’s about their own infrastructure. The report acknowledges that “many of our legacy systems were designed with embedded cryptographic assumptions that cannot be easily modified.” Translation: they have hardcoded encryption standards in systems that process billions in transactions daily, and refactoring them without breaking critical workflows is somewhere between extremely difficult and impossible.
This is the crypto-agility gap that will separate institutions that survive Q-Day from those that become cautionary tales. Citigroup estimates their full migration to hybrid classical-quantum cryptography will take “3-5 years minimum” — and that’s starting now, with executive commitment and budget already allocated.
For institutions that haven’t started: if you begin your PQC migration in 2026 and it takes 5 years to complete, you’ll finish in 2031 — the exact midpoint of Citi’s CRQC arrival window. You have zero margin for error.
The report also calls out the CBOM (Cryptographic Bill of Materials) problem: Citigroup doesn’t have a complete inventory of where cryptography is used across their infrastructure. They’re discovering encryption implementations in trading algorithms, mobile apps, ATM networks, and third-party vendor integrations that weren’t documented in security architecture reviews. You can’t migrate what you can’t see — and every hidden cryptographic dependency is a potential Q-Day failure point.
Our Take
Citigroup’s analysis is significant not because it reveals new technical threats, but because it demonstrates that even the most sophisticated financial institutions are just now grasping the operational implications of Quantum+AI convergence. The report reads less like a forward-looking threat assessment and more like a retrospective acknowledgment that the industry should have started this transition three years ago.
The subtext of Citi’s report is clear: they’re concerned about counterparty risk. If they’re struggling with crypto-agility despite massive resources, what does that mean for the regional banks, payment processors, and fintech vendors they depend on?
This is where the systemic risk compounds. Financial services operate on networked trust — SWIFT, ACH, card networks, correspondent banking relationships. A quantum-vulnerable weak link anywhere in the transaction chain compromises the entire network.
If a small institution gets breached via quantum decryption and adversaries gain access to Citi customer data through that partner, Citi’s own PQC migration is irrelevant. The report conspicuously avoids naming this dynamic directly, but the implications are obvious: financial institutions are about to start conducting quantum-readiness audits of their entire partner ecosystem, and vendors who can’t demonstrate crypto-agility will lose access to tier-one banking relationships. This isn’t hypothetical — it’s already happening in procurement conversations.
What makes this moment particularly dangerous is the collision of technical debt with compressed timelines. Citigroup’s admission that they’re still discovering cryptographic dependencies in 2026 means they lost at least two years of migration runway to inventory work that should have been completed in 2023-2024. Smaller institutions that haven’t even started their CBOM audits are facing a compounding deficit: by the time they know what needs migrating, the window for orderly transition will have closed.
Run your CBOM inventory immediately. You cannot migrate to PQC without knowing where cryptography exists in your environment. This includes not just TLS certificates and database encryption, but embedded crypto in trading algorithms, mobile SDKs, hardware security modules (HSMs), and APIs. Citigroup’s admission that they’re still discovering cryptographic implementations should be a warning: if they don’t have full visibility, you probably don’t either.
Audit third-party cryptographic dependencies. Every vendor integration, cloud service, and managed security platform you use is a potential quantum vulnerability. Require your vendors to provide PQC migration roadmaps with specific timelines. If they can’t articulate how they’ll transition to NIST’s quantum-resistant algorithms by 2029, you need alternative suppliers.
Implement hybrid cryptography now, not later. The migration path isn’t “turn off RSA, turn on ML-KEM.” It’s a phased transition using hybrid classical-quantum approaches that maintain backward compatibility while adding quantum resistance. Citigroup’s 3-5 year timeline assumes this hybrid strategy — a direct swap would take even longer and break more systems. Start testing hybrid configurations in development environments today so you understand the performance and compatibility implications before deploying to production.
Citigroup’s quantum threat analysis isn’t just a research paper — it’s a warning shot for an industry that’s chronically behind on infrastructure modernization. The institutions that take this seriously in 2026 will survive Q-Day. The ones that wait for regulatory mandates will be managing breaches instead of preventing them. EnQuanta’s Dynamic-Hybrid Crypto-Agile Framework exists precisely because enterprises can’t afford to learn these lessons the hard way — and Citigroup just demonstrated exactly why delay is no longer an option. The window for proactive migration is closing, and the financial sector’s dependency on networked trust means individual institutional failures will cascade across the entire system.
