How vaultless tokenization and fresh thinking can outsmart the quantum threat
The Quantum Apocalypse (No, Really)
When you hear “quantum apocalypse,” you might think of The Terminator or Back to the Future. Robots, flashing red lights, and Doc Brown hanging from a clock tower. But to cybersecurity experts, “quantum apocalypse” is not science fiction. It is a very real and looming threat.
Quantum computers are advancing at a pace that will eventually outstrip the math behind today’s encryption. Some say that moment is 30 years away. Others say it could happen next year. That gap is exactly why leaders are nervous: no one really knows when the clock will run out.
To break this down in a way real people (and not just the tech insiders) can understand, Rixon Technology gathered a panel of experts for a podcast conversation titled: “We’ll Fix It Before the Quantum Apocalypse… Probably.”
What followed was a mix of humor, movie references, and sobering warnings, plus practical solutions for preparing now.
Meet the Panel
Heidi Trost – Author of Human-Centered Security and security- and privacy-focused leader. Heidi helps cross-disciplinary teams improve the security user experience and develop cyber-resilient systems. With a background in communication, she helps distill complex topics into real-world action for cybersecurity and business leaders alike.
Dr. Georgianna Shea – Chief Technologist, Foundation for Defense of Democracies (FDD)
Dr. Shea holds a Ph.D. in cybersecurity policy and leads the Transformative Cyber Innovation Lab at FDD. With over 20 years advising the Department of Defense and national security leaders, she specializes in AI security and post-quantum cryptography, helping shape U.S. cyber resilience strategies.
Mike Remedios – Chief Technology Officer, MyRiva
Dr. Remedios has more than 20 years of leadership in travel, fintech, and e-commerce technology. He has served as CTO of Onriva and President of iCARS, where he drove large-scale AI transformation in global travel systems. He holds a Ph.D. and is known for building innovative, secure, and scalable platforms across industries.
Sajeev Prelis – Executive Vice President of Technical Sales, CyberGuard Advantage
Sajeev brings over 15 years of expertise in IT risk management and compliance. With a background in Information Systems and Business, he has helped Fortune 500 firms navigate SOC 2, ISO, and PCI audits. He is recognized for bridging technical security with regulatory frameworks.
Justin Hatcher – Chief Technology Officer, Rixon Technology
Justin has more than 20 years of experience in fintech, AI, and cryptography. He holds advanced degrees in statistics and computer science and is pursuing a Ph.D. focused on quantum-resistant cybersecurity. At Rixon, he leads development of the company’s patented vaultless tokenization platform, designed to protect organizations against both current and quantum-era threats.
What Keeps Experts Up at Night
Host Heidi Trost wasted no time asking the panel to share their biggest fears about the post-quantum future.
Dr. Georgianna Shea said, “What worries me most about that period is that we will not be prepared for it… All encryption will be broken. No secrets, no passwords, no encryption. Everything will be out there. That is going to be catastrophic.”
She reminded the group that in The Terminator, the rise of the machines was set in 2029. Combine AI with quantum, she warned, and that timeline looks uncomfortably on track.
Mike Remedios followed with a nod to Back to the Future: “Do not hang from a clock waiting for lightning to strike you with your flux capacitor rigged up to get back to the future. Because it might never strike when you want it to. But it probably will hit you when you are not ready. So get ready now.”
His real concern was the dangerous combination of AI and quantum: “You will not know who you are talking to. You will not know what to believe on the internet. Think about what that means when computers are talking to other computers in medical systems, national defense, or commerce.”
For Sajeev Prelis, the issue is false confidence: “Compliance standards are minimum standards. Security has to be much higher. My biggest fear is that most organizations are not ready, and many have a false sense of security.”
And Justin Hatcher delivered the line that has kept many a CISO up at night: “What worries me most about quantum and post-quantum is the threat of Harvest Now, Decrypt Later.”
In other words, attackers may already be storing encrypted data today, waiting to crack it when quantum computing matures. That means the threat is not just about the future. It is about every piece of encrypted data ever stored.
Why “Harder Math” Will Not Save Us
For decades, security has meant stronger math. Bigger keys. Harder algorithms. But Dr. Shea explained why that mindset cannot keep up:
“Encryption is math… My concern is: what is to stop the discovery of a new algorithm that can break even harder math? That is why I say: take the math out.”
She pointed to Shor’s Algorithm (created in the 1990s) as proof that shortcuts keep appearing. Even when experts thought computers would plateau, exponential growth surprised everyone. (MIT Tech Review on Shor’s Algorithm)
That is why solutions like vaultless tokenization matter. Instead of trying to out-math quantum computers, tokenization changes the game entirely. A stolen token is just a meaningless placeholder. No algorithm can “crack” randomization.
Or as Justin put it: “If there is no sensitive data in the system, there is nothing to decrypt; quantum or otherwise.” (Rixon’s Data Tokenization)
When we say, “take the math out,” we do not mean there is no logic or computation happening in the system. What we mean is that our security does not depend on unsolved math problems (like factoring primes, elliptic curves, or lattice equations) staying unbroken. Traditional cryptography assumes attackers cannot solve these equations fast enough. By contrast, vaultless tokenization shifts security away from mathematical probability and toward policy-driven control. Instead of protecting data with a code that might one day be cracked, Rixon protects it by making the data structurally unusable without authorized reassembly. Access is governed by rules: who can detokenize, when, where, and under what conditions.
Even if quantum computing breaks every known encryption method, pseudonymized data remains meaningless without the right policies and stakeholder approvals. Think of it like taking your valuables to a pawn shop. You hand them your items, and they give you a claim ticket — a token. To anyone else, that ticket is meaningless. If a stranger finds it and tries to redeem it, they are stopped because they do not have the proper ID or authorization. Only the person with the right proof of identity and the claim ticket can retrieve the valuables.
That is how vaultless tokenization works. A token by itself has no value and cannot be reversed back into sensitive data. Security does not come from the difficulty of solving math, but from the rules of who is allowed to redeem and reconstruct the original information. This makes the system resilient, even in a world where encryption locks can be cracked, the tokens remain useless without the right identity, consent, and policies in place. That’s the essence of resilience. Instead of betting on math staying hard, we make the data itself unusable without the rules, policies, and stakeholder approvals that govern how it can be reassembled.
The Compliance Trap
So, if math is not enough, maybe compliance is the answer? Not so fast.
“Certification is not the goal. The goal is data integrity,” said Mike Remedios.
Sajeev agreed: “Compliance should be a by-product of your overall security posture, not the end goal.”
Frameworks like SOC 2 and ISO matter, but they lag behind real threats. Worse, budgets often flow to what is urgent today, not to invisible risks like quantum. That creates the perfect storm of under-preparation.
Mike offered a memorable analogy: “You cannot try to beat the hare by being the hare. The real question is: how do we change the game?”
Learn more about ISO/IEC standards on post-quantum security.
Quantum Survivability and Tokenization
When it came time to talk solutions, Justin outlined what “quantum survivability” really means.
“Switching to quantum-safe cryptography is not the full answer. Tokenization is an essential part of quantum survivability… The best protection against quantum threats is not just stronger math. It is minimizing the sensitive data you store in the first place and doing so as soon as possible. Tokenize today and survive tomorrow.”
He gave a simple example: “Take a PCI use case: a credit card number. Tokenization replaces that number with another 16-digit number, format-preserving, randomized, and swapped in place. The replacement is not cryptography. It is randomization.”
Mike backed him up from a customer perspective: “I have been a customer of Justin’s solution in two companies. It is flawless, scalable, and lightning fast. There is no reverse function for detokenizing. It is not knowable by a quantum machine.”
Traditional encryption assumes that attackers cannot solve certain math problems fast enough. That is why organizations scramble to adopt “quantum-safe” algorithms every time a new mathematical shortcut or computational leap appears. Rixon takes a different approach. Vaultless tokenization does not depend on the probability of math holding up, it depends on making data structurally unusable without the policies and authorizations defined by the client.
This means security is rooted in controlled reconstruction, not computational difficulty. Even if attackers captured every token, they would not have the rules, the approvals, or the governance to reassemble the original data. In practice, this shifts the foundation of security from math-based secrecy to policy-based access, something attackers cannot brute force with quantum computing.
That design, lightweight, vaultless and impossible to reverse, makes tokenization uniquely suited for the quantum era.
By removing sensitive data from the system entirely, vaultless tokenization not only strengthens security, but also aligns with established protection frameworks such as PCI DSS.
Read more about PCI DSS requirements on the PCI Security Standards Council site.
The Human Factor: Why Waiting Will Not Work
Of course, even the best solutions face the hardest obstacle of all: human nature.
Budgets are limited. Boards ask for immediate ROI. Leaders say, “We will wait until someone else gets hit first.”
But as the panelists agreed that strategy is just hope. And hope is not a plan.
Dr. Shea warned: “Once encryption is broken, they have been compromised. It will be catastrophic.”
Justin added: “It is not just going to hit the big brands on the front lines. It is going to hit everyone who is not prepared—all at once.”
Sajeev closed the thought: “Wait and see is not a strategy. It is just hope. Hope that someone else gets hit first so you can learn from their mistake. But in the meantime, the ones who do get hit go out of business, or worse.”
Key Takeaways
The panel may have kept score with movie references, but their lessons were serious.
- Quantum is coming soon. No one knows when, but waiting is not an option.
- Compliance does not equal security. Certifications alone will not protect against quantum.
- Vaultless tokenization changes the game. By removing sensitive data altogether, you take quantum out of the fight.
- Human nature is the real risk. Delaying action leaves organizations exposed to both present and future threats.
Or as Justin said best: “Tokenize today and survive tomorrow.”
FAQ: Post-Quantum Security and Tokenization
It is a strategy where attackers steal encrypted data today and store it until quantum computers are powerful enough to break it. That means even your old, encrypted data could be at risk in the future.
Because quantum computers are designed to break math problems faster. Bigger keys only delay the inevitable.
Encryption scrambles data using algorithms that can eventually be solved. Tokenization
replaces data with random, non-reversible tokens. Vaultless tokenization goes further —
with no keys, no vaults, and no math to break. A stolen token has no value, no matter what
the attacker’s computing power.
Compliance frameworks like SOC 2 or ISO are important, but they lag behind real-world threats. Passing an audit does not mean your systems are safe from quantum risks.
Start reducing exposure. That means adopting vaultless tokenization to minimize the
sensitive data you store today — before quantum arrives. Do not wait for a new algorithm;
resilience means removing the math from the fight.
Final Thoughts
The “quantum apocalypse” may sound like a joke—or a sci-fi movie—but it is a serious challenge that will redefine cybersecurity.
Cybercrime is not just a nuisance; it’s a survival risk. According to the SBA, 41% of small businesses were attacked in 2023, with the average incident costing $8,300. That kind of hit can sink a business fast.
Encryption’s Achilles’ heel has always been its reliance on mathematical assumptions that may not hold up against faster algorithms, AI-driven attacks, or quantum computing. By decoupling security from math altogether, Rixon ensures that even in a future where all encryption is broken, the data remains meaningless without the policies and multi-party consent required to reassemble it.
Vaultless tokenization works more like a pawn shop. The data becomes a claim ticket: meaningless to anyone who finds it, because only the person with the right identity and authorization can ever redeem it. Security is no longer about hoping math holds up; it’s about ensuring that only the right people, under the right conditions, can ever reconstruct the original information.
By thinking differently, moving beyond math, and embracing vaultless tokenization, organizations can prepare for the quantum future and strengthen their defenses today.
Connect with us today and explore how Rixon’s vaultless tokenization can safeguard your business for the next era of computing.
The views and opinions expressed in this podcast and its transcript are those of the individual speakers and do not necessarily reflect the official policy or position of Rixon Technology or the organizations represented by the panelists. All information provided is for general informational purposes only and should not be relied upon as legal, financial, compliance, or cybersecurity advice.
Rixon Technology makes no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, or suitability of the information discussed. Any reliance placed on such information is strictly at your own risk.
References to specific technologies, standards, or organizations are for illustrative purposes only and do not constitute endorsements. Any forward-looking statements (including timelines for quantum computing, encryption resilience, or technology adoption) are based on current assumptions and are subject to change without notice.
All proprietary concepts, including but not limited to Rixon Technology’s vaultless tokenization and Zero Data Architecture, are protected under applicable intellectual property laws globally. Unauthorized use, reproduction, or distribution of this content is prohibited.
By accessing this podcast or transcript, you acknowledge and agree that neither Rixon Technology nor any panelist or affiliated organization shall be held liable for any loss or damage arising from the use of, or reliance on, the information presented.
© 2025 Rixon Technology. All rights reserved.
