Nation-states are recording your encrypted traffic today to decrypt it once quantum hardware matures.
See what breaks before your auditor asks. PQHorizon builds a defensible cryptographic inventory and maps every finding to the NIST PQ migration standards — before your 2029 deadline turns into a fire drill.
Run a real PQ-readiness check on any public domain.
A live TLS handshake from our server. No agents, no credentials, no fabricated findings — just what's negotiable over the public internet, mapped to NIST migration guidance.
The free preview inspects only publicly reachable TLS on port 443. No authenticated access is performed, and no scan data is stored.
What a full scan also surfaces
The free preview is public TLS only. A full PQHorizon scan covers your whole crypto footprint with continuous monitoring for drift.
GitHub / GitLab read-only scan for RSA/ECC usage, hard-coded keys, and pinned-but-classical TLS clients.
OpenSSL, BoringSSL, libsodium, JCE providers — flagged by version against PQ-capable releases.
AWS KMS, Azure Key Vault, GCP CMEK. Inventory of key algorithms, cert templates, and ACM/Let's Encrypt usage.
Long-lived data exposure track: which datasets remain confidential past 2030 and rely on classical KEX in transit.
A defensible inventory, not a hype deck.
One read-only scan maps your full cryptographic footprint: TLS endpoints, certs, repos, dependencies, and cloud KMS.
Every finding is mapped to NIST FIPS 203/204 and CNSA 2.0 timelines, with a replacement priority — not a 200-page PDF.
Continuous monitoring catches new certs, repos, and dependencies as they ship. Not a one-time snapshot.
Book your full cryptographic inventory.
We'll reach out within one business day to scope a read-only scan across your repos, dependencies, and cloud KMS.