Amid growing warnings from cybersecurity analysts about the looming threat of quantum decryption, ImmuniWeb has released a free online tool that checks whether websites are protected by post-quantum cryptography (PQC).
The tool analyzes SSL/TLS configurations and verifies their compliance with the latest quantum-resilient encryption standards from NIST. It also checks for adherence to PCI DSS, HIPAA, and other NIST cryptographic requirements.
Available via both web interface and API, the tool is aimed at organisations looking to assess their preparedness for quantum-era threats. The tool is designed to simplify PQC readiness checks for organisations of all sizes, integrating into CI/CD pipelines via API for automated scanning.
SSL Security Test
In Q2 2025, only 10.63% of tested systems were compliant with NIST standards
ImmuniWeb’s SSL Security Test has performed over 173 million scans, with more than 56,000 tests conducted in the last 24 hours alone. In Q2 2025, only 10.63% of tested systems were compliant with NIST standards — highlighting a widespread gap in cryptographic readiness for post-quantum security.
While 72.32% of systems received an “A” grade for SSL/TLS security, strong grades do not always translate into compliance: just 60.81% met PCI DSS requirements.
Quantum threats
Gartner named Post-Quantum Cryptography (PQC) a top strategic technology trend for 2025 and urged organisations to start transitioning to PQC without further delay, citing lack of vendors’ preparedness and lack of organisational knowledge in dealing with PQC as the key obstacles on the way to PQC migration.
These “Harvest Now, Decrypt Later” attacks represent a comparatively novel threat, where cybercriminals collect highly sensitive encrypted data — which cannot currently be decrypted using modern technologies — and wait until quantum computing becomes powerful enough to break the encryption.
Earlier this year, Forrester backed Gartner’s concerns over PQC unreadiness and risks, estimating that current encryption will become vulnerable in 10 years from now, while emphasising that this could happen much faster.
Quantum-resistant encryption
Just 38% of TLS traffic currently supports some forms of quantum-resistant encryption
According to Cloudflare, just 38% of TLS traffic currently supports some forms of quantum-resistant encryption—a figure that varies significantly by region.
Cloudflare also noted that in some European countries, the adoption of quantum-resilient encryption was comparatively better.
Governments and agencies, including the European Commission, the UK National Cyber Security Center and the US Department of Homeland Security, have issued frameworks urging immediate planning for PQC migration.
Risks of quantum attacks
Dr. Ilia Kolochenko, Chief Architect & CEO at ImmuniWeb, emphasised the urgency: “Many large organisations around the globe still seriously underestimate the risks of quantum attacks. First, with the Harvest-Now, Decrypt-Later attacks – already being deployed by both organised cybercrime and nation-state hackers – your data may already be at risk of a guaranteed compromise in the near future.”
“Second, although powerful quantum computers will quite unlikely become readily available to cyber-threat actors upon their creation, many vendors and organisations are totally unprepared for a rapid migration to post-quantum cryptography. Worse, some devices and business-critical systems simply do not support PQC and shall be replaced.”
Large-scale testing data
He also pointed to ImmuniWeb’s large-scale testing data: “According to ImmuniWeb’s statistics, based on over 100,000,000 tested SSL/TLS servers, millions of servers around the globe still rely on the SSLv3 protocol, which has been deprecated for over a decade. This is a telling illustration that PQC migration will likely take even longer. Therefore, it is dispositive to commence your PQC migration planning and implementation now.”
On the release of the tool, Dr. Kolochenko added: “Today, we are delighted to offer a simple and efficient solution to organisations of all sizes to reliably verify their PQC preparedness with our free online SSL/TLS testing tool. It can be accessed either online with a user-friendly web interface or via an API for DevSecOps and CI/CD automation.”
Protection against AI bots
ImmuniWeb also recently added a feature to check websites for protection against AI bots, including detection of anti-bot systems, firewalls, and “robots.txt” configuration. The tool helps organisations guard against unauthorised scraping by AI companies and data-harvesting bots.
Understand how AI can transform business security strategies with our insights and analysis on AI in security.
