Akamai Enables Post-Quantum Cryptography on the Edge

Jan Schaumann

Sep 03, 2025

Jan Schaumann

Jan Schaumann

Written by

Jan Schaumann

Jan Schaumann, Chief Information Security Architect at Akamai, has more than 20 years of experience building and securing high-availability services at internet scale. At Akamai, he launched our bug bounty program, works with the Architecture Group on a range of company-wide initiatives, represents InfoSec in the Open Source Working Group, and leads the internal Cryptography Group, among other initiatives. His research interests cover the overall health of the internet, as well as the safety and privacy of its users.

Share

Akamai is pleased to announce support for post-quantum cryptography (PQC) on the Akamai edge. This capability allows customers to opt into support of the Transport Layer Security (TLS) version 1.3 hybrid key group X25519MLKEM768 based on the U.S. National Institute of Standards and Technology (NIST) FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) standard.

The feature will be available to all Akamai Ion and Akamai Dynamic Site Accelerator customers (on Enhanced TLS) at no additional cost.

Protect data to the maximum extent

Most modern browsers, including Google Chrome and Mozilla Firefox, already support this key group by default and will immediately begin negotiating it once the feature is enabled. Clients that do not yet support PQC will transparently — and without any performance overhead — negotiate the classic key groups just as before.

This feature is independent of the post-quantum cryptography to origin capability we introduced on June 30, 2025. Customers are encouraged to opt into both features to protect their users' data to the maximum extent.

As we outlined in a previous blog post, we are looking to complete the PQC update for the final leg (Akamai-to-Akamai connections) transparently across all of Akamai’s networks between Q4 2025 and Q1 2026.

To ensure that all client connections to Akamai's edge can be quantum safe, we plan on enabling PQC by default for all Enhanced TLS customers in Q1 2026. Until then, please contact your Akamai account team to enable this feature, and read this TechDocs article for more details.

Stay tuned

Over the last few months, we have been providing a number of updates in a series of blog posts on our adoption of PQC. For more updates on our post-quantum journey and to learn more about ongoing developments in the field of PQC, stay tuned for our next blog posts.

Jan Schaumann

Sep 03, 2025

Jan Schaumann

Jan Schaumann

Written by

Jan Schaumann

Jan Schaumann, Chief Information Security Architect at Akamai, has more than 20 years of experience building and securing high-availability services at internet scale. At Akamai, he launched our bug bounty program, works with the Architecture Group on a range of company-wide initiatives, represents InfoSec in the Open Source Working Group, and leads the internal Cryptography Group, among other initiatives. His research interests cover the overall health of the internet, as well as the safety and privacy of its users.

Tags

Share

Related Blog Posts

Cloud
Is Network Security Still a Thing in the Age of Public Cloud?
February 27, 2024
Akamai Guardicore Segmentation is extending its segmentation capabilities to hybrid cloud environments.
Security
Feature Spotlight: Kubernetes Enforcement
February 02, 2023
Akamai’s new enforcement capabilities for K8s environments provides segmentation for applications and blocks lateral movement to, from, and inside K8s clusters.
Security
Segmenting Hybrid Clouds: What to Look for in a Solution
November 19, 2024
Learn how to select a microsegmentation solution to fortify your organization’s cloud security strategies and protect your assets across multiple public clouds.