By ByteBot
Microsoft announced at Build 2026 that it has moved its commercial quantum computing target from 2035 to 2029. The announcement is being met with significant skepticism from physicists — one researcher called it “massive PR bullsh*t.” That skepticism is probably warranted. The 2029 deadline, however, is not coming from Microsoft alone, and that is the part developers need to pay attention to.
What Microsoft Majorana 2 Actually Built
Majorana 2 is Microsoft’s second-generation topological quantum chip, using an approach to qubit design that promises error protection baked into the physics of the material rather than applied as software correction. The headline claim: qubits with mean coherence times of 20 seconds, roughly 1,000 times longer than the previous generation. The improvement comes from replacing the chip’s aluminum superconductor with lead and redesigning the semiconductor active region using indium arsenide compounds. Microsoft says the chip was designed atom by atom using its Discovery agentic AI platform.
However, the caveats are significant. Majorana 2 has 12 qubits. Practical quantum computers capable of threatening current encryption need millions. The preprint describing the chip has not undergone peer review. Furthermore, this is not Microsoft’s first claim about topological qubits — and the scientific track record here matters.
Why Physicists Are Not Buying the Quantum Claims
Henry Legg, a physicist at the University of St Andrews, was blunt. Scientific American and Science News both quoted his assessment: “massive PR bullsh*t.” His specific objection has technical teeth: a genuine qubit requires two complementary measurement types — Z-basis and X-basis. Microsoft published only Z measurements. Without both, what they have demonstrated is a long-lived parity state in a superconducting wire, which is a legitimate materials science achievement but is not a qubit in any meaningful quantum computing sense.
The history adds necessary context. In 2021, Microsoft retracted a high-profile Nature paper on topological qubits after outside reviewers found that the measurement signatures could come from Andreev bound states — trivial material imperfections — rather than true Majorana fermions. The same ambiguity has followed every subsequent announcement. The physics community is not being reflexively cynical; they are applying the same test Microsoft has so far been unable to pass.
Why 2029 Is Still Your Quantum Deadline
Here is the problem with dismissing Majorana 2’s hype entirely: the 2029 commercial quantum timeline does not depend on the chip’s claims being true. Google and Cloudflare have both independently set 2029 as their internal post-quantum cryptography readiness targets. IBM’s fault-tolerant quantum roadmap runs 2029 to 2033. The US government’s CNSA 2.0 mandate requires National Security Systems to begin transitioning to quantum-resistant cryptography by January 2027 — with procurement requirements already in effect.
Moreover, over 60% of TLS traffic hitting Cloudflare’s network already uses hybrid ML-KEM, the new post-quantum key exchange standard. AWS has deployed ML-KEM TLS in KMS, ACM, and Secrets Manager. Chrome and Firefox both support it in TLS 1.3. The infrastructure migration is already in progress. The question is whether your application-level cryptography is keeping pace.
What Developers Must Do Before the Quantum Threat Arrives
NIST finalized three post-quantum cryptography standards in August 2024:
- ML-KEM (FIPS 203) — replaces RSA and ECDH for key exchange
- ML-DSA (FIPS 204) — replaces ECDSA for digital signatures
- SLH-DSA (FIPS 205) — hash-based backup signature scheme
The threat model that makes this urgent before 2029 is “harvest now, decrypt later.” Adversaries are collecting encrypted traffic today and storing it to decrypt once quantum computers become available. Anything sensitive in transit right now, encrypted with RSA or ECDH, may eventually be exposed retroactively. That window is already open.
Here is a quick map of what needs to change in your stack:
| Current algorithm | Quantum-vulnerable? | Replacement |
|---|---|---|
| RSA (any key size) | Yes | ML-KEM |
| ECDH / ECDSA | Yes | ML-KEM / ML-DSA |
| AES-256 | No | No change needed |
| SHA-256 | Weakened (Grover’s) | SHA-384+ for high-security |
What cloud infrastructure handles for you: TLS key exchange and managed certificate issuance. What it does not handle: JWT signing keys, application-level encryption, code-signing certificates, and self-managed PKI. Start with an inventory of your cryptographic dependencies. Prioritize keys with long lifetimes, and deploy hybrid modes — running ECDH and ML-KEM simultaneously — before committing to pure post-quantum. AWS already supports ML-KEM TLS in its managed services; check your configurations.
US government contractors face a harder deadline. CNSA 2.0 procurement requirements take effect January 2027. FIPS 140-2 — the current cryptographic module validation standard — sunsets in September 2026. NIST’s post-quantum cryptography standards are finalized and ready. If you work in that space, the migration plan should already exist.
The Bottom Line on Majorana 2
The reasonable read on Majorana 2 is that Microsoft has made real materials science progress and is overselling it significantly. The chip hype can be set aside. The deadline cannot. When Google, Cloudflare, IBM, and the US government independently arrive at 2029 as the post-quantum readiness target, that number reflects a consensus that does not require Microsoft’s chip to be correct. The NIST standards are finalized. The libraries are available in every major language. The cloud providers are already migrating. The remaining work is on your side of the stack, and the time to start is now — not when quantum computers make the news again.
