MICKAI
Article · 19 June 2026

Harvest-Now-Decrypt-Later Already Has Your 2026 Logs

The adversary's archive is filling while you debate timelines.

Harvest-Now-Decrypt-Later Already Has Your 2026 Logs
Author
Micky Irons
Published
19 June 2026
Follow Micky Irons
LinkedInX
post-quantumai securityharvest now decrypt laterdata provenancesovereign ai

There is a comfortable lie circulating in boardrooms and security committees right now. It says quantum risk is a problem for the end of the decade, something to cost in a future budget cycle, slotted behind the migrations that already have owners. I want to take that lie apart, because the timing is precisely backwards. The clock that matters did not start when a cryptographically relevant quantum machine arrives. It started the moment your data left your perimeter in a form an adversary could keep.

The mechanism has an ugly, honest name: harvest now, decrypt later. Capture encrypted traffic and stored ciphertext today, sit on it, and decrypt it the day the mathematics becomes cheap. It is not speculative. It is the most rational strategy any well-funded intelligence operation could run, because storage is nearly free and patience costs nothing. The question worth asking is not whether the harvesting happens. It is what, specifically, is being harvested, and how long it stays valuable.

The question nobody asks: how long is your data dangerous?

Encryption buys you time, not permanence. Every encrypted record has a shelf life, the window during which its confidentiality still matters. A one-time login token is dangerous for minutes. A press release is never dangerous at all. But a great deal of what organisations now generate is dangerous for years, and a growing slice of it is dangerous for a decade or more.

Here is the calculation that should keep a chief information security officer awake. Take the retention period your regulators impose. Add the years until a cryptographically relevant quantum computer is plausibly in the hands of a state actor. If the first number is larger than the gap to the second, your confidentiality deadline has already passed. You simply have not been told yet. For long-retention data captured today, the sum almost always lands on the wrong side of the line.

A vast void-black underworld archive lit by satin gold, endless shelves of sealed scrolls receding into darkness, a hooded figure cataloguing copies as they pass a glowing gate
Hades does not break the seal. He files the scroll, and waits for the key to be forged.

The new harvest target is not your VPN, it is your AI

The harvest-now-decrypt-later conversation was written for an older internet, one of email, file transfers and virtual private network tunnels. That framing is a decade out of date, and it is letting the richest target in the building walk past the threat model unexamined. The richest target is the record your AI systems produce.

Think about what an inference log actually contains. The prompt is a verbatim statement of intent, often pasted in full from a confidential document, a patient note, a deal memo, a piece of source code, a legal position. The output is the model reasoning over that material. The metadata reveals who asked, when, about what, and how often. This is not exhaust. It is the most concentrated, most context-rich corpus your organisation has ever generated, and in regulated industries you are required to keep it.

That is the heart of the harvest-now-decrypt-later AI logs problem. Finance, healthcare, defence, law and pharmaceuticals all sit under retention mandates measured in years. The very compliance regimes that demand you keep these logs are the regimes that guarantee an adversary, having harvested them today, will still find them lethal when the decryption arrives. You are mandated to build the archive. You are not mandated to make it quantum-durable, and almost nobody has.

Why this is harder than rotating a certificate

When people hear post-quantum, they reach for the familiar reflex of certificate rotation. Swap the algorithm at the transport layer, reissue the keys, move on. That reflex protects the future. It does nothing for the past, and the past is where your ten-year logs live.

There is a deeper trap in the AI case. Inference data is not a tidy stream of transport-layer sessions. It is scattered across log stores, vector databases, fine-tuning corpora, evaluation sets, observability pipelines and backups that were copied to three regions before anyone thought to ask where they went. Each copy is an independent harvest opportunity. You cannot rotate a key to recall a copy already siphoned off a replica you forgot existed.

You cannot un-harvest what has already left your perimeter. Confidentiality is the one security property you do not get to retry.

Micky Irons

Accept the loss you have already taken

I am going to say the uncomfortable thing plainly, because pretending otherwise is how organisations waste the next two years. For long-retention data already in circulation, the confidentiality battle is partly lost. Some of your 2026 inference logs are, in all probability, already sitting in an adversary's archive in encrypted form, waiting. No purchase order you sign next quarter changes that. The scrolls are already copied.

This is not a counsel of despair. It is the opposite. Once you accept that confidentiality of the already-harvested record cannot be clawed back, you stop spending energy on the part of the problem that is finished, and you concentrate everything on the part still entirely within your control. That part is the integrity and the provenance of the record going forward.

Integrity and provenance are still on the table

Here is the distinction that reframes the whole exercise. Confidentiality answers can someone read this. Integrity answers can someone alter this without detection. Provenance answers can someone forge this and pass it off as genuine. The harvester wins the first contest the day the maths breaks. The second and third are different fights, and they are fights you can still win, decisively, today.

Consider what an adversary does with a harvested archive once decryption is cheap. Reading it is the obvious move. The more dangerous move is using it as a template: to fabricate records that never existed, to alter a sealed log, to manufacture a prompt history that frames a person or a company, then to present the forgery as your own authentic data. If your records carry no quantum-durable proof of integrity and origin, you have no defensible way to say this is real and that is fake. In a contested environment, that evidentiary collapse is worse than the original exposure.

A single sealed scroll under a beam of satin gold light, the wax seal stamped with a cryptographic glyph, void black surroundings, the seal glowing as if it cannot be counterfeited
The harvester can keep the copy. He cannot forge the seal, and the seal is the whole point.

What a quantum-durable record actually requires

Making the integrity of a record durable against a quantum adversary is not vague aspiration. It is a concrete set of properties, and they are achievable now with standardised tools. The work is to bind every consequential action to a proof that survives the arrival of the machine that breaks today's signatures.

  • A post-quantum digital signature on every record, so its integrity and origin can be verified with mathematics that a quantum computer does not unravel. Mickai seals every consequential action into an Open Audit Record under FIPS 204, the ML-DSA-65 lattice signature standard.
  • Tamper-evidence by construction, so any later alteration of a sealed record is detectable rather than deniable.
  • Provenance you can prove to a third party, so authenticity does not rest on your own word but on a signature anyone can check.
  • An anchor outside your own systems, so the timeline of the record cannot be quietly rewritten. Ours is Pantheon, our sovereign Bitcoin-anchored Layer 1.
  • Local custody of the keys and the data, so the high-value corpus is never handed to a third party whose breach becomes your breach.

None of this resurrects confidentiality on data already harvested. That is the point. It accepts the loss you cannot reverse and it forecloses the second-order attacks you still can: the forgery, the tampering, the quiet rewrite of history that a decrypted archive makes possible.

Why I built Mickai around this premise

This thinking is not bolted onto Mickai. It is the spine of it. Mickai is a Sovereign Intelligence Operating System, fifty specialised brains that run on the operator's own hardware, fully offline-capable. The reason that architecture matters to the harvest problem is direct. If your inference never leaves your machine, the perimeter an adversary has to breach to harvest the prompt and the output is your physical premises, not a shared cloud endpoint that aggregates a thousand tenants into one irresistible target.

On top of that local substrate, every consequential action is sealed into a post-quantum Open Audit Record under FIPS 204 ML-DSA-65, anchored to Pantheon. The confidentiality of what you do stays on your hardware. The integrity and provenance of what you did becomes mathematically durable the moment it happens, not in a migration project scheduled for some later year when the threat has already cashed out. The protection is contemporaneous with the risk, which is the only timing that works.

We hold 101 filed UK patent applications, around 2,234 claims, and a meaningful share of them describe exactly this machinery: the sealing, the anchoring, the sovereign substrate. We are opening a 30 million pound PAN token round to scale it, because the window to make the next decade of records durable is open now and narrowing.

The gate of the underworld archive rendered in void black and satin gold, a stream of glowing scrolls passing through, each stamped with a lattice-pattern seal as it crosses, a watchful figure logging every one
Every scroll that crosses our gate is sealed in the crossing. The copy in the dark is already obsolete.
Hades in the underworld archive, silently filing copies of every sealed scroll that passes the gate, waiting for a key that has not yet been forged.
The pantheon holds the line.

The move for the next ninety days

Strip away the philosophy and a sequence remains that any serious organisation can start this quarter. It does not require waiting for a standards body, a vendor roadmap or a quantum announcement. It requires deciding that the record going forward is worth making durable.

  • Inventory your long-retention data, especially AI inference logs, prompts and outputs, and write down the actual retention period for each. That number is your real deadline.
  • Accept, in writing, that confidentiality on already-harvested long-retention data is not recoverable, and stop budgeting as if it is.
  • Move new high-value records under a post-quantum integrity and provenance seal now, so every record created from today carries durable proof.
  • Pull your highest-sensitivity inference off shared endpoints and onto hardware you control, shrinking the harvest surface.
  • Anchor the record's timeline outside your own systems so its history cannot be quietly rewritten after the fact.

That is not a five-year programme. It is a decision about whether the things you do this year can be proven authentic in the year the archive is finally opened.

The seal is forged before the key is

Hades was never in a hurry. He did not need to read the scrolls the day they crossed his gate. He filed the copies, patient and unbothered, certain the key would be forged eventually and the archive would still be there when it was. That is the adversary you actually face, and arguing about timelines is exactly the delay he is counting on.

So stop debating when the key arrives. You cannot control that, and you cannot un-harvest what is already filed in the dark. Control the seal instead. Make every record from this moment carry a proof no future key can counterfeit, and the harvest in the underworld becomes a vault of obsolete copies. The key, when it comes, opens nothing that can still hurt you.

ShareLinkedInXHacker NewsRedditMastodonBlueskyEmail
Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/harvest-now-decrypt-later-already-has-your-2026-logs. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
19 Jun 2026
Digital Independence Is Earned at Execution, Not Declared
I keep reading governments declare digital sovereignty in strategy documents while their keys, weights and logs sit offshore. Independence is not a press release with a flag on it. It is earned at execution, on owned hardware, under owned keys, every single time.
19 Jun 2026
The Depreciation Schedule for a Model You Own
I keep asking finance directors what they own after five years of a cloud AI subscription. The honest answer is nothing. Here is why an owned, sealed, auditable model belongs on the balance sheet, and a rental never will.
19 Jun 2026
Watts Per Decision: The Energy Envelope of Sovereign AI
I think the joule is the number frontier labs work hardest to hide. I argue watts per decision is the honest unit of regulated AI, and that sealing the energy a decision drew into the audit record is itself a sovereignty claim.
19 Jun 2026
The Real Total Cost of Renting Intelligence
I have read enough cloud AI invoices to know the headline rate is the smallest number on the page. Here I cost the egress, the missing audit record and the migration you cannot afford, and I show why ownership wins.
See all articles →