In a world rapidly evolving toward quantum computing, enterprise security strategies must evolve just as quickly. At the heart of this evolution lies a simple, yet critical question:
“Do you know what cryptography your business depends on today?”
For most organizations, the answer is: not completely.
As quantum computing threatens to break today’s public-key cryptography, and as regulatory frameworks like NIST’s PQC guidance push toward more resilient systems, the ability to discover, analyze, and plan for cryptographic transition is no longer optional. It’s mission-critical.
We’re excited to share that with the latest release of IBM Quantum Safe Explorer, clients running on Z-Linux platforms—including IBM LinuxONE—can now take full advantage of Quantum Safe Explorer via Command Line Interface (CLI). This new capability brings quantum-safe visibility directly to where mission-critical workloads live.
Meet IBM Quantum Safe Explorer
IBM Quantum Safe Explorer is a lightweight, developer-friendly tool that helps identify and analyze cryptographic elements in your application code, APIs, and environments. Its goal is to accelerate your cryptographic inventory process and assess quantum readiness.
Figure 1 IBM Quantum Safe Explorer architecture
This powerful tool is designed to help cryptographic assets—such as algorithms, keys, certificates, and libraries—map their usage across applications and infrastructure, generate Cryptographic Bills of Materials (CBOMs), and assess cryptographic risk posture in preparation for quantum-safe transitions.
It empowers security architects and compliance leaders to answer foundational questions that are critical to quantum readiness: What cryptographic algorithms am I using? Are any of them outdated or insecure? Where are these algorithms implemented, and by which applications? How ready am I to switch to post-quantum alternatives?
With this latest release, these answers are now accessible even within Z-Linux and LinuxONE environments.
Unlocking crypto-agility with IBM Quantum Safe Explorer
In the race toward a quantum-safe future, organizations need more than just vulnerability scans—they need visibility, agility, and governance over their cryptographic landscape. IBM Quantum Safe Explorer delivers value across three levels: developers, DevSecOps leads, and the C-suite, with CBOM (Cryptographic Bill of Materials) at the center of risk management and crypto-agility as the long-term enabler.
Value delivered at two levels
1. For InfoSec and DevSecOps leads: portfolio visibility & governance
The InfoSec team gains portfolio-wide cryptographic risk visibility. The CBOM becomes the single source of truth, providing an exact inventory of cryptography for audits and compliance. It also offers severity-mapped findings for prioritizing high-risk issues (e.g., vulnerable public key usage in customer-facing services) and automated CBOM generation in every build, enabling regression tracking over time.
Dashboards track key metrics like new crypto components added, evolving risk scores, and remediation coverage across projects. This empowers DevSecOps to embed cryptographic assurance into the CI/CD pipeline with minimal disruption.
2. For Leadership & the C-Suite: translating risk into action
Executive dashboards distill technical insights into business-friendly views. Leaders can quickly assess the percentage of applications using quantum-vulnerable cryptography, the completeness of cryptographic inventories, and the prevalence of crypto-agility anti-patterns across teams. Quantum Safe Explorer equips leadership with compliance-ready documentation. The Cryptographic Bill of Materials (CBOM) and Portfolio View serve as trusted, audit-friendly evidence for regulators. These artifacts demonstrate alignment with NIST quantum-safe guidelines and anticipate future mandates—such as the U.S. federal requirement to inventory cryptography by 2025.
The result is a fundamental shift: cryptographic risk is no longer hidden. It becomes a measurable, manageable business priority.
Crypto-agility anti-patterns: what to watch for
Crypto-agility is the ability to transition algorithms system-wide, reliably and quickly. Quantum Safe Explorer identifies practices that threaten this ability, such as hard-coded algorithm versions instead of configuration-driven parameters, missing fallback logic for smooth algorithm migration, and inconsistent or ad hoc library usage across modules.
By flagging, contextualizing, and mapping these anti-patterns to code paths, our solution equips teams with a remediation roadmap—ensuring not just today’s compliance, but tomorrow’s resilience.
New CLI support for Quantum Safe Explorer on Z-Linux
With this release, we’ve introduced CLI support for Z-Linux, allowing for seamless integration into secure, highly controlled environments like those powering financial systems, public sector platforms, and other regulated workloads.
This means clients can now:
· Run cryptographic discovery natively on Z-Linux, without moving data off-platform
· Integrate QSE into CI/CD pipelines or system automation scripts
· Generate CBOMs on demand for audit, compliance, or quantum readiness planning
· Build a roadmap for replacing vulnerable cryptographic components over time
The CLI interface was purpose-built for enterprise DevOps teams, making it simple to trigger, configure, and repeat cryptographic analysis as part of ongoing processes. It’s a significant step forward in bringing crypto visibility closer to runtime environments.
Figure 2: Scan flow diagram
Figure 3: CI/CD pipelines flow
Why IBM LinuxONE 5
IBM LinuxONE provides a secure foundation for deploying IBM Quantum Safe Explorer. With IBM LinuxONE 5, businesses can future-ready their applications and data with post-quantum cryptography.
The system leverages secure boot technology, preventing bad actors from injecting malware during startup, thereby strengthening cyber resiliency and ensuring system integrity. Additionally, the Crypto Express 8S (CEX8S) hardware security module offers both classical and quantum-safe cryptographic technology, supporting use cases that demand confidentiality, integrity, and non-repudiation.
LinuxONE 5’s end-to-end cybersecurity and privacy features protect sensitive data both at rest and in use. Its integrated crypto accelerators, confidential computing capabilities, and NIST-standardized post-quantum cryptography provide a robust, quantum-resistant foundation for modern IT infrastructure.
Integration that delivers: security, compliance, agility
The integration of IBM Quantum Safe Explorer and IBM LinuxONE 5 provides several technical benefits, including:
1. Enhanced Cryptographic Analysis
Explorer’s cryptographic analysis capabilities are amplified by LinuxONE 5’s integrated crypto accelerators and confidential computing features.
2. Streamlined Risk Management
LinuxONE 5’s comprehensive cybersecurity and privacy features ensure secure deployment of Explorer, safeguarding sensitive data throughout its lifecycle.
3. Simplified Compliance
The combined solution simplifies adherence to regulatory frameworks such as PCI DSS, FIPS, GDPR, and the EU’s Digital Operations Resilience Act (DORA).
What this means for LinuxONE clients
IBM LinuxONE clients are no strangers to security and resilience. These systems are built to run the world's most sensitive workloads, with built-in encryption, hardware isolation, and high availability by design.
But even the most secure systems rely on cryptographic algorithms that are often decades old and some of these are now at risk due to advances in quantum computing. Even more concerning still, many organizations don’t know where or how those algorithms are used.
With this release, LinuxONE clients can now perform cryptographic discovery directly on-platform, without exposing data. They gain the ability to understand algorithm dependencies early, enabling crypto-agilitybefore disruptive changes become necessary. This also enables them to proactively prepare for upcoming NIST post-quantum standards.
Additionally, the solution simplifies compliance readiness for regulations such as FIPS, GDPR, and PCI-DSS, which increasingly demand clarity and control over cryptographic assets.
In short, Quantum Safe Explorer on Z-Linux lets organizations bring cryptographic hygiene and forward-looking strategy directly into their LinuxONE environments—securely, efficiently, and at scale.
The power of unified innovation
This release was made possible through deep collaboration across IBM—from security engineering to zSystems to product strategy and research. It reflects our shared commitment to help clients navigate one of the most significant technological shifts of our time—the move to quantum-safe cryptography.
We’re especially proud that this new capability lands at a time when client awareness and urgency around quantum risk is growing. Our teams are already working closely with government and federal clients running Z-Linux platforms to showcase the value of advanced cryptographic discovery and agility tools as part of their crypto-agility and zero trust strategies.
This is just the beginning of a broader journey that includes IBM’s investment in post-quantum cryptography research, open-source contributions to crypto-agility tooling, and end-to-end IBM Quantum Safe portfolio integration.
Quantum computing isn’t a distant future. It’s a rapidly approaching present. The cryptographic standards that secure today’s banking systems, government data, and cloud services will soon face unprecedented threats. With this latest release, IBM is helping clients meet those challenges head-on—with the tools, clarity, and confidence they need to take action.
Start with visibility. Build toward agility. Prepare for what’s next.
IBM Quantum Safe Explorer 2.2.3.2 with Z-Linux CLI support is now available for download via Passport Advantage.
To explore how this capability fits into your infrastructure, access the User Guide, Data Sheet, or visit ibm.com/products/guardium-quantum-safe for more details. Our team is ready to support hands-on walkthroughs and help you take the next step toward quantum-safe readiness.