We have been building a platform that analyzes quantum-vulnerable cryptography across four layers:
Source code parses ASTs to find RSA, ECC, DH, and weak symmetric algorithms and generates fix suggestions pointing to NIST PQC replacements (ML-KEM, ML-DSA, SLH-DSA)
Binaries disassembles PE, ELF, and Mach-O files to detect crypto patterns without source access
Network endpoints probes TLS/SSH to identify deprecated cipher suites and whether the endpoint supports hybrid post-quantum key exchange
Certificates checks signature algorithms and key parameters against post-quantum readiness criteria
Binary, network, and certificate results roll into a unified quantum risk score (0 to 100) so you can prioritize remediation.
NIST finalized FIPS 203/204/205 in August 2024. CNSA 2.0 is setting transition timelines. The practical challenge for most organizations is just finding where RSA and ECC are buried across a large codebase, third-party binaries, and infrastructure.
Free trial at cerebion.com. Happy to discuss the detection approach or the scoring model.