Docs / Security & PQC / PQC Basics and What Is Active Today

PQC Basics and What Is Active Today

Published · Last updated: May 2026 · 2 min read

Section: KB-11 Security, Compliance, and PQC Article ID: KB-11-03 Status: published Last validated: 3 May 2026

Who this is for

  • Users who want to understand CloudAIPilot post-quantum protection in practical terms
  • Teams validating security posture before production onboarding
  • Operators troubleshooting server Security tab PQC status

What this article covers

  1. What post-quantum protection means in CloudAIPilot today
  2. Where users can see and manage PQC status
  3. Which states and actions exist in the Security tab
  4. What to do when PQC is not active

What is active today

CloudAIPilot provides a post-quantum control channel between platform and server agent. In the product UI, this is managed per server from:

  • Servers -> Server Detail -> Security tab

The Security tab explicitly supports:

  • Activate Post-Quantum Encryption
  • Rotate Keys
  • Regenerate Install Command
  • Re-run End-to-End Check (when already active)

Security tab statuses

The UI maps server state into five status levels:

  1. Post-quantum encryption active
  2. Classical fallback
  3. Pending key registration
  4. Agent not installed
  5. Platform channel disabled

These statuses are visible directly in the Security tab banner and detail rows.

Activation flow in plain language

When a user clicks Activate Post-Quantum Encryption:

  1. CloudAIPilot starts a background activation process.
  2. Activity Center shows a progress timeline (pqc_activate process type).
  3. The platform installs or verifies the agent path, then waits for post-quantum heartbeat registration.
  4. Security tab status updates once registration and verification complete.

Typical user-facing expectation is around 1-3 minutes for activation in normal conditions.

Key rotation behavior

Rotate Keys from Security tab does the following:

  1. Revokes current key material for that server agent path.
  2. Generates fresh install/registration command flow.
  3. Lets users complete re-registration and verify new status from the same Security tab.

Use key rotation for:

  • routine scheduled key hygiene
  • incident response after suspected compromise
  • post-restore or recovery scenarios where trust is uncertain

What users should do when PQC is not active

If status is not active:

  1. Open Security tab on the server.
  2. Run Activate Post-Quantum Encryption.
  3. Watch Activity Center progress.
  4. Refresh Security tab and confirm active status.

If status still shows fallback or disabled, use Rotate Keys and repeat verification.

Important operational notes

  • Security tab is the canonical UI for PQC status and controls.
  • Per-server disable is not a normal user operation in this flow.
  • If platform channel is disabled, server-level keys can exist while channel stays classical until platform setting is enabled.

Manual verification checklist

  1. Open one production-bound server.
  2. Go to Security tab.
  3. Confirm status banner.
  4. Confirm detail fields (key ID, protocol version, heartbeat, last transport).
  5. If inactive, run activation and verify completion in Activity Center.

Related articles

  • ../KB-02-servers/02-07-server-detail-tabs.md
  • ../KB-02-servers/02-02-provision-new-server.md
  • ../KB-01-cloud-accounts/01-05-verify-permissions-iam.md
  • ../KB-00-getting-started/00-08-quickstart-first-success-in-20-minutes.md