Eight people are not coming home from Tumbler Ridge, British Columbia.

Five students. A teacher. A mother. An eleven-year-old boy.

The system that was supposed to prevent it worked.

In June 2025, OpenAI’s automated detection flagged the shooter’s account for gun violence activity and planning. A specialized safety team reviewed it. They determined the threat was credible and specific. They recommended notifying the RCMP.

Leadership overruled them.

The account was deactivated. No report was filed. The stated reason was precedent. Notifying authorities would obligate OpenAI to report every user planning real-world violence. There was also, according to at least one lawsuit filed this week, the matter of an upcoming IPO.

She opened a second account and kept planning.

On February 10, 2026, she walked into Tumbler Ridge Secondary School.

OpenAI had detection that worked. A safety team that worked.

What it did not have was a pre-defined escalation path that removed the business calculus from a life-safety decision.

The recommendation traveled upward and met a judgment call. Made by people weighing precedent and IPO optics while holding a credible threat signal. No documented control that said: when this threshold is crossed, this is what happens, regardless of business consequence. No architecture that made the right response automatic rather than optional.

Deactivating the account was not governance. It was the appearance of governance. It closed a file without closing the gap. When she opened a second account, there was no structure to catch it because the first response was designed to manage the situation, not prevent the next one.

That is what the accountability gap looks like when it has a body count.

The question every organization deploying AI needs to answer today is not whether your system can flag a threat.

Tumbler Ridge proves systems can flag threats.

The question is what happens above the flag.

Who owns that decision? What is the pre-defined response? Does your architecture remove the business calculus before anyone has an incentive to apply it?

Or does that decision live in a meeting?

Accountable by Design means the escalation path exists before the flag fires. The threshold is documented before the threat arrives. The business calculus is removed before the pressure arrives to apply it.

OpenAI’s safety team did its job.

The accountability architecture above it did not exist in any meaningful sense.

No amount of model improvement, content filtering, or post-incident safeguard strengthening can retroactively build what was never there.

If your system flagged something critical tonight, what happens next? If the answer involves a meeting, you have a gap.

Vordan publishes the Accountability Report every Sunday and the Gap Alert when the intelligence warrants it. Forward this to someone asking the accountability questions before the failure arrives.

Somewhere, an adversary is storing your organization’s encrypted data.

Not reading it. They cannot do that yet. But they are keeping it. Because in three years, or five, or whenever a quantum machine of sufficient scale comes online, the cryptographic lock on that data becomes a solved problem. Contracts. Health records. Financial transactions. AI training data. Proprietary model weights. Everything your organization marked confidential and transmitted over an encrypted channel becomes readable, retroactively.

This is harvest now, decrypt later. The attack requires no quantum capability on the adversary’s side today. It requires patience and storage. Both are cheap. And the window has been open for longer than most governance programs have acknowledged.

The timeline just got shorter.

Two papers published this April changed the calculation in ways that matter for risk managers, not just cryptographers. Google revised down the estimated qubit requirements to break 256-bit elliptic curves, which are the cryptographic foundation of most HTTPS connections and public-key identity systems. The attack is now feasible in minutes on superconducting architectures. A separate paper from Oratomic found that a neutral atom system with 26,000 physical qubits could execute a discrete logarithm attack on P-256 in as few as a few days.

Heather Adkins and Sophie Schmieg at Google set 2029 as their migration deadline in print. That is the first time anyone with that level of technical credibility has put a date that close in public.

Filippo Valsorda, the maintainer of Go’s standard library cryptography packages, put the decision frame plainly: “The bet is not ‘are you 100% sure a CRQC will exist in 2030?’ The bet is ‘are you 100% sure a CRQC will NOT exist in 2030?’”

If you are responsible for users’ security and cannot answer that question with certainty, the migration is not optional.

The rules already exist.

NIST finalized post-quantum cryptographic standards in August 2024. The Quantum Computing Cybersecurity Preparedness Act passed 420 to 3 in the House and unanimously in the Senate. It required OMB to issue migration guidance within one year of those standards. The deadline was August 2025. There is no public evidence it was met. NSM-10 sets a 2035 migration target that survived the administration change intact. The Trump administration’s June 2025 executive order streamlined the obligations but did not remove them, retaining a hard TLS 1.3 deadline of January 2, 2030.

The regulatory floor is intact. The enforcement apparatus to activate it is not.

Here is the accountability problem.

PQC migration does not fit anyone’s job description. CISOs own controls, not cryptographic primitive decisions. Compliance teams operate against frameworks like SOC 2, ISO 27001, HIPAA, and PCI-DSS, and none of them contain a post-quantum control. There is no checkbox to fail. Board reporting has no vocabulary for quantum risk. OMB had the mandate, missed the deadline, and faced no visible consequence.

The result is an organizational accountability vacuum. No internal owner. No auditable control state. Governance tooling that cannot see the exposure because it was never designed to.

That last point is structural, not accidental. Traditional GRC is built for periodicity. Annual assessments, point-in-time reviews, checklist compliance. Quantum exposure is not a state you are in or out of. It is a continuous property of your entire technology stack, every algorithm in every data pipeline, every TLS certificate, every API key exchange. An annual audit cannot represent that. GRC practitioners are discovering the same structural gap in AI governance right now. AI risk is continuous and probabilistic, not periodic and deterministic. PQC migration has exactly the same property, and none of the tooling being built to close the AI governance gap addresses it.

The hidden half of the crisis.

The deployment statistics look more reassuring than they are. Over fifty percent of traffic through Cloudflare’s global network now uses post-quantum key exchange, based on October 2025 data. Major browsers deploy it by default. Progress is real.

But key exchange is only half the problem. Digital signatures, the mechanism behind every HTTPS certificate, every code-signing certificate, every X.509 identity chain, have zero post-quantum deployment. Anywhere. As of late 2025, no public post-quantum X.509 certificates exist. The entire WebPKI infrastructure is running on quantum-vulnerable signatures with no deployed replacement. Key exchange progress creates the impression of migration in motion. Signature migration has not started.

What to do now.

Map the exposure before someone else does. A cryptographic inventory identifying which systems use which algorithms for what purpose is the precondition for a migration plan. Without it, ownership cannot be assigned and accountability cannot be tracked. This is what QCPA required of federal agencies. It is the right starting point for any organization holding sensitive data with a shelf life longer than three years.

Insert PQC into vendor risk assessments. The bottleneck is not browsers. It is origin server infrastructure. Only 3.7 percent of origin servers support post-quantum key exchange compared to 39 percent of major websites. Supply chain PQC requirements are already propagating through cloud platform terms of service. Getting ahead of this in vendor contracts and third-party reviews is operationally simpler now than during an enforcement cycle.

The governance failure, precisely stated.

The technical community completed its work. NIST ran a seven-year public competition and published standards. Google deployed them at scale. Valsorda is now teaching RSA as a legacy algorithm to PhD students. The path is known, standardized, and partially walked.

What is missing is accountability. OMB had a clear mandate and missed its first milestone. GRC platforms have no field for quantum exposure. No organization has failed an audit because of it. The regulatory floor exists. The enforcement structure to activate it does not yet.

The harvest does not wait for governance to catch up. The adversary storing your 2024 traffic today does not need to understand ML-KEM or ML-DSA. They need storage. And storage is cheap.

Vordan publishes every Sunday and Wednesday. If someone in your network is asking the accountability questions before the failure arrives, forward this to them.

The attacker who had already compromised Context.ai used that OAuth connection to take over the employee’s Google account, pivot into Vercel’s internal systems, and access environment variables containing API keys, database credentials, and signing keys across a subset of customers. Mandiant is now investigating. The IOC is published. Hundreds of organizations may be affected through Context.ai’s broader user base.

The breach wasn’t sophisticated. It didn’t require a zero-day or nation-state capability. It required one employee, one AI tool, and one OAuth grant nobody was tracking.

Here’s the governance failure in plain language.

Most organizations have a formal vendor risk review process for enterprise software. Legal reviews the contract. Security reviews the architecture. IT reviews the integration. That process exists because someone learned the hard way that third party access is a liability.

That process does not exist for the AI tool your developer installed last Tuesday.

No formal inventory of what OAuth grants exist across your Google Workspace. No review of what permissions those grants carry. No audit of what internal systems they can reach. No policy defining what non-sensitive actually means when an attacker is enumerating your environment variables.

The tool arrived. The governance didn’t.

Three things worth doing this week.

Go to your Google Workspace admin console and pull a full list of third-party apps with OAuth access. You will find things you didn’t know were there.

Review which of those apps have broad permission scopes versus narrow ones. An app that can read your entire Google Drive is a different risk profile than one that can only read your calendar.

Ask your security team when you last reviewed this list. If the answer is never or I don’t know, that’s your gap.

The Vercel breach is being called a supply chain attack. It is. But it’s also something more specific and more preventable: an AI tool governance failure at the identity and access layer. That category of failure has no control in most organizations right now.

The IOC is published at vercel.com/kb/bulletin/vercel-april-2026-security-incident

If you are on Vercel, rotate your credentials today.