Quantum computers pose a genuine future threat to public-key encryption systems like RSA and ECC, which can be broken by Shor's algorithm. However, symmetric encryption algorithms like AES-256 face a much smaller risk. The relevant quantum attack is Grover's algorithm, which provides a quadratic speedup in brute-force searches — effectively halving the key length. For AES-256, this reduces security to approximately 128-bit equivalent strength, which remains far beyond practical attack.
NIST, which leads the global post-quantum cryptography (PQC) standardization effort, explicitly distinguishes between these threat levels. Its guidance describes quantum computers as a future risk to "many" public-key systems — not all encryption. IBM Quantum confirms that even breaking RSA-2048 would require millions of fault-tolerant, error-corrected logical qubits, a threshold today's hardware (including IBM's own 1,121-qubit systems) cannot approach.
The broader claim that quantum computers can break "all" currently used encryption conflates two very different threat profiles: the serious long-term risk to asymmetric cryptography (RSA, ECC) and the manageable, already-mitigated risk to symmetric cryptography (AES). NIST has already published post-quantum standards for the former; the latter requires no immediate replacement.