Crypto-agility is the ability to replace cryptographic algorithms, key sizes, or protocol components without major disruption to systems or services. It matters because cryptography is not static: algorithms age, compliance rules change, and new threats such as quantum computing can make older choices unsafe. A crypto-agile system can move from one cipher suite, certificate type, or signature scheme to another through configuration and controlled updates instead of a full redesign.
In practice, crypto-agility is both a defense and a resilience measure. Attackers may target weak or deprecated algorithms, downgrade negotiations, or exploit systems that cannot move away from broken primitives. Defenders use crypto-agility to rotate algorithms, patch vulnerable libraries, and adopt post-quantum methods in stages. It also reduces operational risk by making migrations smoother and limiting service outages when cryptographic standards change.