Will AES-256 be publicly broken by 2040?

AES-256 is a widely-implemented specification for a symmetric block cipher algorithm for encrypting digital data. It is the strongest version of the Rijndael algorithm underlying the AES specification with 14 rounds of transformation and a 256 bit key size. The key size of 256 bits appears to render a brute-force search of the keyspace infeasible on foreseeable classical and quantum computers--the latter still must search an effective keyspace of 128 bits (see Grover's algorithm). The best publicly known attack on AES-256 requires the search of a keyspace slightly greater than 254 bits, which is infeasible. This keyspace is so large that a brute force search would be energy-constrained on a solar-system scale even with unlimited computing power at the physical limits of efficiency.

There is some consideration that mathematical and / or cryptoanalytic advances may enable new attacks on AES-256 that could make key recovery computationally feasible. Public, and presumably private, cryptanalysis of AES-256 is ongoing so it is plausible that by some means a practical break could become public knowledge by 2040. Advances in AI before the resolution date may plausibly speed up the rate of relevant mathematical and crytoanalytic discoveries.