Google uses NTRU-HRSS internally, which seems reasonable.

https://cloud.google.com/blog/products/identity-security/why...