There are certain buzzwords you hear that immediately boost your confidence in the product that's being sold. You may have heard Apple describe its iPhone 15's aluminum enclosure as aerospace-grade, and you may also have heard some combat knife manufacturers claim that their knives are "standard-issue Navy SEAL knives." Something about stating that you are trusted by the U.S. government puts buyers and patrons at ease. However, as you may have guessed by now, it's nothing but tricky marketing.
It's no different when VPN providers claim to employ "military grade encryption." To see through the facade, you must first ask yourself: "What even is military grade encryption, and how is it different from normal industry standard?" The simple answer is that it isn't; it's just a fancy way to say it's AES-256. AES-256 encryption is the strongest widely used form of the Advanced Encryption Standard (AES), a symmetric cipher that has been around since the early 2000s. It's used everywhere, and not just by the military. Your bank uses it to secure online transactions, messaging apps use it to keep conversations private (via end-to-end encryption), and even encrypted ZIP files rely on the same math.
The U.S. government did approve AES-256 for securing Top Secret information, which is where the "military grade" label comes from, but there's no exclusive or secret algorithm that VPN providers have access to. In practice, when a VPN says it uses military-grade encryption, what it really means is that it's using the same off-the-shelf cryptography libraries available to any software developer, wrapped in a more intimidating phrase to make you feel safer.