All completely true, but the last paragraph should probably be taken with a grain of salt. For non-PQ threat models, AES-128 is totally fine. In fact key schedule attacks against AES-256 that could bring attacks down to 2^70 time (!!) do not affect AES-128.

None of that is to say that AES-256 is broken -- it's still quite safe. But unless you have strong and imminent concerns about quantum attacks on your cryptosystem, AES-128 is almost definitely not vulnerable. Most experts agree that your time is better spent worrying about everything around the primitive than the choice of primitive itself.

I just don't want anyone alarmed by the idea that there is a nearly-practical attack on AES or something. That's a long, long way off.