Three insights you may have missed from theCUBE’s coverage of the DigiCert Trust Summit

AI is turning digital trust from a security function into an operating model.

That shift is putting new pressure on the systems enterprises have long used to verify identity, protect data and keep digital infrastructure running. Autonomous agents, synthetic content and machine identities are not simply expanding the attack surface; they are changing how trust decisions get made across software, infrastructure and business workflows.

During the recent DigiCert Trust Summit broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio, DigiCert Inc. framed that challenge around a central question for the AI era: How can organizations prove what is real, authorized and secure when machines are making more decisions on their own?

“We’re helping organizations navigate today’s threats and prepare for a quantum-safe future,” said Amit Sinha (pictured), chief executive officer of DigiCert. “AI is reshaping everything, and in almost every customer conversation, one question comes up: How do we trust AI?”

The Summit’s larger message was not that enterprises need one more security tool for AI. It was that digital trust infrastructure itself must evolve. DigiCert executives and enterprise security leaders connected AI governance, certificate lifecycle management, DNS resilience, content provenance, agent identity and quantum readiness into a broader modernization story built around cryptographic proof.

During the Summit, DigiCert executives and cybersecurity practitioners examined how enterprises can establish verifiable trust across AI agents, digital content, machine identities, certificate lifecycles and post-quantum cryptography. (* Disclosure below.)

Here are three key insights you may have missed from the DigiCert Trust Summit:

Insight #1: AI is making identity the new control plane.

The strongest theme from the Summit was that identity is becoming the starting point for AI governance. That applies not only to employees and devices, but also to content, models, workloads and autonomous agents. If an enterprise cannot establish what something is, where it came from and what it is allowed to do, then AI governance becomes difficult to enforce at production scale.

That challenge begins with content. Generative AI has made it easier to create synthetic media, deepfakes and misinformation, which means enterprises need ways to verify provenance before content is trusted, shared or used in decision-making. DigiCert’s work with the Coalition for Content Provenance and Authenticity, known as C2PA, fits into that larger shift toward attaching cryptographic proof to digital media.

“Using proven cryptography, we can now attach verifiable credentials to content,” Sinha said. “So, you don’t just see it, you can verify where it came from and whether it’s been altered.”

The same identity problem applies to AI models. As models become part of enterprise software supply chains, organizations need evidence about their origin, training history, attestations and compliance posture. In that context, model trust becomes a supply chain issue as much as an AI issue.

Agents raise the stakes because they can do more than generate responses. They may access tools, call systems, trigger workflows and act on behalf of users or business processes. That makes verified identity essential to authorization, lifecycle management and accountability.

“Trust starts with identity, durable, verifiable, immutable,” Sinha said. “We wouldn’t allow an employee to operate without a verified identity within an organization. AI agents should be no different.”

The implication is clear: Agentic AI will need more than policies and dashboards. It will require identities that can be issued, governed, revoked and audited across changing environments. In that model, identity becomes the control plane that determines which agents can act, under what authority and with what level of trust.

Insight #2: Shorter certificate lifecycles will turn automation into a digital trust requirement.

A second insight from the Summit was that trust operations are about to become far more continuous. The move toward shorter certificate lifecycles will increase the pace of renewals and validations, making manual certificate management increasingly risky for large enterprises.

The CA/Browser Forum’s baseline requirements list March 15, 2029, as the date when maximum subscriber certificate validity becomes 47 days. The same requirements also list 10 days as the maximum reuse period for domain name and IP address validation data beginning on that date.

That change matters because certificates sit underneath a wide range of digital interactions. As organizations expand across hybrid infrastructure, multicloud environments, containers, APIs, edge systems and AI-driven workflows, certificate sprawl can quickly become an outage and security risk.

Deepika Chauhan, chief product officer of DigiCert, connected that operational pressure to the broader evolution of digital trust.

“You just heard Amit talk about how the world of digital trust is changing faster than most organizations can keep up with, and the decision of what to trust is being made by systems, by machines, by AI that’s moving faster than any of us can audit,” Chauhan said. “So, this isn’t just a future risk for you; this is here and now.”

Her point placed public key infrastructure, or PKI, and DNS at the center of the discussion. DNS helps direct systems to the right destinations, while PKI helps determine whether those destinations and identities should be trusted. Together, they form a trust layer that has to keep pace with faster infrastructure, more machine identities and shorter certificate windows.

“PKI and DNS are not just the features of security stack,” Chauhan added. “They are the core foundation on which your entire digital trust resides.”

Sinha tied the operational challenge directly to automation. As certificate lifecycles compress, organizations will have to discover certificates, manage ownership, renew them reliably and prevent outages across distributed environments. That is difficult to sustain with manual processes.

“Without automation, this leads to higher costs, more outages and greater risk,” Sinha said. “This is why PKI modernization is urgent and why automation is no longer optional.”

UPS provided the practical proof point. In a Summit discussion with Chauhan, Kavita Rehan, director of information security at United Parcel Service Inc., described the company’s certificate lifecycle work as more than a renewal exercise. It became a chance to simplify architecture, reduce operational friction and build a more unified trust model.

“As we evaluated every option, we realized that this was bigger than just a renewal discussion,” Rehan said. “It was an opportunity to rethink architecture, simplify operations and move forward towards a unified approach.”

For UPS, automation became the mechanism for making shorter lifecycles manageable. The company already had infrastructure automation tools such as Ansible and Terraform in place, which helped frame certificate management as part of modern operations rather than a separate manual workflow.

“Automation wasn’t optional,” Rehan said. “It was the foundation to make this change.”

Rehan also pointed to a practical lesson that applies beyond UPS: Not every workload requires a public certificate. By moving appropriate use cases to private certificates, organizations can reduce cost, simplify management and create a cleaner PKI model before certificate compression increases the operational burden.

“One of the biggest lessons for us was that not everything needed a public certificate,” Rehan added. “Historically, people request a public certificate because that was the path of least resistance, not always because it was the right choice.”

Insight #3: Agent governance will need cryptographic enforcement, not just oversight.

The third takeaway was that agentic AI governance has to become enforceable at the technical layer. Written policies, approval processes and acceptable-use rules still matter, but they are not enough if agents can operate across systems faster than humans can review their behavior.

Brian Trzupek, senior vice president of product at DigiCert, framed the issue around visibility and authority. His point was not simply that AI agents introduce risk. It was that many organizations may already have AI tools operating without a clear understanding of where they are running, what they can access or who authorized them.

“Do AI agents keep you up at night?” Trzupek asked. “I think every organization in this room is already running AI. The question is whether you know what AI, where and on whose authority.”

That question turns shadow AI into a digital trust problem. Employees and teams may adopt AI tools to move faster, but unmanaged agents can create unclear accountability, expose sensitive data or act through credentials that were never designed for autonomous systems.

DigiCert’s AI Trust Manager approach addresses that issue by applying trust controls at multiple points: DNS enforcement at the network edge, agent identity through passports and policy, and secure execution through confidential computing. The important point is that this model extends existing digital trust practices into AI environments instead of creating a separate governance silo.

“We’re not reinventing the world; we’re leveraging it,” Trzupek said.

That matters because enterprises already have many of the building blocks needed for AI trust, including workload identity, short-lived credentials, DNS controls and trusted execution attestations. The challenge is applying those controls to agents that may be dynamic, distributed and increasingly autonomous.

That concern also surfaced in Sinha’s keynote conversation with Rob Owens, head of equity research at Piper Sandler Companies. Owens described AI as a technology shift with unusually fast adoption and broad application potential.

“AI’s really been thrust upon us, given the adoption rate, but we think it’ll play out in similar fashion in terms of tons of new application opportunities, obviously much easier from a development standpoint,” Owens said.

But adoption and readiness are not the same thing. Owens warned that security controls often lag behind new technology waves, comparing the current moment to cars reaching high speeds before seat belts became a legal requirement.

“We always put security in the backseat,” Owens added. “So, are they prepared to handle it? No, I don’t think so.”

That gap explains why agent governance cannot remain a soft control. Enterprises will need to verify which agents are approved, what they can access, where they are executing, whether the execution environment is trustworthy and how their actions can be reviewed after the fact. In other words, AI trust has to be proven continuously, not assumed once at deployment.

Across the Summit, DigiCert presented AI trust, certificate lifecycle compression and post-quantum readiness as connected parts of the same enterprise reset. The common thread is cryptographic proof. Organizations need to verify content, identify agents, manage machine identities, automate certificates and prepare for changing cryptographic standards without treating each problem as a separate program.

“This is not just about certificates,” Sinha said. “It’s about building trust in a rapidly changing digital world.”

That may be the clearest takeaway from the DigiCert Trust Summit. As AI becomes more embedded in enterprise workflows, digital trust is becoming a dynamic operating requirement. The organizations that can verify, automate and govern trust at scale will be better positioned for the next phase of AI-driven business.

Find out more about SiliconANGLE’s and theCUBE’s coverage of the DigiCert Trust Summit.

(* Disclosure: TheCUBE is a paid media partner for the DigiCert Trust Summit Virtual 2026 event. Neither DigiCert, the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE