Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one
None
<p>The post <a href="https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/">Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one</a> appeared first on <a href="https://www.lastwatchdog.com">The Last Watchdog</a>.</p><div class="entry" morss_own_score="5.32994923857868" morss_score="64.35630008209736"> <img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/Fireside-Chat_2025_brshed-960x609.jpg"> <h5>By Byron V. Acohido</h5> <p>Public key infrastructure — the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology — is facing a double whammy.</p> <p><em><strong>Related:</strong> <a href="https://www.lastwatchdog.com/rsac-2026-no-easy-fixes-for-expanding-ai-attack-surface-but-a-coordinated-response-is-emerging/">Achieveing AI security won’t be easy</a></em></p> <p><a href="https://www.lastwatchdog.com/wp/wp-content/uploads/Digital-trust-erosion_B_SQUR.jpg"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/Digital-trust-erosion_B_SQUR-100x101.jpg"></a>Autonomous AI agents are flooding enterprise networks, most without verified identities or any meaningful governance. What’s more, quantum computers are just around the corner — and when they arrive, current encryption becomes obsolete overnight.</p> <p>I sat down with <a href="https://www.digicert.com/">DigiCert</a> CEO <a href="https://www.linkedin.com/in/amitsinha/">Amit Sinha</a> at RSAC 2026 to discuss this. The identity management and encryption communities are not sitting on their hands. Here is what I learned that you should know.</p> <p>PKI has been the quiet backbone of digital trust for 30 years. E-commerce needed it to authenticate strangers. The cloud and IoT needed it to manage machine identities at scale.</p> <p>Each time the technology shifted, PKI scaled to meet the load — under strain, imperfectly, but it held. The question now is whether it can be extended fast enough to handle two simultaneous disruptions: autonomous AI agents spreading like wildfire through enterprises and a quantum threat that will require replacing the underlying encryption math entirely.</p> <p>Sinha’s framing at RSAC was direct. “We are in a once-in-30-year upgrade cycle,” he told me.</p> <p>Encouragingly, the security community is already moving on two fronts. The first has to do with a problem that has been building since generative AI made synthetic media cheap and easy to produce. Fake videos, fabricated audio, and AI-generated images are flooding the internet and enabling fraud at scale.</p> <p>The industry’s answer is <a href="https://c2pa.org/about/">C2PA</a> — the Coalition for Content Provenance and Authenticity — an open standard that cryptographically signs content at the moment of creation, embedding a verifiable record of origin and any subsequent changes directly into the file.</p> <p>A trusted certificate authority vouches for authenticity, and anyone downstream can verify it. The standard is gaining real traction. Samsung built C2PA signing <a href="https://www.androidauthority.com/galaxy-s25-content-credentials-3523256/">into the native camera app of the Galaxy S25</a>, the first mass-market smartphone to carry it. Cloudflare has <a href="https://www.cloudflare.com/press/press-releases/2025/cloudflare-launches-one-click-content-credentials-to-track-image-authenticity/">implemented it across roughly 20 percent of the web</a>. DigiCert is a certified certificate authority under the standard.</p> <p>The second front has to do with companies racing to deploy autonomous AI agents — software that does not just answer questions but takes actions, executes transactions, manages systems, and interacts with other agents, all without waiting for a human to confirm each step.</p> <p><a href="https://www.lastwatchdog.com/wp/wp-content/uploads/260414_Humanoid_Passports-narr.png"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/260414_Humanoid_Passports-narr-520x236.png"></a>These AI agents have no verified identity. They operate on borrowed credentials or API tokens, with no reliable way to establish who — or what — is actually acting, on whose authority, and with access to what. Sinha explained how PKI can be extended to solve this the same way it solved machine identity in the cloud era.</p> <p>Every agent, he says, should carry a “digital passport” — a cryptographic credential, issued through the same certificate infrastructure that authenticates websites and software; this would establish the agent’s identity, define what it is authorized to access, and allow it to be revoked instantly if need be.</p> <p>Think of it the way Sinha does: when you arrive at an airport, your passport gets you into the secure area; your boarding pass governs exactly where you go from there. The standards to do this already exist — <a href="https://spiffe.io/docs/latest/spiffe-about/overview/">SPIFFE</a> and SPIRE, adapted from cloud workload security — and DigiCert is extending its platform to issue and manage these credentials for AI agents at enterprise scale.</p> <p>“As agents move from answering your questions to taking actions on your behalf, you need governance, you need auditability, you need the ability to revoke all those privileges — much like you would with any human,” he said.</p> <p>Adoption, however, is in the earliest innings. DigiCert CTO Jason Sabin told CSO Online late last year that <a href="https://www.csoonline.com/article/4109999/agentic-ai-already-hinting-at-cybersecuritys-pending-identity-crisis.html">fewer than 5 percent of enterprises</a> deploying autonomous agents have created verifiable identities for them. Sinha described what AI has done to the security industry’s clock as “time dilation” — what used to be a year’s worth of change now happens in weeks.</p> <p>PKI has carried the load through every prior shift. Whether it can be extended fast enough for this one is the defining near-term question. I’ll keep watch, and keep reporting.</p> <p>Listen to the <a href="https://soundcloud.com/byron-acohido/digital-passports-for-ai?si=eed65620734d43979f8785bbd411abfb&utm_source=clipboard&utm_medium=text&utm_campaign=social_sharing">full podcast</a> for Sinha’s complete breakdown.</p> <p><a href="https://www.lastwatchdog.com/wp/wp-content/uploads/Byron-sepia-hedcut-1.png"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/uploads/Byron-sepia-hedcut-1-100x139.png"></a></p> <p>Acohido</p> <p><em><a href="https://www.lastwatchdog.com/pulitzer-centennial-highlights-role-journalism/">Pulitzer Prize-winning </a>business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.</em></p> <p><em>(<strong>Editor’s note</strong>: I used Claude and ChatGPT to assist with research compilation, source discovery, and early draft structuring. All interviews, analysis, fact-checking, and final writing are my own. I remain responsible for every claim and conclusion.)</em></p> <p> <a href="https://www.facebook.com/sharer.php?u=https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/facebook.png" title="Facebook"></a><a href="https://plus.google.com/share?url=https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/google.png" title="Google+"></a><a href="/cdn-cgi/l/email-protection#c0ffb3b5a2aaa5a3b4fd86a9b2a5b3a9a4a5e5f2f083a8a1b4fae5f2f0908b89e5f2f0a8a1b3e5f2f0a3a1b2b2a9a5a4e5f2f0a4a9a7a9b4a1ace5f2f0b4b2b5b3b4e5f2f0b4a8b2afb5a7a8e5f2f0a5b6a5b2b9e5f2f0b4a5a3a8e5f2f0a1a4b6a1aea3a5e585f2e5f8f0e5f9f4aeafb7e5f2f0a3afada5b3e5f2f0b4a8a5e5f2f0a8a1b2a4a5b3b4e5f2f0afaea5e6a1adb0fba2afa4b9fde5f2f0a8b4b4b0b3faefefb7b7b7eeaca1b3b4b7a1b4a3a8a4afa7eea3afadefa6a9b2a5b3a9a4a5eda3a8a1b4edb0aba9eda8a1b3eda3a1b2b2a9a5a4eda4a9a7a9b4a1acedb4b2b5b3b4edb4a8b2afb5a7a8eda5b6a5b2b9edb4a5a3a8eda1a4b6a1aea3a5edaeafb7eda3afada5b3edb4a8a5eda8a1b2a4a5b3b4edafaea5ef"><img decoding="async" src="https://www.lastwatchdog.com/wp/wp-content/plugins/simple-share-buttons-adder/buttons/somacro/email.png" title="Email"></a></p> <p>April 20th, 2026 </p> <p> </p></div><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/04/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/" data-a2a-title="Fireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest one"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F04%2Ffireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one%2F&linkname=Fireside%20Chat%3A%20PKI%20has%20carried%20digital%20trust%20through%20every%20tech%20advance%E2%80%94now%20comes%20the%20hardest%20one" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://www.lastwatchdog.com">The Last Watchdog</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by bacohido">bacohido</a>. Read the original post at: <a href="https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/">https://www.lastwatchdog.com/fireside-chat-pki-has-carried-digital-trust-through-every-tech-advance-now-comes-the-hardest-one/</a> </p>