In the era of AI and agentic adoption, security and digital trust are more vital than ever before.
At the center of digital trust is Public Key Infrastructure (PKI), the framework used to manage digital certificates and public-key encryption to enable secure communication, authentication and data integrity across digital environments.
While PKI provides critical digital trust, the IT landscape PKI lives within is changing rapidly.
The rapid advancement of AI and rise of agentic systems, combined with the widespread adoption of cloud computing and the impact of post‑quantum cryptography (PQC) on cryptographic change, coupled with shrinking PKI certificate lifecycles, are creating new challenges for IT teams and cybersecurity managing PKI deployments.
Against this backdrop, enterprises manage hundreds of thousands of PKI certificates, rendering traditional manual approaches to PKI management no longer sufficient in today’s age.
HID Global’s 2026 PKI market study, PKI in the Age of AI and Automation, found that 52% of 300 IT and security leaders across the US and Europe surveyed cited the lack of automation or tools as one of the biggest challenges for effective PKI management. Only 22% said they did not struggle with certificate renewal.
Organizations experience around one certificate-related incident per quarter. Poorly managed, PKI turns from a trust enabler into a source of outages, blind spots and exploitable weaknesses.
Impact Of Certificate-Related Incidents
Incidents involving PKI certificates can have significant business consequences. HID Global’s study found that these include security breaches (23%), financial losses (16%) and loss of customer contracts (10%), highlighting the criticality of digital trust well-managed PKI offers businesses today.
Other consequences included:
- 75% experienced service downtime or outages
- 67% suffered operational disruptions or productivity loss
- 25% were found in non-compliance with regulatory or audit requirements
Automation Non-Optional as Certificate Lifespans Shrink
Today, certificate lifespans – the time digital certificates are trusted and active - are getting shorter, fundamentally shifting how organizations manage PKI.
Since March 2026 TLS/SSL certificate lifetime has decreased from 398 days to 200 days. By March 2027, this will plunge to just 100 days and it will continue shrink to as little as 47 days in 2029.
This shift to 47-day certificates is encouraging business leaders to adopt automation as part of the certificate lifecycle and move away from manual processes, like spreadsheet-based certificate inventories, which simply cannot keep up.
Automation has been cited by 52% as one of the top trends in the industry, according to HID’s market study, and 61% are planning to invest in automation over the next 24 months.
Within certificate lifecycle management, certificate renewal is the aspect where most firms have introduced automation (76%). In contrast, certificate discovery (38%) and revocation (44%) lag significantly behind.
While there is positive momentum in automation of PKI, those who lack automated certificate issuance, renewal and revocation were found to be 3.3 times more likely to experience more than six incidents per year.
Automated, policy-driven certificate lifecycle management is no longer just a question of optimization. Rather it is a prerequisite for maintaining digital trust.
AI and Machine Identities: A New Trust Challenge
This need for automation becomes even more critical as machine identities scale and the use of AI agents is growing exponentially. This has resulted in a steep rise in the number of non-human identities (NHIs) associated with them as machines increasingly interact with other machines.
Operating at scale and changing constantly, NHIs have created the latest digital trust issue as they are intrinsically difficult to reliably verify who, or what, is interacting across systems.
AI agent certificate use was cited by 34% of IT leaders as a top three trend with 16% of organizations saying they are already using certificates for AI agents.
PKI is foundational for securing NHIs because of the need for cryptographic proof of identity and automated trust between machines. PKI certificates give AI agents a verifiable digital identity, securing communication and ensure data integrity.
The adoption of PKI certificates for AI agents has room to grow as markets evolve. It will be vital that automation is embedded into PKI for AI agents because the scale, speed and volatility of NHI make manual certificate management impossible. Ultimately, automation allows PKI to function at the same speed and scale as the AI agents it is aligned to.
Post‑Quantum Cryptography: Awareness vs. Action
Q-Day, the date when quantum computers become powerful enough to break today’s standard public-key encryption, is no longer a far-flung fantasy but is a rapidly approaching reality.
The current cryptographic algorithms that underpin PKI today must be replaced by quantum-resilient ones.
Despite the shrinking timelines for PQC adoption, with Google and Microsoft now stating 2029 as the deadline for PQC transition, data shows a prevailing “wait‑and‑see” posture. Just 12% of HID’s market study respondents stated they are actively implementing PQC pilots and 25% developing internal PQC plans.
Meanwhile, just 22% have allocated resources to PQC initiatives as many (37%) are simply monitoring standards and industry guidance.
Monitoring standards is worthwhile but falls short of preparedness for PQC transition and small organizations are particularly underprepared. Those with more than 50,000 employees are up to three times more likely to be running PQC pilots than those with fewer.
Leading PKI as a Service (PKIaaS) solutions including HID Global now offer lab environments to test NIST PQC standards, while automation improves crypto-agility and simplifies certificate updates for a secure post-quantum future.
What Successful PKI Management Looks Like
Against this backdrop of fundamental challenges and changes to the PKI landscape, those with greater visibility and more mature automation practices experienced fewer certificate-related incidents.
Organizations with no formal certificate tracking processes and visibility limited to public-facing certificates were more than twice as likely to experience six or more incidents per year.
One key factor to successful PKI management is the use of a cloud-based certificate lifecycle manager (CLM) rather than a hybrid or on-premises deployment.
HID’s market study found those with cloud-based CLM with certificate automation, reporting and monitoring were better equipped to respond to incidents when they did occur. They were also more likely to report success with broader business initiatives, from compliance to digital transformation.
Other certificate management best practices include viewing compliance as a business goal, taking a proactive approach to PQC readiness, centralized tracking workflows and firm emphasis on automated solutions.
Today, many businesses are either replacing, upgrading or expanding their PKI infrastructure because executives know it is vital to the future of digital trust.
Automation is at the top of the priority list for investment (62%) as it plays a critical role in tackling the challenges of today’s technology environments. It is vital for organizations both large and small for greater visibility and control throughout the PKI lifecycle.
Meanwhile, 32% of organizations plan to invest in unified CLM platforms or cloud-native solutions, with an equal proportion allocating budget to compliance tools and certifications.
A proactive approach to PQC, which is supported by investments in CLM and automation, enables organizations to strengthen certificate management maturity and is associated with fewer certificate-related incidents..
Start Building a Future-Ready PKI Strategy Today
Building a scalable, future-ready PKI foundation requires organizations to move beyond manual processes and embrace automation, visibility and crypto-agility at scale.
Enterprises that centralize control, improve visibility and align PKI with broader business goals will be best positioned to reduce risk, maintain compliance and underpin secure digital transformation.
HID PKI-as-a-Service removes the complexity of managing digital certificates across enterprises of all sizes and alleviate the burden from in-house management, enabling scalability, adaptability and automation of the full certificate lifecycle – vital to driving digital trust in today’s age of AI and automation.
Find out how leading organizations are overcoming certificate sprawl, accelerating automation and preparing for post-quantum cryptography. Download the PKI Market Study today and gain the insights you need to build a more secure, resilient and future-ready PKI strategy.
