By NHI Mgmt Group Editorial TeamPublished 2026-05-20Domain: Workload IdentitySource: GlobalSign

TL;DR: AI is being adopted broadly in cybersecurity, with 93% of security leaders reporting GenAI use and 91% using it for cyber work, while certificate management teams are increasingly using it to automate issuance, renewal, revocation, and anomaly detection, according to GlobalSign. That efficiency also creates a new governance problem: machine assistance can weaken trust assumptions in PKI if data poisoning, prompt injection, or over-automated approvals are not constrained.


At a glance

What this is: This is an analysis of how AI is being used in certificate management and the new PKI governance risks it introduces.

Why it matters: It matters because certificate lifecycle automation now sits inside identity and trust controls that also underpin Zero Trust, so IAM and security teams need to understand where machine assistance can erode assurance.

By the numbers:

👉 Read GlobalSign's analysis of AI risks and benefits in certificate management


Context

AI is increasingly embedded in certificate management because certificate issuance, renewal, revocation, and compliance checks are repetitive, high-volume tasks that benefit from automation. In a PKI environment, that can reduce latency and human error, but it also places more trust in machine-mediated decisions that still need identity, validation, and policy guardrails.

The governance problem is not simply that AI can be wrong. It is that AI can be manipulated through poisoned training data, adversarial prompts, or over-broad approval paths, turning certificate workflows into a trust boundary that attackers can influence. For identity and access teams, this is an NHI governance issue because the systems acting on certificates are machine identities operating inside critical access infrastructure.


Key questions

Q: How should security teams govern AI-assisted certificate issuance and renewal?

A: Treat AI as a decision-support layer, not the trust authority. Keep issuance, renewal, and revocation bound to explicit policy checks, verified identity, and clear ownership. If the model can approve or expose certificate material on its own, you have moved from automation into delegated assurance, which should trigger tighter review and audit controls.

Q: Why do AI systems create new risk in certificate management?

A: AI creates risk because certificate workflows depend on inputs that can be poisoned, manipulated, or imitated. If those inputs shape validation or approval logic, an attacker can steer trust decisions toward fraudulent certificates, exposed PKI details, or unsafe renewals. The core issue is not speed, it is whether the trust boundary is still defensible.

Q: What breaks when certificate approval becomes too automated?

A: When approval becomes too automated, the organisation loses the ability to prove why a certificate was trusted at a specific moment. That makes false approvals harder to detect and harder to reverse. It also creates a control gap between policy intent and machine execution, especially where renewal and revocation are handled at scale.

Q: How do Zero Trust principles apply to certificate operations?

A: Zero Trust means every certificate request should be verified continuously for identity, context, and least privilege, even when a machine is making the request. For AI-assisted workflows, that means checking the requesting entity, constraining the action scope, and requiring independent policy enforcement before trust is extended.


Technical breakdown

How AI changes certificate issuance and renewal workflows

AI can automate the certificate lifecycle by helping decide when to issue, renew, revoke, and flag anomalies in large PKI estates. In practice, that means models may inspect telemetry, compare certificate attributes, and surface exceptions faster than manual review. The problem is that automation often hides where policy ends and inference begins. If the model is allowed to influence approval logic, the certificate workflow becomes dependent on the quality of training data, prompt handling, and operational thresholds rather than explicit human-reviewed rules.

Practical implication: separate recommendation from approval so certificate lifecycle actions remain policy-governed rather than model-governed.

Why data poisoning and prompt injection matter in PKI

Data poisoning alters training or reference data so the model learns the wrong pattern, while prompt injection manipulates a generative system at runtime to reveal data or take unsafe actions. In certificate management, either failure can distort validation, expose PKI details, or help a malicious actor obtain or forge trusted credentials. This is particularly dangerous because certificate systems are used to establish system and service trust, not just user trust, so a single false positive or false approval can have wide blast radius across applications and networks.

Practical implication: validate training inputs, constrain prompts, and monitor model outputs against independent PKI policy checks.

Zero Trust for certificate operations

The article ties certificate automation to Zero Trust, and that is the right architectural direction, but Zero Trust only works when every certificate request is subject to strict identity verification and least privilege. Delegated credentials for CDNs show how short-lived, task-specific trust can reduce exposure, but they do not remove the need to verify the entity, the request context, and the scope of access. In other words, AI can accelerate the workflow, but it cannot be the trust anchor.

Practical implication: apply continuous verification and least privilege to certificate requests, especially where AI is used to accelerate decisions.


Threat narrative

Attacker objective: The attacker wants to subvert certificate trust so they can impersonate legitimate services, intercept traffic, or enable broader access into systems that rely on PKI.

  1. Entry occurs when attackers influence the certificate workflow through poisoned training data, malicious prompts, or imitation of renewal communications.
  2. Escalation follows when a manipulated model exposes PKI details, approves a fraudulent certificate, or weakens validation logic across the certificate lifecycle.
  3. Impact is achieved through man-in-the-middle access, SSL stripping, or forged trust that allows broader compromise of encrypted services and identity infrastructure.
  • Sisense breach — unauthorized GitLab access led to exfiltration of access tokens, API keys and certificates.
  • Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.


NHI Mgmt Group analysis

AI in certificate management is an NHI governance problem, not just an efficiency story. Certificate issuance, renewal, revocation, and compliance checks are identity operations that decide what is trusted inside the environment. Once AI is allowed to assist those decisions, the control question shifts from speed to assurance. The right lens is OWASP-NHI and Zero Trust, because the workflow is now mediated by machine identities and machine decisions.

Trusted input is the real control boundary in AI-assisted PKI. Data poisoning and prompt injection are different attack paths, but they exploit the same broken premise: that the data or instruction stream driving certificate decisions is trustworthy by default. That assumption was designed for controlled administrative inputs. It fails when the actor consuming those inputs can be manipulated at runtime, which means practitioners must rethink where approval authority actually lives.

Ephemeral credential trust debt: AI may speed certificate operations, but it also accumulates hidden trust obligations when certificates are renewed, delegated, or auto-approved without sufficiently strong identity proof. The enterprise inherits a larger set of machine-mediated assurances that are harder to audit than manual workflows. Practitioners should treat every automated certificate action as a trust event, not a housekeeping task.

Zero Trust only works if certificate automation remains bounded. The article correctly points toward strict identity verification, but the broader point is that AI should not become the implicit authority for cryptographic trust. If the model is making or shaping trust decisions, the organisation has already moved beyond simple automation into delegated assurance. That changes how PKI, IAM, and security operations should be governed together.

From our research:

  • 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
  • 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
  • 52 NHI Breaches Analysis shows that compromised machine identities repeatedly turn routine trust assumptions into enterprise-wide exposure.

What this signals

Ephemeral credential trust debt: AI-assisted certificate automation reduces operational friction, but every delegated trust decision increases the amount of assurance the programme must later justify. For teams building Zero Trust and PKI governance together, this means the review burden moves from manual ticket handling to policy integrity, auditability, and exception control.

The next programme-level question is whether your certificate lifecycle is still explainable without the model in the loop. If the answer is no, then AI has become part of the trust boundary rather than a support function, and that should change how IAM, PKI, and security operations are governed together.


For practitioners

  • Separate recommendation from approval in PKI workflows Allow AI to flag anomalies or prioritise review, but keep issuance, renewal, and revocation decisions tied to explicit policy checks and human-owned approval paths.
  • Validate training and telemetry inputs before they influence certificate decisions Use independent data validation for training sets, log sources, and certificate inventory feeds so poisoned inputs cannot shape trust outcomes without detection.
  • Constrain prompt access to PKI details and certificate actions Limit what generative systems can see and do, and require separate verification for requests that would expose PKI metadata or create trusted credentials.
  • Apply continuous verification to AI-assisted certificate requests Map certificate workflows to Zero Trust principles by checking identity, context, and privilege at each stage rather than assuming the requesting system remains trustworthy.

Key takeaways

  • AI speeds certificate operations, but it also shifts PKI into a model-mediated trust boundary that needs explicit governance.
  • The most dangerous failures are data poisoning and prompt injection because they can distort issuance, renewal, and validation decisions.
  • Zero Trust for certificate management means every request must be verified, scoped, and auditable, even when AI is helping run the workflow.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 and MITRE ATT&CK address the attack and risk surface, while NIST Zero Trust (SP 800-207), NIST CSF 2.0 and NIST SP 800-53 Rev 5 set the governance and control requirements practitioners need to meet.

FrameworkControl / ReferenceRelevance
OWASP Non-Human Identity Top 10NHI-03Certificate lifecycle automation creates NHI-style governance risk around trust and credential handling.
NIST Zero Trust (SP 800-207)3.4The article explicitly links certificate operations to Zero Trust verification and least privilege.
NIST CSF 2.0PR.AC-4Least-privilege access is central to limiting AI-driven certificate abuse.
NIST SP 800-53 Rev 5IA-5Authenticator management is directly relevant to certificate issuance, renewal, and revocation.
MITRE ATT&CKTA0006 , Credential Access; TA0010 , ExfiltrationThe article describes credential abuse through fraudulent certificates and PKI exposure.

Treat AI-assisted certificate workflows as governed non-human identities with bounded authority and full auditability.


Key terms

  • Certificate lifecycle automation: Certificate lifecycle automation is the use of software, including AI, to handle issuance, renewal, revocation, and compliance tasks for digital certificates. It reduces manual effort, but it also concentrates trust decisions into machine-mediated workflows that must still be governed with explicit identity and policy controls.
  • Prompt injection: Prompt injection is a runtime attack that manipulates a generative AI system by feeding it instructions designed to override intended behaviour. In PKI and certificate workflows, it can cause data exposure, unsafe actions, or distorted decisions if the system can access sensitive trust material.
  • Data poisoning: Data poisoning is the deliberate manipulation of training or reference data so a model learns incorrect patterns or produces unsafe output. For identity and certificate governance, poisoned data can cause false approvals, missed anomalies, or trust decisions that no longer reflect policy.
  • Ephemeral credential trust debt: Ephemeral credential trust debt is the hidden assurance burden created when short-lived or automated trust decisions accumulate faster than teams can audit them. In certificate management, it describes the gap between rapid machine actions and the organisation's ability to explain, verify, and revoke those actions later.

What's in the full article

GlobalSign's full article covers the operational detail this post intentionally leaves for the source:

  • Practical examples of AI use in certificate issuance, renewal, revocation, and compliance workflows.
  • Expanded discussion of data poisoning, prompt injection, and how those risks can affect PKI trust decisions.
  • Examples of anomaly detection and monitoring patterns for certificate activity at scale.
  • The article's guidance on combining AI with Zero Trust and delegated credentials in CDN environments.

👉 GlobalSign's full article covers the PKI risk examples, Zero Trust framing, and mitigation approaches in more detail.

Deepen your knowledge

NHI governance, agentic AI identity, machine identity security, IAM, identity lifecycle, and workload identity are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or operational governance, it is worth exploring.
NHIMG Editorial Note
Published by the NHIMG editorial team on 2026-05-20.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org