AI in OT needs cryptographic identity, not just automation

At a glance

What this is: This is an analysis of new AI-in-OT guidance, with the central finding that cryptographic identity and continuous trust are now baseline requirements for AI agents in operational environments.

Why it matters: It matters because OT, IAM, and security teams have to govern AI-enabled actions as identities with lifecycle, verification, and audit needs, not as ordinary automation.

👉 Read DigiCert's analysis of AI trust requirements in operational technology

Context

AI in operational technology becomes an identity problem when a system can make decisions, trigger actions, or influence physical processes without a human in the loop. The core gap is not simply automation scale, but whether the actor, its outputs, and its access can be verified continuously across the control plane.

For IAM and security teams, this expands the governance surface across NHI, agentic AI, and OT devices. A model that can act on sensor data or issue control instructions needs identity, integrity, and accountability controls that match the speed and consequences of the environment.

The article argues that public key infrastructure and lifecycle management should sit at the centre of that trust model. That is an atypical but increasingly relevant posture for organizations moving AI into industrial and critical-infrastructure workflows.

Key questions

Q: How should security teams govern AI agents in OT environments?

A: They should govern AI agents as cryptographically identified actors with explicit lifecycle ownership, not as ordinary automation. That means binding actions to certificates or signed assertions, enforcing continuous verification, and ensuring every identity can be revoked, audited, and traced across the control path.

Q: Why do AI systems in OT require stronger identity controls than normal automation?

A: Because AI can change behaviour at runtime and influence physical outcomes, so static trust assumptions are too weak. Strong identity controls are needed to prove origin, prevent spoofing, and preserve accountability when the system makes decisions at machine speed.

Q: What breaks when organisations rely on approval models built for human-paced operations?

A: They miss the fact that AI can complete decisions and actions before the next review cycle or human intervention point. That creates a governance gap where trust was assumed but never continuously verified, especially in high-consequence OT workflows.

Q: Which frameworks should teams align to when AI identities touch OT systems?

A: Teams should align AI identity governance to NIST Cybersecurity Framework 2.0, Zero Trust architecture principles, and AI risk controls where autonomous behaviour is involved. For OT, the practical test is whether identity, integrity, and auditability can be proven at the point of action.

Technical breakdown

Cryptographic identity for AI agents in OT

In OT environments, identity is not just about user authentication. It is the mechanism that proves an AI agent, device, or control service is the authorised origin of an action. Cryptographic identity uses certificates, signing, and verification to bind actions to a trusted entity, which matters when decisions affect physical systems. Without that binding, outputs can be spoofed, replayed, or detached from provenance. The article’s key point is that AI becomes operationally dangerous when trust is inferred from behaviour rather than verified from identity.

Practical implication: map every AI-controlled OT function to a verifiable identity and reject unauthenticated action paths.

Why continuous trust matters more than static approval

OT systems often rely on preconfigured trust, but AI introduces runtime variability that static approvals cannot absorb. A model can change behaviour with new inputs, updated data, or altered context, so trust cannot be assumed at provisioning time alone. Continuous trust means the system keeps validating authenticity, integrity, and policy alignment throughout the lifecycle of the action, not just at login or deployment. This is especially important where AI operates faster than human operators can intervene.

Practical implication: design for ongoing verification of AI outputs, not one-time onboarding of the model or agent.

Lifecycle management for AI-enabled control paths

Lifecycle management becomes a safety control when AI is part of the control path. Certificates, policies, renewal, revocation, and audit trails determine whether the identity remains valid, whether it can be withdrawn, and whether its actions can be traced after the fact. In OT, the lifecycle problem is sharper because stale trust can persist inside long-lived systems, while the operational blast radius of a bad identity decision is much larger than in ordinary IT workflows.

Practical implication: treat certificate issuance, renewal, and revocation for AI and OT components as operational controls, not administrative tasks.

NHI Mgmt Group analysis

Cryptographic identity is now the trust layer for AI in OT. The guidance reflects a simple reality: if AI can act on physical systems, trust has to be anchored to something stronger than model output or network location. Identity, integrity, and auditability are the minimum controls that turn AI from an opaque decision source into a governed actor. For practitioners, that means the security model shifts from access to provenance.

Continuous verification: is the named control gap the OT AI shift exposes. Static approval models were designed for environments where the actor and its trust state do not change materially between review cycles. That assumption fails when AI systems adapt, re-evaluate, or act at machine speed. The implication is that governance must stop treating trust as a one-time event and start treating it as a runtime condition.

OT AI governance will converge with NHI lifecycle discipline. Certificates, rotation, revocation, and audit trails are no longer background plumbing when the identity can trigger a real-world action. The field is moving toward treating AI agents as first-class machine identities with explicit lifecycle ownership. Practitioners should expect converged governance across OT, workload identity, and emerging agentic AI controls.

This guidance strengthens the case for treating AI agents as governed executors, not generic automation. The distinction matters because autonomous or semi-autonomous decision paths require traceable identity across each action, especially where downstream systems cannot easily distinguish model intent from legitimate control logic. That shifts the burden onto IAM and security architecture to establish who or what initiated the action. The practical conclusion is that AI governance now belongs inside identity programmes, not beside them.

The next control debate is not whether AI belongs in OT, but which trust assumptions can survive it. Organisations that built their programmes around human-paced approvals and static device trust will find those assumptions under pressure. The strongest programmes will be the ones that can prove identity, integrity, and accountability at the point of action. For security leaders, that is now a core resilience issue.

From our research:

• Companies are dedicating an average of 32.4% of their security budgets to secrets management and code security, with US organisations leading at 40.8%, according to The State of Secrets in AppSec.
• Organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control, according to The State of Secrets in AppSec.
• For lifecycle and secret-handling context, see Ultimate Guide to NHIs , Key Challenges and Risks for the governance gaps that AI-in-OT programmes must close next.

What this signals

Continuous verification is the concept OT teams should watch most closely. The operating assumption behind many industrial environments is that trust is established up front and then preserved by process. AI breaks that model because the actor can adapt mid-session, so the trust state has to be re-evaluated as part of execution, not after the fact.

As AI agents move closer to physical control paths, identity programmes will need to absorb certificate governance, auditability, and revocation discipline that used to sit outside the core IAM conversation. That makes NHI lifecycle controls part of resilience planning, not just hygiene.

The practical signal for practitioners is whether they can prove who or what initiated a control action, whether that identity was still valid at the moment of action, and whether the action can be withdrawn or explained after the event.

For practitioners

• Inventory AI-controlled OT trust paths Map where AI systems influence sensors, setpoints, decision engines, and automation pipelines, then identify which identities sign those actions and which systems verify them.
• Bind AI actions to cryptographic identities Require certificates or signed assertions for AI agents, control services, and OT components so every material action has a verifiable origin and an auditable trail.
• Make lifecycle events operational controls Treat issuance, renewal, revocation, and expiration for AI and OT identities as production controls with owners, alerts, and rollback paths.
• Rework approval models for runtime trust Replace one-time authorization assumptions with continuous validation points that can block unsafe outputs before they reach physical systems.

Key takeaways

• AI in OT becomes an identity and integrity problem once it can influence physical systems without human pacing.
• Continuous trust and lifecycle control matter because static approval models cannot keep up with runtime AI behaviour.
• Security teams should bind AI actions to cryptographic identity and treat revocation, auditability, and provenance as operational requirements.

Key terms

• Cryptographic Identity: A cryptographic identity is a verifiable digital identity anchored in keys, certificates, and signatures rather than in assumption or network location. In AI and OT environments, it proves which actor originated an action and supports non-repudiation, auditability, and trust at machine speed.
• Continuous Verification: Continuous verification is the practice of re-checking trust conditions throughout execution instead of only at login or deployment. For AI and OT systems, it means identity, integrity, and policy alignment must remain valid while the actor is still making decisions.
• Operational Technology: Operational technology is the hardware and software used to monitor or control physical processes such as manufacturing, utilities, transport, and energy systems. Because OT affects real-world outcomes, identity failures in this environment can cause safety, availability, or integrity impacts.
• Lifecycle Management: Lifecycle management is the governance process that covers issuance, renewal, rotation, revocation, and retirement of identities and secrets. In AI-enabled environments, it determines whether trust can be removed quickly, traced clearly, and maintained safely over time.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or programme maturity, it is worth exploring.

This post draws on content published by DigiCert: The NSA and CISA Just Confirmed Why Intelligent Trust Matters More than Ever. Read the original.