TL;DR: Agentic AI changes digital trust because autonomous systems can select tools, act across systems, and expand access patterns faster than conventional identity controls were built to govern, according to Keyfactor. The governance problem is no longer just credential issuance but proving who or what is acting, under what authority, and with what limits.
NHIMG editorial — based on content published by Keyfactor: Establishing Digital Trust In The Agentic AI Era
Questions worth separating out
Q: How should security teams govern AI agents that act across multiple tools?
A: Security teams should define a strict trust boundary for each agent, including allowed tools, data sources, and downstream actions.
Q: Why do AI agents change how digital trust should be designed?
A: AI agents change digital trust because they can make runtime decisions that extend beyond the original access request.
Q: What fails when certificate governance is separated from AI governance?
A: When certificate governance is isolated from AI governance, teams can issue valid credentials without controlling how those credentials are used.
Practitioner guidance
- Map every agentic workflow to its trust boundary Document where an AI agent starts, which tools it may call, which data sources it may reach, and which actions must be blocked regardless of model output.
- Tie machine identity to short-lived authority Review whether certificates, tokens, and service credentials for AI-enabled systems are scoped tightly enough to expire before they can be repurposed.
- Unify PKI, IAM, and NHI oversight Bring certificate lifecycle automation, access governance, and workload identity telemetry into one review path for agentic systems.
What's in the full article
Keyfactor's full newsroom post covers the operational detail this post intentionally leaves for the source:
- How Keyfactor connects certificate lifecycle automation to digital trust for agentic AI deployments
- The specific trust and compliance themes the vendor groups under its agentic AI positioning
- The product and platform context behind Keyfactor's broader secure AI agents messaging
- The source article's own framing of digital trust priorities for security teams
👉 Read Keyfactor's analysis of digital trust in the agentic AI era →
Agentic AI digital trust: what should identity teams re-evaluate?
Explore further
Agentic AI turns digital trust into a runtime governance problem. A trust model built for scheduled workloads or human-approved access does not survive independent tool selection and execution timing. Once the actor can act at runtime, the security question is no longer whether it was enrolled correctly but whether it can still be trusted at the moment of use. Practitioners should read this as a governance shift, not a tooling tweak.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations tell whether an agent is operating outside its intended scope?
A: Look for tool calls, data access, and service interactions that do not match the original workflow design. The strongest indicators are unexpected destination systems, unusual chaining of actions, and missing approval artefacts. Those signals show the agent is acting with more authority than governance intended.
👉 Read our full editorial: Digital trust in the agentic AI era needs stronger identity controls