Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI trust across agents and content: what IAM teams should see


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: AI trust is eroding as shadow AI appears in more than 90% of organisations, deepfake files rise from about 500,000 in 2023 to over 8 million in 2025, and only 40% of consumers trust AI as an information source, according to DigiCert and Business Insider. Trust now has to be proven through identity, integrity, and auditability, not assumed.

NHIMG editorial — based on content published by DigiCert: The degradation of trust in the age of AI

By the numbers:

Questions worth separating out

Q: How should security teams govern shadow AI without blocking business use?

A: Start by identifying where shadow AI already exists, then classify the data, identities, and business processes it touches.

Q: Why do AI agents create governance problems for IAM teams?

A: AI agents can act, select tasks, and process data with limited supervision, so standard access records do not always capture who initiated the action or why.

Q: How can organisations prove content authenticity in an AI-heavy environment?

A: Use cryptographic provenance controls that preserve origin and modification history from creation through distribution.

Practitioner guidance

  • Inventory unapproved AI usage paths Map where employees are already using shadow AI, then tie each tool to the data types, systems, and identities involved.
  • Bind AI agents to cryptographic identity Require each agent that can act on business systems to have a clear identity, scoped authorization, and an audit trail that preserves responsibility across the full action path.
  • Verify provenance for high-risk content Adopt authenticity checks for customer communications, evidence records, and brand-sensitive media so you can validate source and modification history before distribution.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

  • How DigiCert frames cryptographic identity for AI agents and where it fits in lifecycle governance
  • The article's breakdown of model integrity, provenance, and secure execution controls for AI systems
  • Its C2PA discussion and the specific metadata questions practitioners should ask about authenticity
  • The vendor's explanation of how identity, integrity, and accountability are positioned across agents, models, and content

👉 Read DigiCert's analysis of trust degradation across AI agents, models, and content →

AI trust across agents and content: what IAM teams should see?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Trust in AI has become an identity problem, not a perception problem. The article shows that the trust surface now spans agents, models, and content, which means governance cannot stop at policy statements or usage guidance. When an AI actor can initiate actions, process data, and generate outputs, the question becomes whether identity, authorization, and audit can still bind the behaviour to an accountable owner. Practitioners should treat trust as a control plane, not a brand promise.

A few things that frame the scale:

  • The number of deepfake files has exploded from roughly 500,000 in 2023 to more than 8 million in 2025, according to The State of Secrets in AppSec.
  • 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases.

A question worth separating out:

Q: Who is accountable when an AI system makes a harmful decision?

A: Accountability should sit with the organisation that approved the system, defined its operating boundaries, and accepted the risk. If no clear owner exists for approvals, monitoring, and remediation, the governance model is already too weak to support trustworthy AI.

👉 Read our full editorial: AI trust is breaking across agents, models, and content



   
ReplyQuote
Share: