AI, quantum and trust: what identity teams should prepare for

TL;DR: Post-quantum cryptography will move from roadmap item to deployed control, AI-driven phishing will surge, and manual certificate management is becoming unsustainable as shorter lifespans and automation pressures increase, according to DigiCert’s 2025 predictions. The governing issue is no longer awareness but whether identity and trust programmes can operationalise crypto-agility, provenance, and lifecycle control fast enough.

NHIMG editorial — based on content published by DigiCert: 10 ways AI, quantum and trust will shape the year ahead

By the numbers:

• Nearly 25% of enterprises manage their thousands of certificates manually.
• 23.53% of respondents said certificates are managed via manual effort.

Questions worth separating out

Q: How should security teams reduce risk from short-lived certificates and crypto-agility pressure?

A: They should treat certificates as governed identities with owners, expiry monitoring, and automated renewal paths.

Q: Why do AI-generated phishing attacks change human identity controls?

A: They reduce the value of message inspection as a control because attackers can now generate persuasive, context-aware lures at scale.

Q: What should organisations do when digital trust depends on content authenticity as well as identity?

A: They should treat provenance metadata, signature validation, and certificate trust as a single verification chain.

Practitioner guidance

• Inventory certificate-owned dependencies Map where certificates, keys, and trust anchors live across applications, HSMs, and operational workflows so you know which systems depend on manual renewal or policy exceptions.
• Move renewal out of spreadsheets Replace human-managed certificate tracking with automated discovery, expiry monitoring, and owner-based alerting so lifecycle actions happen before service disruption becomes likely.
• Adopt phishing-resistant verification paths Prioritise controls that reduce reliance on user judgement, including stronger authentication and explicit verification for high-risk requests, approvals, and account recovery.

What's in the full article

DigiCert's full blog covers the operational detail this post intentionally leaves for the source:

• Predictive rationale for each 2025 trend, including the certificate lifecycle and digital trust assumptions behind them.
• Specific discussion of PQC adoption drivers across hardware security modules, applications, and compliance planning.
• Additional context on C2PA, private PKI, and automated certificate management as trust programme components.
• The vendor's own perspective on vendor consolidation and digital trust operations that this post has intentionally not unpacked.

👉 Read DigiCert's 10 predictions for AI, quantum and digital trust in 2025 →

AI, quantum and trust: what identity teams should prepare for?

Explore further

View Full Forum →  |  NHI Foundation Course →