Notifications
Clear all
Topic starter
25/06/2026 5:26 pm
TL;DR: Enterprise demand for secure identity, certificate, and cryptographic trust across humans, machines, and AI systems is driving rising pressure around agentic AI and post-quantum readiness, while 210% three-year revenue growth and a sixth straight Deloitte Fast 500 appearance reflect the trend, according to Keyfactor. The signal for practitioners is that digital trust is moving from infrastructure hygiene to core identity governance.
NHIMG editorial — based on content published by Keyfactor: Keyfactor marks sixth consecutive year on Deloitte's Fast 500, continuing as the fastest-growing digital trust provider
By the numbers:
- Keyfactor says it achieved 210% three-year growth, earning Deloitte Technology Fast 500 recognition for the sixth consecutive year.
- Keyfactor says 2025 recognition marks its sixth consecutive year on the Fast 500.
Questions worth separating out
Q: How should security teams govern cryptographic identity for machine and agent access?
A: Security teams should govern cryptographic identity as part of identity lifecycle management, not as a separate PKI task.
Q: Why do AI agents complicate digital trust programmes?
A: AI agents complicate digital trust because authentication alone does not constrain runtime behaviour.
Q: What breaks when machine identities are not tied to lifecycle ownership?
A: When machine identities lack lifecycle ownership, certificates and tokens persist beyond their intended purpose and become standing access.
Practitioner guidance
- Inventory cryptographic identity owners Create a system-by-system register of certificates, keys, and tokens with named business and technical owners, then tie each asset to renewal and revocation responsibility.
- Review trust paths for machine and agent access Map where workloads, service accounts, and AI agents use certificates or tokens to reach tools and APIs, then remove any access path that cannot be attributed to a clear approval model.
- Test crypto-agility under change Validate whether certificate rotation, algorithm changes, and trust store updates can happen without service outages or manual exception handling.
What's in the full analysis
Keyfactor's full press release covers the company-specific growth narrative and product context this post intentionally leaves for the source:
- Its own explanation of how strategic acquisitions and product innovation contributed to revenue growth.
- The vendor's framing of agentic AI capabilities and cryptographic identity as part of its portfolio.
- The Deloitte Fast 500 context and eligibility criteria that underpin the ranking.
- Company-level detail on post-quantum and crypto-agility positioning.
👉 Read Keyfactor's press release on Fast 500 growth and digital trust demand →
AI agent identity and digital trust: what it means for IAM teams?
Explore further
25/06/2026 6:06 pm
Digital trust is becoming the control plane for machine and agent identity, not just a certificate-management problem. The article's growth message is a market signal that enterprises are buying into cryptographic assurance as the way to scale identity across workloads, systems, and emerging AI agents. That shifts the conversation from isolated PKI operations to lifecycle governance, ownership, and revocation across every non-human actor. Practitioners should treat digital trust as an identity architecture issue, not a tooling silo.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Another finding from our research shows that 71% of NHIs are not rotated within recommended time frames, which keeps trust relationships alive longer than governance teams expect.
A question worth separating out:
Q: How do teams decide whether to treat an AI system as a governed identity?
A: Treat an AI system as a governed identity when it can independently access tools, data, or actions that affect production outcomes. At that point, the team needs clear ownership, scope boundaries, monitoring, and revocation. If those controls do not exist, the system is operating as an unmanaged identity, not a controlled one.
👉 Read our full editorial: Keyfactor's AI agent identity push reflects rising trust demand
