Notifications
Clear all
Topic starter
24/06/2026 7:19 pm
TL;DR: AI-generated and altered media are making metadata and platform signals unreliable for proving authenticity, so organisations are shifting toward cryptographic provenance that binds origin, integrity, and authorship to the content itself, according to DigiCert. That shift changes governance for content, certificates, and trust infrastructure at the workflow level, not just the detection layer.
NHIMG editorial — what this means for NHI practitioners
Questions worth separating out
Q: How should organisations verify the authenticity of AI-generated media?
A: Organisations should use cryptographic provenance rather than relying only on metadata or platform labels.
Q: Why do metadata and platform signals fail as authenticity controls?
A: They fail because they are easy to alter, strip, or lose as content moves across systems.
Q: How do content signing workflows affect identity governance?
A: They introduce lifecycle questions familiar to IAM and NHI programmes: who is allowed to sign, how signing credentials are issued, how long they remain valid, and how revocation is handled.
Practitioner guidance
- Map provenance to trust-critical workflows Identify which media workflows need origin, integrity, and authorship to remain verifiable after editing, sharing, or redistribution.
- Treat signing keys as governed assets Place certificate issuance, timestamping, and key management under formal ownership so content signing does not become an unmanaged capability.
- Separate provenance from platform trust signals Use platform labels and metadata as supporting context, but do not rely on them as the only evidence of authenticity.
What's in the full announcement
DigiCert's full press release covers the operational detail this post intentionally leaves for the source:
- Workflow-level examples for adding signing and verification into existing content pipelines
- Product-specific details on managed certificate issuance, timestamping, and API integration
- How C2PA-compliant credentials are embedded into images, video, and other digital assets
- The separate device-trust angle for capture-at-source signing on cameras, scanners, and related hardware
👉 Read DigiCert's announcement on Content Trust Manager for digital content provenance →
Content provenance for AI media: what does this mean for IAM teams?
Explore further
25/06/2026 4:33 am
Content authenticity is becoming a trust infrastructure problem, not a media problem. Once AI-generated and edited assets move through multiple systems, the core issue is no longer whether content looks credible but whether its provenance can be independently verified. That pushes content authenticity into the same governance conversation as certificates, signing, and lifecycle controls. Practitioners should treat provenance as part of identity and trust architecture, not as a sidecar to media tooling.
A few things that frame the scale:
- Only 44% of developers are reported to follow security best practices for secrets management, exposing a significant developer behaviour gap, according to The State of Secrets in AppSec.
- Another finding from the same research reports that organisations maintain an average of 6 distinct secrets manager instances, creating fragmentation that undermines centralised control.
A question worth separating out:
Q: What should security teams prioritise before rolling out provenance controls?
A: They should identify which content types actually need durable authenticity, then map the signing process, key ownership, verification path, and exception handling around those assets. If the governance model is not clear before deployment, provenance becomes another unmanaged trust layer rather than a control.
👉 Read our full editorial: Digital content authenticity now depends on cryptographic provenance
