TL;DR: Post-quantum cryptography, AI-driven phishing, shorter certificate lifespans, and continued certificate automation pressure headline 2025 predictions, with manual certificate management still common in nearly a quarter of enterprises, according to DigiCert. The real governance issue is that trust operations are becoming too dynamic for spreadsheet-era controls.
NHIMG editorial — based on content published by DigiCert: DigiCert’s 2025 security predictions
By the numbers:
- Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
Questions worth separating out
Q: How should organisations prepare certificate estates for shorter lifespans?
A: They should treat certificate management as a continuous lifecycle process, not a periodic admin task.
Q: Why does AI-driven phishing change identity security decisions?
A: It lowers the reliability of human judgment in routine trust checks, which means organisations need stronger process controls.
Q: What breaks when cryptographic agility is missing?
A: Migrations stall because organisations cannot change certificates, algorithms, or trust chains quickly enough to meet new requirements.
Practitioner guidance
- Inventory every certificate and trust dependency Create a living inventory of TLS certificates, internal PKI assets, embedded keys, and application dependencies so renewal and migration can be planned centrally.
- Automate issuance, renewal, and revocation Replace manual renewal flows with automated certificate lifecycle management, including alerts for expiring assets and revocation paths for compromised trust material.
- Map cryptographic dependencies before PQC migration Identify which applications, libraries, devices, and identity systems depend on each algorithm so you can sequence quantum-safe changes without breaking service.
What's in the full article
DigiCert's full press release covers the operational detail this post intentionally leaves for the source:
- The specific 2025 prediction wording and the vendor's full rationale behind each forecast.
- The cited survey detail behind manual certificate management and the broader trust context.
- The vendor's discussion of digital trust, CTrOs, and crypto-agility as presented in the original release.
- The full list of predictions, including the sections on content provenance, IoT resilience, and private PKI standards.
👉 Read DigiCert’s 2025 security predictions on trust automation and PQC →
2025 security predictions: what they mean for identity teams?
Explore further
Digital trust is becoming a lifecycle governance problem, not a point control. The article’s mix of PQC, certificate automation, and AI phishing shows that trust assets now move, expire, and fail faster than annual review cycles can handle. That means certificate governance, secrets governance, and identity governance are converging around the same operational question: can the organisation actually see, renew, and revoke trust artefacts before they fail? Practitioners should treat trust lifecycle control as a core identity programme requirement.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to Ultimate Guide to NHIs.
- Another 71% of NHIs are not rotated within recommended time frames, which shows how quickly trust objects drift out of governance once lifecycle discipline weakens.
A question worth separating out:
Q: How do teams know whether trust automation is actually working?
A: They should measure renewal success rates, expiry exceptions, revocation latency, and the percentage of certificates still handled manually. If those signals are not improving, the programme is still exposed to the same lifecycle failures it was meant to remove.
👉 Read our full editorial: DigiCert’s 2025 security predictions point to trust automation