TL;DR: Shorter certificate lifetimes, broader AI adoption, PQC planning, and persistent ransomware are converging into an operational test for identity and PKI teams, according to GlobalSign. The underlying issue is that trust models built for slower change now collide with faster rotation, weaker visibility, and more dynamic digital identities.
NHIMG editorial — based on content published by GlobalSign: 2026 predictions for cybersecurity, identity, certificates, AI, and ransomware
By the numbers:
- Only 38% have automated certificate lifecycle management in place.
- 69% of organisations now have more machine identities than human ones.
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures.
Questions worth separating out
Q: How should security teams handle certificate lifecycles as validity windows get shorter?
A: They should treat certificate lifecycle as a continuous identity process, not a periodic maintenance task.
Q: Why do short-lived certificates create more operational risk even when they improve security?
A: Shorter lifetimes reduce exposure, but they also compress the time available for detection, renewal, and exception handling.
Q: What do teams get wrong about using AI in identity and certificate operations?
A: They often assume AI will solve governance gaps on its own.
Practitioner guidance
- Inventory every certificate and owning service Build a complete inventory that ties each certificate to a business owner, system owner, renewal source, and dependency chain.
- Automate renewal before shortening lifetimes bites Replace spreadsheet-driven renewals with event-driven automation for issuance, rotation, and revocation.
- Separate trust monitoring from human review cycles Use continuous monitoring for certificate health, expiration drift, and failed renewals instead of waiting for periodic access review or ticket queues.
What's in the full article
GlobalSign's full article covers the operational detail this post intentionally leaves for the source:
- The specific 47-day certificate timeline and the March 2026 deadlines that affect renewal planning.
- The article's full reasoning on why AI is changing both attack and defence patterns across identity systems.
- The post's discussion of PQC only sketches the migration pressure, while the source expands on hybrid and short-lived certificate strategy.
- The source also includes the article's practical framing for cloud PKI and service identity automation.
👉 Read GlobalSign's outlook on 2026 PKI, AI, and certificate automation →
Certificate short-lived trust and AI pressure: are controls keeping up?
Explore further
Certificate lifecycle is now an identity governance control, not a PKI housekeeping task. Shorter validity windows turn renewal, ownership, and revocation into a continuous assurance problem. The organisations that still treat certificates as background infrastructure will absorb avoidable outages and trust failures. The practitioner conclusion is simple: certificate lifecycle must sit inside identity governance, not beside it.
A few things that frame the scale:
- 69% of organisations now have more machine identities than human ones, according to our Ultimate Guide to NHIs.
- 57% of organisations lack a complete inventory of their machine identities, which means many teams are still trying to govern trust without a full asset map.
A question worth separating out:
Q: Who is accountable when certificate failures cause outages or trust breaks?
A: Accountability should sit with the service owner, identity owner, and platform owner together, because certificate failures are usually a dependency problem, not a single-team mistake. Governance frameworks need named ownership for renewal, revocation, and dependency mapping so that operational failures can be traced and corrected quickly.
👉 Read our full editorial: 2026 puts certificate automation and identity assurance under pressure