Certificate visibility blind spots: is your PKI ready for AI and outages?

TL;DR: Only 34% of organisations report complete certificate visibility, while 74% are highly concerned about certificate sprawl and nearly three-quarters fear outages from expired certificates, according to DigiCert’s 2026 Global PKI Research Report. Manual PKI management is no longer sustainable when machine identities multiply faster than teams can inventory, review, and automate them.

NHIMG editorial — based on content published by DigiCert: DigiCert Research Reveals Major Certificate Visibility Blind Spot for Enterprises

By the numbers:

• Only 34% of organizations report a complete and current view of their digital certificates.
• 74% report the same level of concern about certificate sprawl.

Questions worth separating out

Q: How should security teams govern certificate visibility across distributed environments?

A: Security teams should govern certificates as lifecycle-managed identity objects, not as isolated infrastructure assets.

Q: Why does certificate sprawl increase operational risk?

A: Certificate sprawl increases risk because every additional certificate adds another trust object that can expire, duplicate, or go unowned.

Q: How do organisations know whether certificate lifecycle automation is working?

A: Automation is working when renewals, replacements, and revocations happen without recurring manual intervention or last-minute firefighting.

Practitioner guidance

• Build a single certificate inventory Map every certificate to a system owner, workload owner, expiry date, renewal method, and revocation path.
• Replace spreadsheet tracking with lifecycle automation Automate discovery, renewal, and revocation workflows for certificates that support production services.
• Review certificate sprawl as an identity risk metric Track certificate counts, orphaned certificates, renewal failures, and manual exceptions in the same governance cadence used for NHI and privileged access reviews.

What's in the full report

DigiCert's full report covers the operational detail this post intentionally leaves for the source:

• Survey methodology from Omdia and the respondent profile across regions and industries
• Breakdowns of how organisations are prioritising PKI modernization and certificate lifecycle automation
• Findings on outage concerns, certificate sprawl, and quantum readiness that support board-level reporting
• The report's additional detail on AI and machine identity use cases that extend beyond this summary

👉 Read DigiCert's report on certificate visibility and PKI modernization →

Certificate visibility blind spots: is your PKI ready for AI and outages?

Explore further

View Full Forum →  |  NHI Foundation Course →