SHARED INTEL Q&A: PKI’s Unfinished Business—’digital Passports’ for Content, Models and Agents

Public‑key infrastructure, the silent workhorse behind HTTPS, is entering a rapid‑change phase. The industry‑wide mandate to shrink TLS certificate lifetimes from a year to just 47 days by 2029 forces organizations to automate issuance, renewal, and revocation at unprecedented speed. Failure to do so translates into a surge of certificate‑related outages—potentially dozens per day for large enterprises—while also exposing legacy tooling that cannot keep pace with the volume of machine identities now outnumbering human users by a factor of one hundred.

At the same time, generative AI introduces three distinct trust challenges that PKI must address. First, synthetic media can be indistinguishable from reality; initiatives like the Coalition for Content Provenance and Authenticity (C2PA) embed PKI signatures into videos and images, enabling a zero‑trust media model where unsigned assets are assumed fake. Second, the explosion of AI models—over two million on platforms such as Hugging Face—requires signed model packages to verify provenance and integrity, forming a trusted AI supply chain. Third, autonomous agents act as smart workloads, demanding cryptographic "digital passports" via standards like SPIFFE and SPIRE to enforce granular authorization and instant revocation.

The convergence of tighter TLS cycles, quantum‑safe cryptography migration, and AI‑driven trust demands creates a once‑in‑30‑year upgrade window. Boards are already questioning execution timelines, and regulators are poised to scrutinize AI bill‑of‑materials. Companies that invest now in automated PKI orchestration, model signing pipelines, and agent identity frameworks will not only avoid operational disruption but also gain a competitive edge in a market where secure, auditable AI is becoming a prerequisite for digital transformation.