DigiCert maps 2026 AI trust & quantum security agenda
DigiCert has outlined eight security priorities it expects will shape organisational risk strategies in 2026, with Australian and wider Asia-Pacific enterprises forecast to focus on AI integrity, automation and preparation for quantum-safe cryptography.
The Utah-based digital trust provider said it expects a shift in security thinking as certificate lifespans shrink, post-quantum cryptography (PQC) moves up board agendas and regulators tighten expectations around resilience, AI governance and content authenticity.
DigiCert said it sees Australia as an early mover in several of these trends. The company pointed to new operational resilience rules and guidance from intelligence agencies on quantum planning as catalysts for change in local security programmes.
"In 2026, security in Australia will become increasingly operational. Shorter certificate lifespans will make manual processes untenable, driving organisations to fully automate certificate management to prevent outages," said Daniel Sutherland, Regional Vice President at DigiCert, Australia and New Zealand. "At the same time, quantum computing is shifting from a future concern to a present-day priority, with Australian Signals Directorate guidance accelerating planning for post-quantum cryptography, recommending businesses have a plan to migrate to a PQC future by the end of 2026".
Sutherland said organisations deploying AI at scale would face new demands for traceability and proof of origin across data and models.
"As AI becomes more autonomous, trust will be increasingly defined by verifiable provenance and cryptographic safeguards, that ensure authenticity and accountability across systems and data. This shift will drive adoption of cryptographic signing, provenance tracking and emerging standards such as Model Context Protocol (MCP) to govern AI across its lifecycle, especially as regulators and boards sharpen their focus on responsible AI. Those that act early to automate certificate management, plan for post-quantum cryptography, and embed AI integrity into their operations will not only strengthen security and compliance but also position themselves as market leaders in Australia's rapidly evolving digital landscape. 2026 is the time to start," Sutherland continues.
AI integrity
DigiCert expects authenticity concerns around AI models, datasets and autonomous agents to overtake data confidentiality as the primary trust issue for large organisations. It cited internal research indicating that 97% of enterprise IT leaders in Asia Pacific have implemented or plan to implement AI agents within two years.
The company forecasts that enterprises will assign verifiable identities to AI agents. It also expects cryptographic provenance and lifecycle tracking for models and training data to become standard practice.
Chief Technology Officer Jason Sabin said this will sit alongside broader shifts in identity and encryption strategy. "Security in 2026 won't just be about protecting systems, it will be about proving integrity across every digital interaction," said Jason Sabin, Chief Technology Officer at DigiCert. "As AI accelerates, machine identities multiply, and quantum computing advances, intelligent trust will become the foundation that keeps businesses resilient, verifiable, and secure. The organisations that embrace automation, provenance, and quantum-safe readiness now will define the trust landscape for the next decade."
Resilience and regulation
DigiCert said it expects resilience to move from an IT-led priority to a central board concern. It linked this trend to regulation such as the EU's Digital Operational Resilience Act and to Asia-Pacific rules including the Monetary Authority of Singapore's Technology Risk Management guidelines and Australia's CPS 230 regime.
Under these frameworks, the company expects organisations to face stronger tests of their ability to maintain DNS, identity and certificate operations during disruption. It said uptime and recoverability will tie more directly to financial and operational risk assessments.
Automation pressure
The firm highlighted a coming reduction in the permitted lifetime of public TLS certificates. It said lifetimes are moving towards 200 days as part of a phased reduction to 47 days.
DigiCert said this change will increase manual renewal workloads for security teams that still manage certificates through spreadsheets or ad hoc processes. It expects organisations to adopt end-to-end certificate automation, with an aim of reducing outages and building what the company describes as self-healing trust infrastructures.
Quantum readiness
The company forecasts the first practical quantum computer that solves "meaningful problems" will emerge during the next planning cycle. It said early signs of post-quantum work are already visible in Asia Pacific.
Examples cited include guidance from Singapore's Cyber Security Agency on quantum-safe approaches and telecoms deployments of hybrid quantum-safe networks. In India, the National Quantum Mission and increased funding for domestic research are expected to increase pressure on sectors such as banking and financial services, identity systems and telecoms to begin PQC pilots.
DigiCert expects early pilots to encounter interoperability issues. It said certificate frameworks and software stacks will need adjustment as quantum-safe algorithms enter mainstream standards.
Content and email trust
The firm expects content authenticity concerns around generative AI and deepfakes to trigger stricter controls on digital media. It forecasts that governments and major platforms will begin enforcing C2PA standards for AI-generated and edited content and will require watermarking and cryptographic provenance for publication across news, social media and commerce platforms.
In India, DigiCert said recent IT rules, deepfake advisories and official warnings have nudged providers towards mandatory provenance measures even in the absence of a formal C2PA requirement.
AI-driven phishing is expected to reshape email security strategies. DigiCert said enterprises will increasingly use Verified Mark Certificates and strict DMARC enforcement so that receiving systems can verify sender identities and brand indicators. It predicted that verified identity will become a baseline expectation for business email.
Machine identities
DigiCert projected that machine identities such as connected devices and AI agents will outnumber human identities by around 100 to one. It said this imbalance will force changes in how organisations design identity architectures and monitoring.
The company expects standards bodies to embed quantum-safe cryptographic algorithms into device ecosystems. It said PQC-ready identity frameworks will become mandatory in many environments as a result.
Asia-Pacific landscape
DigiCert said regulatory activity and infrastructure projects across Asia Pacific are shifting intelligent trust from strategy to implementation. It cited progress in quantum planning, AI governance and the modernisation of public key infrastructure (PKI).
"Across Asia Pacific, we're seeing a shift from planning to action when it comes to intelligent trust. In markets like Australia, regulatory momentum, Zero Trust programs, and the surge of IoT are pushing organisations to automate identity and certificate lifecycles. Singapore is moving fast on quantum-safe planning and AI governance frameworks. And in India, the conversation is expanding beyond technology into governance, talent readiness, and digital sovereignty. In 2026, the organisations that stay ahead will be the ones that treat identity, resilience, and authenticity not as IT functions, but as core pillars of governance and competitive advantage." said James Cook, Asia-Pacific group vice-president of DigiCert.