ATLANTA–(BUSINESS WIRE)–Keyfactor, the leader in digital trust for modern enterprises, today announced a new capability that applies its industry-leading PKI and certificate lifecycle management (CLM) solutions to secure Agentic AI systems. This advancement demonstrates how organizations can extend Zero Trust principles to autonomous AI agents, providing cryptographic identity and governance at enterprise scale.
The stakes for security rise when firms use AI agents to automate tasks. Agentic AI can work on its own across important systems, APIs, and cloud resources, unlike regular software. These agents could become the weakest link in business security if they don’t have sufficient identity constraints. Even agents that are only around for a brief time and only do one thing need a strong, unique identity. Keyfactor makes sure that every AI agent and every system it connects to has a valid, cryptographically backed identity by using X.509 certificates. This lets businesses use AI safely and confidently.
Ellen Boehm, SVP of IoT and AI Identity Innovation at Keyfactor, stated, “Organizations want to scale AI agents, but they are going through a new identity crisis where static credentials like API keys and client secrets don’t provide accountability or security.” “Keyfactor’s PKI foundation gives AI agents the same strong, auditable identity as people and devices, which lets businesses safely adopt AI in line with Zero Trust principles.”
How It Works
Keyfactor’s approach applies proven PKI and certificate lifecycle automation to agentic AI environments:
- Cryptographic Identity: Each AI agent is issued a unique X.509 certificate, creating a verifiable, non-repudiable identity that cannot be forged or accidentally shared.
- Certificate-Based OAuth Flows: Instead of relying on static secrets, OAuth tokens are anchored to client certificates, ensuring actions are securely tied back to a specific agent or user.
- Mutual Authentication: AI-to-service and agent-to-agent communications are protected with mutual TLS, allowing both sides to verify identity before sharing data.
- Automation at Scale: For containerized or short-lived AI agents, Keyfactor integrates with SPIFFE to automatically assign, rotate, and revoke certificates with zero manual effort.
- Policy-Driven Control: Certificate extensions define what systems an agent can access, what operations it can perform, and when, providing built-in governance and auditability.
This layered approach extends Zero Trust principles to environments where AI agents operate, enabling organizations to deploy thousands of autonomous or semi-autonomous agents without sacrificing security, compliance, or oversight….Read Full Post Here