SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Lakshmi
#
Encryption
#
Physical Security
#
IAM

Proof beats promise: The trust crisis AI is creating

Mon, 20th Apr 2026 (Today)
By Lakshmi Hanspal, Chief Trust Officer, DigiCert

Artificial intelligence is transforming enterprise systems, quietly dismantling the foundations of digital trust.

For decades, organisations operated on a set of assumptions: if a system was inside the perimeter, if a user had credentials, if a process passed validation, it could be trusted. That model is breaking down in real time.

AI systems now generate content indistinguishable from reality, make decisions that shape business outcomes, and act autonomously across critical infrastructure. They operate at machine speed, across environments that are often opaque even to their creators. And yet, most organisations are still relying on trust models built for a slower, more predictable world.

The result is a widening gap between what AI systems can do, and what we can actually trust them to do.

But make no mistake; this is not a future risk. It is happening now.

Organisations are being asked to make decisions based on AI-generated outputs they cannot fully verify. They are deploying models without clear mechanisms to prove integrity. They are introducing autonomous agents into workflows without the ability to consistently govern or audit their behaviour.

The question is no longer whether AI systems are secure.

It is whether they are trustworthy.

And increasingly, those are not the same thing.

Trust in the AI era is not about confidence, it's about proof: where did this content come from?  Has this model been altered?  Can this agent be relied on to act within its intended boundaries?

If organisations cannot answer these questions with certainty while demonstrating those answers to regulators, partners, and customers, then trust does not exist, regardless of how advanced the system may be.

Yet most approaches to AI security are still focused on controlling access rather than verifying behaviour. Identity remains the primary control point, but identity alone is insufficient in a world where systems act autonomously and continuously evolve.

An AI agent may have an identity. That does not mean its actions are valid.

A model may be deployed. That does not mean it has not been modified.

Content may appear legitimate. That does not mean it is authentic.

This is the core problem: we are scaling intelligence without scaling trust.

To close that gap, trust must be engineered into the system itself.

This starts with provenance: the ability to trace where content originates and how it has been modified. In an environment where synthetic media is indistinguishable from reality, provenance is not a feature; it is a requirement for managing risk.

It requires integrity: ensuring that AI models have not been tampered with and are running in trusted environments. This is especially critical in confidential computing contexts, where sensitive data is processed in isolation but still demands verification at runtime.

And it demands accountability: binding every action taken by an AI agent to a verifiable identity, governed by policy, and recorded in a way that can withstand regulatory and forensic scrutiny.

These are not incremental improvements. They represent a shift in how trust is defined and enforced.

Policy alone will not solve this. Governance frameworks without technical enforcement mechanisms are inherently limited. To make trust real, organisations need infrastructure that can prove it.

Cryptographic controls, attestation, and policy enforcement provide that foundation. They enable organisations to verify (not assume) the integrity of systems, the origin of data, and the legitimacy of actions.

This is where the conversation is headed, whether organisations are ready or not.

Regulators are already signaling a shift toward accountability and traceability in AI systems. Enterprises will be expected to demonstrate not just that their systems are secure, but that they can prove their trustworthiness under scrutiny.

This changes the equation.

Trust is no longer a byproduct of security. It is an outcome that must be designed, measured, and enforced.

As expectations shift toward accountability, the burden is no longer on whether systems function, but whether organisations can demonstrate that they function as intended. That's a very different standard that many are not prepared for.

AI is accelerating faster than the systems designed to govern it.

If trust does not keep up, the consequences will not be theoretical.

They will be systemic.

And in that environment, one principle becomes clear: proof beats promise.

Lakshmi Hanspal, Chief Trust Officer, DigiCert
Related stories
Gallagher Security chief celebrates 20 years of growth
Netskope's Tony Burnside - visibility is key to AI security
Nextro wins Fortinet SASE specialisation in New Zealand
Areto founder Jacqueline Comer wins global AI safety award
Retailers link one million repeat offenders in Auror network

Top stories

Geotab joins TAPA APAC to strengthen cargo security efforts
Databricks names Simon Davies to lead APJ expansion
Mythos changes everything: Is your AI agent security ready?
WitFoo opens 100 million-record cyber attack dataset
LogicMonitor taps Chillisoft for ANZ expansion push