Lehi, Utah — July 7, 2026

New global research from Lehi-based DigiCert shows that AI has moved well past the experimentation phase inside most organizations, and that governance is struggling to keep pace with adoption. The company's newly released AI Trust Outlook report, based on a survey of 1,001 IT and cybersecurity decision-makers across the U.S., U.K., and Australia, found that 78% of organizations have already experienced an AI-related security incident or identified an AI-related vulnerability.

DigiCert Field CTO Mike Nelson, who spoke with TechBuzz by phone from a train en route to Zurich, said the finding tracks with what he hears constantly from security leaders. He grouped the incidents into four broad categories: data leakage, where employees feed sensitive company information into AI tools without authorization; AI-generated misinformation, where hallucinated outputs influence real business decisions; weak or absent usage governance; and a broader lack of identity and trust infrastructure for the AI agents now operating inside corporate environments.

"Data leakage can certainly be compromising to your strategy if your competitors gain access to it," Nelson said, describing scenarios where sensitive information entered into an AI system later surfaces elsewhere. He added that some organizations have started probing competitors' AI tools specifically to test whether leaked data turns up — a sign of how seriously the risk is being taken.

Adoption is outrunning oversight

The report found that 75% of organizations deployed four or more AI-powered systems in just the past six months, and 35% deployed more than ten. Executive attention has followed: 90% of organizations say they've discussed AI governance at the board or executive level. But talk hasn't translated into infrastructure. Only half have dedicated budgets and formal governance programs, and just 64% have completed the basic first step of inventorying which AI systems they actually have running.

That gap between awareness and execution was the finding that stuck with Nelson most. "I think, for me, it's surprising the number of organizations that still lack governance for their AI," he said. "They're not moving to build the governance models and the protections to ensure their organizations remain safe and secure as that adoption accelerates." Roughly half of organizations lack centralized, executive-reported visibility into their AI systems at all.

Traceability is a related soft spot: only 53% of organizations say they can fully trace an AI-generated decision back to the model and source data that produced it, and the gap holds up almost identically across all three countries surveyed (53% in the U.S., 54% in the U.K., 52% in Australia). Nelson framed the stakes plainly: if a strategic business decision turns out to be based on a hallucinated input, "you're going to want traceability back to that to understand how was that decision made."

Borrowing the internet's old playbook

Rather than treating AI as an unprecedented security problem, Nelson argued it's a familiar one arriving at new speed. He compared today's AI landscape to the internet 25 years ago, before public key infrastructure, digital signatures, and DNS security matured into the trust framework people now take for granted every time they check that a banking website is legitimate. "AI isn't creating a new security problem," he said. "I think it's accelerating an old security problem... we just don't have it into a model yet, and we need to figure that out."

That framing extends to how DigiCert thinks about AI agents specifically. Nelson said agents should be treated not as users but as autonomous workloads — software that needs to authenticate itself without a human logging in. He pointed to SPIFFE and SPIRE, open identity frameworks now being positioned by NIST and the IETF as the foundation for workload identity, and said DigiCert is directly involved in the IETF's WIMSE (Workload Identity in Multi-System Environments) working group, which is defining how AI agents get treated as distinct workload identities rather than extensions of a user's login. Without that kind of identity layer, he said, organizations have no reliable way to trace an agent's actions back to its source or shut it down if something goes wrong.

A slide from Mike Nelson's presentation proposes extending the DNS-based trust model behind email's SPF/DKIM/DMARC framework to AI agents, letting organizations publish authorized agent identities and permitted scopes as DNS records, and instructing receivers to kill an agent's session if its credentials or scope don't check out.

Elsewhere in his recent travels through Europe, Nelson has been presenting a related concept he calls DNS-based agent trust, modeled directly on DMARC, the IETF-defined framework that lets email systems verify a message actually came from the domain it claims to. In his telling, the same pattern could apply to AI agents: an organization publishes its authorized agent identities and a certificate authority in a DNS record, declares what scopes each agent is permitted to operate within — read-only access, specific APIs, an approved domain list — and sets a policy that kills an agent's session outright if its credentials or scope don't check out. A receiving system would look up an organization's agent policy record the same way a mail server today checks _dmarc.example.com, and get a straightforward answer as to whether the agent knocking on the door is legitimate. It's a good illustration of the same core argument Nelson made on the phone: the infrastructure to solve AI trust already exists, largely unmodified, in tools built for a different era of the internet.

The report's numbers on agent identity back that concern up: nearly half of organizations have assigned unique digital identities to all of their AI agents, and about four in ten have assigned identities to at least some agents — progress, but still leaving a meaningful share of agents operating without any traceable identity at all.

DigiCert Field CTO Mike Nelson in Europe presenting "Securing AI: Agent and Model Governance" at a technology conference, using data and findings from the company's new AI Trust Outlook report.

What separates the organizations that are ahead

Asked what distinguishes organizations with mature AI governance from those without it, Nelson said it usually comes down to one of two motivators: pain or opportunity. Organizations that have already experienced an incident tend to respond by building governance reactively. Others move proactively because they recognize that controlled, well-governed AI adoption is what lets them actually capture the productivity gains at scale. "Sadly, not all executives and boards fall into one of those two camps," he said. "Many are still simply undecided on what to do."

The biggest mistake he sees organizations make is choosing not to look. "A lot of executives are like, hey, this is going to accelerate, I'm just going to let employees use it, and I'm not going to worry about the risks," Nelson noted, calling that approach irresponsible given the consequences of an unexamined hallucination shaping a real business decision.

Other findings from the report reflect organizations bracing for consequences even where governance maturity lags: 90% have evaluated their AI-related liability exposure, 86% have formal or informal processes for revoking access from compromised AI systems, and 57% have set aside dedicated budget for securing AI specifically.

Industry and geography

The report found AI-related incidents widespread across every industry surveyed, ranging from 65% in manufacturing up to 83% in science and technology. Telecom and media respondents reported the most mature AI governance overall, with 76% maintaining complete AI agent inventories. Retail showed the widest explainability gap, with only 45% of respondents able to fully trace AI decisions back to their source, well below the cross-industry pattern.

Geographically, the report found the accountability gap to be remarkably consistent rather than regional. "The takeaway isn't that one country is ahead and another behind," the report states. "It's that everyone is working through the same trust challenges at the same time."

Looking ahead

Nelson expects the next 12 to 24 months to bring more, not fewer, stories about the incident categories the report identifies, as organizations without governance in place continue to encounter the consequences. He said DigiCert's own product roadmap is being shaped directly by the findings: building out tools for agent visibility, policy enforcement, and identity assignment, alongside work protecting the AI models themselves. He pointed to medical device manufacturers as one example: companies building diagnostic AI models that run inside hospital environments they don't own or control, where digital signatures help ensure a model hasn't been tampered with or swapped out before it reaches a radiologist.

Mike Nelson, Field CTO for Digicert, presenting in Europe DigiCert's Confidential Computing Attestation Services, a service built to extend trust verification to workloads running on Google Cloud, another piece of the model-protection work he says is now being pulled forward by the AI Trust Outlook findings.

That model-protection work was on display elsewhere in his travels, too: another session had Nelson walking through DigiCert's Confidential Computing Attestation Services, a service built specifically to extend trust verification to Google Cloud customers' workloads, the kind of infrastructure-level attestation that underpins the assurances he described around AI models running in environments an organization doesn't fully control.

"I don't think it's a new security problem," Nelson said of the broader AI trust challenge facing the industry. "It's the same one, accelerated. The technology to solve it already exists. We just have to put it into a model."


DigiCert AI Trust Outlook was conducted by Market Research firm Propeller Insights on behalf of DigiCert in May 2026, surveying 1,001 IT and cybersecurity decision-makers across the United States (500), United Kingdom (251), and Australia (250).

All conference photos courtesy of Mike Nelson / DigiCert.

Share this article
The link has been copied!