Sectigo Adds MCP Server to Certificate Management Platform
Sectigo has made available a Model Context Protocol (MCP) server that makes it possible for artificial intelligence (AI) agents to invoke its certificate lifecycle management (CLM) platform.
Jason Soroko, a senior fellow at Sectigo, said that as organizations begin to deploy AI agents at scale, the MCP Server for Sectigo Certificate Manager (SCM) enables cybersecurity teams to issue, revoke, replace, renew and approve digital certificates at scale.
Additionally, cybersecurity teams can automate those workflows or use natural language to perform those tasks, generate reports or search for specific certificates, noted Soroko.
Automating those workflows, however, using, for example, the Automated Certificate Management Environment (ACME) protocol will become increasingly crucial as the number of days before a certificate needs to be reissued continues to shrink, added Soroko. Longer term, many of those workflows will also make use of an open source Secure Production Identity Framework for Everyone (SPIFFE) framework that replaces long-lived keys and passwords with cryptographically verifiable machine identities that are dynamically issued.
Cybersecurity teams will also need to adopt a Merkle tree, also known as a hash tree, to create a structure through which AI agents can be securely given access to large amounts of related data, said Soroko.
Finally, cybersecurity teams will also need to account for the fact that the certificates being issued to AI agents are going to be significantly larger than previous generations of certificates, he added.
Most cybersecurity teams either have or soon will be revisiting how they manage certificates in anticipation of the fact that quantum computers sometime in the next three years will start breaking legacy encryption keys. The certificates that are issued to humans and AI agents alike will need to be based on quantum-resistant algorithms that have already been developed.
Most organizations are still in the early stages of that transition, but the rise of AI agents is likely to force the issue. As thousands of AI agents are deployed in the months ahead, most organizations would be well-advised to start issuing certificates to them that are based on quantum-resistant algorithms rather than at some time in the future having to upgrade them.
The one thing that is certain is AI agents provide a tempting target. Adversaries that gain control over an AI agent will be able to compromise entire workflows. It’s also probable cybercriminals will look to insert malicious AI agents into those workflows. Sectigo is making a case for extending a CLM platform that already serves more than 700,000 organizations to now include AI agents.
Regardless of approach, the management of certificates will become more challenging in the agentic AI era. In fact, it’s probable the total cost of cybersecurity will rise considerably in the age of AI even as more cybersecurity workflows become more automated. After all, each time an AI agent is deployed the overall size of the attack surface that needs to be defended just increases that much more. The challenge and the opportunity now is to determine the best way to achieve that goal in a way organizations can hope to afford.
