Trust Boundaries in AI-Driven Systems: Implications for PKI and Internet-Scale Trust
Main Article Content
Abstract
Public Key Infrastructure (PKI) has served as the foundational trust mechanism for internet-scale systems, enabling authenticated communication through cryptographically verifiable identities. Traditional PKI models assume authenticated identities represent actors whose behavioral scope is human-directed and operationally bounded. AI-driven autonomous systems challenge these assumptions as behavioral scope expands dynamically beyond the authority encoded in credentials. This article examines how autonomous systems reshape trust boundaries within PKI-based infrastructures, identifying a structural divergence between identity scope and behavioral scope. Three findings emerge: authenticated machine identities exhibit behavioral scope inflation that static credential governance cannot bound; delegated authority amplification produces aggregate operational scope exceeding individual credential assumptions; and machine-to-machine trust chains require audit infrastructure above individual certificate validation. PKI must therefore function as a foundational layer within a broader trust ecosystem incorporating behavioral policy enforcement, runtime authorization, and operational sequence logging.