
Summaries like this, in your inbox every morning.
Sign up free →Certisfy added the ability to create custom cryptographic trust chains (digital verification systems) that work independently of Certisfy's own root authority. Root certificate owners can set their own rules for who can issue verified claims, and users can whitelist trusted roots to verify signatures on software packages, AI instructions, or Git commits.
Unlike Git's built-in commit verification (which has no delegation mechanism), a developer can now embed their signing key onto a trusted chain certificate, letting anyone verify both the signature AND that the signer belongs to a trusted authority chain — making it harder for malicious code to sneak into shared software libraries.
Software maintainers and AI instruction package distributors can now implement their own vetting procedures without building from scratch. For example, a well-known researcher could create a root certificate and delegate signing authority to vetted contributors, letting teams distribute AI agent skills or code libraries with cryptographic proof of origin — addressing supply chain attacks where compromised developers slip malware into widely-used packages.
No discussion yet for this article
Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack