Keyfactor Raises Over $1 Billion to Tackle AI and Post-Quantum Security

The investment backs technology that manages digital certificates and cryptographic keys, as companies race to prepare for a generation of threats that today's encryption may not survive.

ThreatVectr Newsdesk· 3 min read
Macro photograph of a physical combination padlock resting on a brushed-metal server rack panel, shallow depth of field, cool blue and silver tones, sharp focus
Share

Key points

  • Keyfactor received more than $1 billion in investment funding, reported by SecurityWeek.
  • The money targets Keyfactor's platform for managing machine identities, PKI, and cryptographic security.
  • PKI, or Public Key Infrastructure, is the system of digital certificates that proves a website, device, or piece of software is genuine and not a fake.
  • The investment is partly driven by concerns about post-quantum computing, meaning computers powerful enough to crack the encryption that protects most internet traffic today.
  • Enterprises are also under pressure to manage AI-driven security risks, where automated systems create millions of new digital identities that must each be verified and trusted.

Keyfactor builds software that tracks and manages digital certificates. Think of a digital certificate as a kind of ID badge for a website or a connected device. When your browser shows a padlock in the address bar, a certificate is what made that padlock appear. Organisations can have thousands of these certificates running at once, and when one expires or gets stolen, things break or, worse, criminals slip through.

Why does a billion-dollar investment matter to ordinary people?

It matters because the security of the certificates behind everyday services, online banking, hospital records systems, payment terminals, is only as good as the tools managing them. Keyfactor's pitch is that existing tools are not ready for two arriving problems.

The first is AI. Automated systems now spin up new devices and services at a pace humans cannot track manually. Each one needs its own digital identity. The second problem is post-quantum computing. Quantum computers, machines that process information in a fundamentally different way from normal computers, are expected to eventually break the encryption methods most businesses rely on today. Security researchers call this the harvest-now-decrypt-later threat: criminals are already collecting encrypted data today, planning to crack it once the hardware catches up.

Neither threat has caused a widespread breach yet. But the window for preparation is not infinite.

Keyfactor's platform handles PKI management and what the industry calls machine identity, meaning the automated process of issuing, renewing, and revoking certificates across an organisation's entire network. The billion-plus investment is intended to speed up product development and expand the company's reach into enterprises preparing for these shifts.

No customer data was exposed in this story. This is a funding announcement, not a breach.

What organisations using certificate management tools should consider

If your business relies on digital certificates (and most do, even if IT staff handle them quietly in the background), now is a reasonable time to ask two questions: how many certificates are we running, and do we know when each one expires? Expired certificates are among the most common, and most preventable, causes of outages and security gaps.

Post-quantum readiness is a longer project, but organisations that start auditing their cryptographic dependencies now will have far less scrambling to do when standards shift.

© 2026 Threat Vectr