Keycard is a critical infrastructure provider in the AI agent stack, specifically addressing the Identity and Access Management (IAM) layer. As agents move from basic chat interfaces to autonomous actors capable of executing code and calling APIs, the risk of unauthorized actions increases. Keycard provides the 'control plane' that ensures these agents operate within defined security boundaries, using task-scoped credentials rather than persistent administrative keys.

The company is a major champion of the Model Context Protocol (MCP), providing the necessary governance layer to make the protocol viable for enterprise use. For developers building agents, Keycard removes the burden of managing complex authentication flows for dozens of downstream services, replacing them with a single SDK that handles token exchange and policy enforcement. This makes Keycard a central player for any organization looking to scale agentic tool-use securely.

Keycard is building the security infrastructure for a world where AI agents, not just humans, are the primary users of software. Founded in 2025 and led by veterans of Snyk, Okta, and Auth0, the company addresses the trust gap that prevents enterprises from moving autonomous agents from experimental labs into production environments. When an agent needs to fix a bug or update a database, it typically requires credentials that are either too broad or too static. Keycard provides a control plane to issue task-scoped tokens that expire once the job is finished.

The technical core of the platform is a machine identity layer. Unlike traditional identity providers designed for human login sessions, Keycard is built for the agentic loop. It identifies the agent, verifies the human who triggered it, and checks the specific task against a policy engine before granting access. This prevents scenarios where a coding agent might accidentally delete a production bucket or read sensitive customer data while attempting to fix a secondary bug.

Pedigree from the identity core

The company founders bring significant credibility to the security space. Jared Hanson, the creator of Passport.js, the de facto authentication middleware for Node.js, is the technology lead. He is joined by CEO Ian Livingstone, a former Principal Engineer at Salesforce, and Matthew Creager, previously a product leader at Snyk and Heroku. This team is not approaching AI from the perspective of model training, but rather from the perspective of platform engineering and developer tools. They raised $38 million in combined Seed and Series A funding from a16z, Boldstart, and Acrew Capital, alongside security-focused angels from Cloudflare, Datadog, and Anthropic.

Governance for the Model Context Protocol

In early 2025, Keycard acquired Runebook to accelerate its integration with the Model Context Protocol (MCP). MCP is an open standard that allows agents to discover and use tools across different applications. While MCP simplifies how an agent sees a tool, it does not inherently solve for authentication or governance. Keycard uses its SDKs to wrap MCP servers and clients. This allows companies to adopt the protocol while they maintain a central audit trail.

The platform works through a Security Token Service (STS). Instead of an agent storing a permanent API key for a service like GitHub or Stripe, it requests a short-lived, scoped token from Keycard. Keycard exchanges the identity of the agent and the intent of the task for a specific permission. This ensures that the agent never sees the master credential, and the service provider only receives a token that is limited to the current operation.

Competitive position

Keycard sits at the intersection of IAM and AI infrastructure. While companies like LangChain offer observability, they focus on performance and prompt debugging. Keycard focuses on the authorization gate. Its competitors are either the status quo—developers hardcoding secrets into environment variables—or legacy security tools that lack the context of an AI's reasoning. By providing a CLI (keycard run) that can govern coding agents and a centralized telemetry dashboard, Keycard is positioning itself as the mandatory layer for any enterprise serious about autonomous workflows.