Keycard Launches AI Agent Identity for Multi-Agent Apps

/ AI, Application Development, Automation, DevOps, Security

The Announcement

Keycard, an identity and access management platform built specifically for AI agents, announced Keycard for Multi-Agent Apps at AI Council 2026 in San Francisco. The product extends Keycard’s existing platform to support delegated, session-based access control across systems of autonomous agents, giving every agent its own verifiable identity scoped to individual tasks rather than persistent credentials. The announcement addresses a structural security gap that has emerged as multi-agent architectures become the dominant pattern for enterprise AI application development: most teams currently connect agents using shared API keys or inherited credentials that don’t limit access to what any given task actually requires.

Our Analysis

The Keycard announcement arrives at a moment when the enterprise AI market is caught between two conflicting pressures. Organizations are deploying agents faster than they’re deploying governance. ECI Research’s 2025 AI Builder Summit survey found that two-thirds of enterprise AI leaders have already implemented multi-agent collaboration in live or pilot workflows, yet 44% of enterprise AI leaders have only moderate confidence that AI agents can act autonomously without human intervention. That confidence gap isn’t irrational. It’s a direct symptom of the identity and access problem Keycard is trying to solve.

The Structural Problem Multi-Agent Systems Create

When a single agent calls a single API, the security model is relatively straightforward. When an orchestrating agent delegates tasks to specialized subagents, each of which may call external services, databases, or other agents, the attack surface changes fundamentally. A compromised credential doesn’t expose one session; it potentially exposes the entire chain of delegated authority. Traditional service identity models weren’t designed for this. They assume a human operator at some point in the chain, someone who can contextualize scope, revoke access, and be held accountable.

Keycard’s approach treats OAuth 2.0 Token Exchange (RFC 8693) as the foundational mechanism, binding every action to the originating user or request and attenuating permissions at each hop in the delegation chain. The technical design is sound: tokens are scoped, revocable, and expire with the session, which means no agent ever accumulates privileges beyond what the current task requires. For developers, this could solve the “ungovernable agent” problem without requiring them to become identity engineers. The SDK-first approach, with native integrations for LangChain and Mastra and protocol-level support for MCP, A2A, and OAuth 2.1, means the identity layer can be embedded at the point of development rather than bolted on after deployment.

What This Means for Enterprise IT Decision-Makers

The business case for Keycard is essentially a risk quantification argument. Consider what happens when an autonomous agent with broad, persistent access encounters either a policy violation, a malicious prompt injection, or a misconfigured tool. Without scoped, session-bound credentials and a full audit trail, incident response is nearly blind. With them, every action is attributable to a specific delegation chain, which matters enormously for compliance, forensics, and liability.

According to ECI Research, 50.7% of organizations rely on public AI tools such as ChatGPT or Copilot, while only 20.2% report enterprise-wide AI deployments built on a governed framework. That governance gap is precisely where Keycard competes. The organizations in the ungoverned majority face increasing exposure as agents move from advisory roles to operational ones, writing code, executing financial transactions, managing customer data. At that point, “the agent did it” is not an acceptable audit response.

The Chime customer reference in the announcement is worth noting. Chime operates in financial services, a sector with strict regulatory requirements around access control and audit trails, and they report production agent deployment in days. That’s a meaningful data point for ITDMs evaluating whether Keycard’s model is operationally feasible rather than theoretically elegant.

What This Means for Developers

For developers building multi-agent systems, the practical value of Keycard is the elimination of credential management as a recurring operational burden. Static API keys embedded in agent configurations are a maintenance liability: they need rotation, they’re often over-scoped, and they can persist long after the workflow that required them has ended. Keycard replaces that pattern with runtime attestation at agent startup, session-scoped tokens issued per task, and automated lifecycle management including rotation and revocation.

The three delegation patterns Keycard supports (agents acting on their own behalf, agents acting on behalf of humans or other agents, and agents impersonating other agents under policy constraints) map cleanly to the real architectural patterns appearing in production multi-agent systems. The “same SDK, same policy engine, same control plane” design principle matters here. Developers don’t want to learn a different identity model for each delegation pattern; they want a consistent abstraction they can reason about. The support for Client ID Metadata Documents for agent-to-agent discovery is also a concrete architectural choice that may reduce the ad-hoc credential passing that currently characterizes most multi-agent implementations.

The cross-platform deployment story (Vercel, Cloudflare, Fly.io, AWS, GCP, Azure) is important given that multi-agent systems rarely live entirely within a single cloud boundary. Identity that travels with the agent without requiring static secrets removes one of the harder operational constraints in distributed agent deployments.

Looking Ahead

Governance Will Become a Competitive Differentiator

As multi-agent deployment matures from pilot to production, governance infrastructure will shift from a nice-to-have to a procurement requirement. Security and legal teams at regulated enterprises will not approve agent deployments that lack full audit trails and revocable, scoped access. ECI Research’s 2025 AI Builder Summit survey found that 35.8% of respondents strongly agreed that this generation of business leaders will be the last to manage a workforce composed entirely of humans. If that shift is directionally correct, the identity and access layer for AI agents is not a niche security product. It becomes core enterprise infrastructure on the order of LDAP or Active Directory in an earlier generation of IT.

Standards Adoption Will Shape the Market

Keycard’s bet on open protocols (OAuth 2.1, RFC 8693, MCP, A2A, OIDC, SCIM) is strategically correct. Proprietary identity models for agents will fail for the same reason proprietary identity models for humans failed: enterprises won’t accept vendor lock-in for authentication infrastructure. The emerging standardization around agent protocols, particularly the Model Context Protocol and the Agent-to-Agent protocol, is still early, but Keycard’s alignment with those efforts positions it well as the protocol landscape consolidates. Organizations evaluating agent identity vendors should weigh standards compliance heavily in their criteria. The vendor that requires proprietary protocol adoption is the vendor that creates the next generation of technical debt.

Within the next 12–18 months, we expect agent identity management to become a distinct line item in enterprise security budgets, category evaluations to formalize through analyst frameworks and RFP processes, and at least one major cloud provider to acquire or build a competing capability. Keycard’s first-mover advantage in a genuinely underserved category is real. Executing at enterprise scale with the reliability and compliance documentation that large customers require will determine whether that advantage compounds or erodes.

Authors

  • With over 15 years of hands-on experience in operations roles across legal, financial, and technology sectors, Sam Weston brings deep expertise in the systems that power modern enterprises such as ERP, CRM, HCM, CX, and beyond. Her career has spanned the full spectrum of enterprise applications, from optimizing business processes and managing platforms to leading digital transformation initiatives.

    Sam has transitioned her expertise into the analyst arena, focusing on enterprise applications and the evolving role they play in business productivity and transformation. She provides independent insights that bridge technology capabilities with business outcomes, helping organizations and vendors alike navigate a changing enterprise software landscape.

    View all posts
  • Paul Nashawaty

    Paul Nashawaty, Practice Leader and Lead Principal Analyst, specializes in application modernization across build, release and operations. With a wealth of expertise in digital transformation initiatives spanning front-end and back-end systems, he also possesses comprehensive knowledge of the underlying infrastructure ecosystem crucial for supporting modernization endeavors. With over 25 years of experience, Paul has a proven track record in implementing effective go-to-market strategies, including the identification of new market channels, the growth and cultivation of partner ecosystems, and the successful execution of strategic plans resulting in positive business outcomes for his clients.

    View all posts