After months under wraps, San Francisco-based startup Keycard has officially emerged from stealth mode, unveiling an identity and access management (IAM) platform engineered specifically for the rapidly evolving ecosystem of AI agents. Armed with $38 million in venture funding, Keycard aims to deliver foundational cybersecurity infrastructure that enables trusted, scalable deployment of AI-powered systems across enterprises.
In an era where autonomous AI agents are poised to play increasingly critical roles—from orchestrating cloud operations to automating ecommerce workflows—Keycard’s solution offers a new approach to one of the thorniest issues: how to securely govern machine actors in complex, distributed environments.
$38 Million in Funding Anchored by Leading Venture Capital Firms
Keycard’s funding includes an $8 million seed round co-led by Andreessen Horowitz and Boldstart Ventures, followed by a Series A round of $30 million led by Acrew Capital. Other participants in the rounds include Mantis VC, Tapestry Ventures, Essence Ventures, Exceptional Capital, Modern Technical Fund, Vermillion Cliffs Ventures, and a roster of angel investors.
The company was founded by Ian Livingstone, Matthew Creager, and Jared Hanson—former engineering and strategy leaders at cloud-native security firms Snyk and Okta. Speaking about the company’s vision, CEO Ian Livingstone noted, “AI agents represent a once-in-a-generation shift, greater than the SaaS and cloud wave combined. But without trusted access controls, they can’t leave the lab.”
Agent Identity and Trust are Central to the Platform
At the core of Keycard’s IAM platform is the use of cryptographic identity to verify and govern AI agents—not just human users. Rather than relying on static credentials or API keys, Keycard introduces:
- Identity-bound, short-lived tokens : These tokens are dynamically generated and scoped to specific tasks and entities.
- Cryptographic verification : Each agent is cryptographically linked to an owner (human or organization), enabling tighter control and traceability.
- Runtime authorization checks : Policies are enforced contextually as agents act, rather than relying on pre-configured roles or hardcoded entitlements.
This architecture makes it possible to delegate authority, enforce task-specific permissions, and revoke access on a granular basis—all without requiring manual code changes. Whether embedded into applications via SDKs or deployed across infrastructure environments, the platform’s agent-aware design introduces a new security baseline for autonomous systems.
Built for Developers, Designed for Enterprise Scale
Keycard’s IAM platform has been designed to operate at internet scale and includes features tuned for enterprise-grade adoption:
- Single sign-on (SSO) and role-based access control (RBAC) integration
- Bring-your-own-key (BYOK) functionality
- Full audit logging of agent actions and policy decisions
- Interoperability across cloud environments and identity providers
Additionally, it supports delegation chains and federated identity models, making it possible to manage access across multiple systems and agents without losing policy coherence. Developers building AI-driven products can integrate Keycard through its SDKs, enabling them to apply runtime IAM controls without deep IAM expertise.
According to Sacra, this makes the platform especially suitable for modern developer teams looking to build “agent-native” applications that are both secure and evolvable.
Applicability Across Sectors, With Early Focus on Ecommerce and AI Platforms
While Keycard is designed to be domain-agnostic, ecommerce is an early target use case. AI agents—whether used for personalized customer experiences, dynamic pricing engines, or backend procurement—must operate under strict regulatory and security guidelines. Keycard’s real-time access enforcement and full-chain auditability make it a viable solution for these complexities.
The platform integrates with AI ecosystems from Microsoft, OpenAI, and Anthropic, ensuring that organizations can enforce consistent IAM policies, regardless of the underlying model or provider. This level of interoperability is crucial in a fragmented AI market.
As Digital Commerce 360 notes, this provides much-needed transparency and guarantees compliance with data governance policies even where AI-driven systems automate high-risk tasks.
Delivering the Guardrails for the AI Agent Economy
The broader mission of Keycard, as articulated across its launch materials and investor briefings, is to unlock what it calls the “agent economy.” This refers to a future where AI agents are not just tools but trusted actors in business workflows.
Keycard’s launch positions it as an anchor for this vision—offering the “guardrails” needed to allow intelligent agents to act securely and autonomously on behalf of their human owners. That includes performing sensitive transactions, accessing enterprise systems, and even collaborating with each other—activities which are impossible without robust IAM.
“What we bring to the table is the ability to put a box around the agent,” says CEO Ian Livingstone. “Developers don’t have the tools today to enable these experiences.”
Key Takeaways for Security Teams and Developers
For organizations exploring AI agent adoption, Keycard’s emergence provides critical infrastructure for operationalizing these agents responsibly. Security and development teams should consider:
- Replacing static API keys with dynamic, task-scoped credentials to prevent over-permissioning.
- Enforcing contextual access controls at runtime for all AI-driven actions.
- Implementing full-lifecycle audit trails for agent behavior, ensuring regulatory and internal compliance.
- Building agent-native applications using identity-aware SDKs , reducing the burden on internal IAM engineering teams.
As decentralized AI systems become commonplace, Keycard’s IAM model may define the baseline standard for trustworthy automation. With deep cryptographic foundations, compatibility with enterprise identity systems, and a developer-first toolset, the company positions itself as a key enabler of secure AI scale-up.
