Keycard Raises $38M to Build the Trust Fabric for the Agent-Native Era
AUTHOR
Ian Livingstone
SHARE
Share on X imageShare on Linkedin image
October 21, 2025
5 Min Read

The Federated Trust Fabric for the Agent-Native Era

Introducing Keycard: Identity & Access Management for AI Agents, with $38M in Funding

Today we're incredibly excited to introduce Keycard and announce our agent identity and platform is now available in early access. To support our mission, we've raised a $38M combined inception round led by Andreessen Horowitz, Acrew Capital, and Boldstart Ventures with participation from Mantis VC, Tapestry Ventures, Essence Ventures, Exceptional Capital, Modern Technical Fund, Vermillion Cliffs Ventures and many incredible angels.


We’re entering a new era of computing, where software isn’t static, but a constantly changing system of AI agents working on behalf of people and businesses - a truly dynamic organism. Powered by the rise of continuously improving large language models, decreasing cost of inference, and evolving context engineering techniques, software can now take on new tasks based on the prompt they’re given and the tools they can access at inference time.


connected image

The more connected an agent can become, the more value it can create.

This is a fundamental change in how software is built, secured, and used, as humans are no longer required to write, review, or deploy code to gain new software capabilities. It’s a massive shift in the way we interact with computers, moving us from a world driven by point and click user-interfaces to one where AI agents interact with us through voice, video, and text interfaces creating embedded, contextual experiences.


Agents could unleash a productivity wave that's larger than SaaS, mobile, and cloud combined as we move repetitive, cognitive work that was once only the domain of humans into the world of machines. Freeing us to focus on higher-value work, in the same way the steam engine unleashed the industrial revolution.


Disintermediation image

Agents disintermediate humans from systems of record and commerce, taking on work on our behalf.

In the dynamic, ephemeral and non-deterministic world of AI agents our existing static, human-focused trust model is insufficient. No longer are humans making every decision or performing every action – whether through the code they write or the buttons they click. Instead, agents are increasingly making decisions, writing code, and taking action against our systems of records and commerce under their own accord.


The capability to reason and take on cognitive work that was once only the domain of humans, imparted by large language models, is their super power and achilles heel. They hallucinate, make logical leaps without evidence, and can sow incredible chaos as a result. For many, the juice isn’t worth the squeeze. The risk of agents deleting production databases, leaking sensitive customer information, or performing erroneous refunds is too high.


leveling image

Stages of agent autonomy are best understood in the context of self-driving cars

For the use cases where agents are seeing adoption, they’re limited to the equivalent of 1990s cruise control. They can keep you at the proper speed, but they can also drive you off a cliff without second thought, requiring humans to constantly pay attention, severely limiting any benefits the automation provides.


To move from a human-driven, point-and-click world to an agent-driven one, we need new primitives that make agents controllable, understandable, and aligned with human intent backed by deterministic guarantees.


IAM was designed for Humans, not Agents

As with every major computing wave, identity and access has been a key pillar in realizing the economic upside, with each successive wave requiring new authentication and authorization primitives that built on the foundations of the last:


  • The main-frame brought us multi-user systems and a CPU sharing model enabling many users to share the same computer while protecting sensitive files and data.
  • The internet introduced TLS, Cookies, and Browser Sandboxing enabling networks of servers to create shared, trusted applications for transacting across public networks.
  • The cloud brought us user-federated identity and access, virtual private networking, and the ability to control your data with encryption without giving up private keys, enabling enterprises to collaborate in the cloud without giving up control of their data.

The agent-era is no different. Our existing IAM systems were designed for a world of static, human-driven point-and-click interactions, not the machine-driven dynamic, ephemeral and autonomous one of AI agents. Static, role-based access controls, federated user-identity, and long-lived credentials can’t provide the guarantees required for trusted agent operations.

They require new paradigms to operate with trust:


  • Agents are ephemeral, coming into existence and disappearing in seconds and at tremendous scale, requiring the ability to dynamically provision, escalate, and revoke access at runtime.
  • Agents work across systems and companies, requiring federated identity, so access can be delegated to them from other agents, applications, and users, without manual configuration or custom integrations.
  • Agent identity must be attestable to the device or cloud runtime, creating end-to-end trust without long-lived credentials or secrets, so they can be identified without complex provisioning workflows.
  • Agent delegations must be traceable back to the original user or company who employed them, allowing accountability and liability to be assigned, across complex multi-agent systems with a complete delegation chain to maintain lineage and enforce policy.

Agents are not humans, they’re machines, and require their own identity for access to be provisioned, delegated, and revoked. However, the world of machine identity is currently siloed, manual, and disconnected, preventing machines from moving across networks and systems at the application layer with federated identity, just as humans do on the web today.


machine pain image

Over time, machine identity connections increase complexity

The challenges of machine identity aren’t new, developers and security teams have wrestled with them since applications first began talking to each other over networks, with frustration mounting as systems grew more interconnected. What’s changed is that agents turn a long-standing pain into a must-solve for basic adoption.


We need new primitives that ensure agents act only within the intent of their users, with access that can be revoked at the first sign of abuse. At the same time, the tools and platforms they interact with must be able to identify agents, validate their permissions, and enforce policy consistently at the edge, with full visibility into who deployed them and on whose behalf they’re acting.


Achieving this requires a new trust fabric built on open, federated standards. Just as TCP/IP, TLS, and OAuth defined the web and cloud eras, the agent-native era demands an evolution in the standards that power the internet. We’re now seeing an explosion of new and emerging protocols from WIMSE and OAuth 2.1 extensions to MCP, A2A, AP2, Web Bot Auth, and x402 all designed to let agents authenticate, delegate, and act safely across systems. Together, they move identity as the perimeter from a best practice to a base requirement.


Introducing Keycard

At Keycard, our mission is to unlock the power of AI agents, by giving developers and enterprises the foundations they need to build and adopt trusted agentic applications at scale. We’re building the infrastructure that puts control of an agent's actions in the hands of their users, builders and operators with complete auditability.


Keycard brings deterministic guardrails to the non-deterministic world of agents by evolving the way applications, agents, and machines identify and authorize one another and the humans that employ them. In effect, ensuring that agents stay aligned by binding their context window and tool access to the task they’ve been assigned backed by provable guarantees.


Under the hood, Keycard moves the world from static roles and long-lived credentials to ephemeral, identity-bound tokens with support for mixed delegation chains and task scoped policy enforcement. These tokens can be bound to a specific resource, set of permissions, immediately revoked, and provide end-to-end cryptographic tracking of actions and authorizations.


keycard flow image

How Keycard connects agents, users, and systems securely.

Leaning on our years of experience in identity and access, we’ve built Keycard from the ground up for the highly federated, distributed and resource-intensive nature of agentic systems, ensuring authentication and authorization is enforced at the edge. Keycard is not a gateway, it’s a secure token service that supports federation and brokering of credentials across applications, agents, and services that extends your existing user and workload identity systems.


scope image

With Keycard, authentication and authorization moves out of the agent and across the network, ensuring agents only perform intended actions as they don’t have overscoped users credentials or static secrets to cause chaos. Instead, they are issued tokens bound to the exact permissions required for the task at hand based on applied policy and the combined delegation chain of the applications, agents, and users that employ them.


Keycard’s standards-interoperable infrastructure ensures any token issuances, delegations, tool uses, and revocations are tracked in a contextual audit log, giving users, developers, and security the ability to understand exactly who has employed an agent for what tasks, which tools were used, and what policy has been applied at any point in time.


From experimentation to production, Keycard gives you everything you need to build, adopt, and scale trusted AI agents with security, control, and confidence, whether modernizing internal workflows or creating agentic experiences for your end-users.


Get Early Access

Today, we're incredibly excited to open Keycard up for


You can get started today, with Keycard as your partner in becoming agent-native:


  • Extend copilots & adopt agents - Adopt internal or external agents and expose your tools, APIs, and services securely, no brittle auth required. Control what they can access, on whose behalf, and under what conditions with full visibility.
  • Create trusted agents & tools - Build secure, identity-aware agentic applications using Keycard’s drop-in SDKs. Your agents and tools automatically adapt to changing user, builder, and security requirements, no code changes needed.
  • Build multi-agent systems - Coordinate agents, tools, and data across teams, networks, and companies without managing identity or wiring custom integrations. Keycard provides the layer that lets agents, tools, and data work together safely and transparently.
  • Build next-generation products - Evolve your products into agents or safely connect agents to your platform. Enable your users to delegate work and complete transactions confidently with trust, visibility, and accountability for every action.

We’re building the foundations for trusted, production-ready agentic applications. Sign-up for early access today!


UNLOCK SECURE AIINFRASTRUCTURE

© 2025 Keycard Labs, Inc. All rights reserved.
keycard logo mobile