AGP Picks
View all

Get your science and technology news from Fiji

Provided by AGP

Fiji Tech Network
Got News to Share?
Got News to Share? globe Explore more publications!

Keycard Launches Identity and Access for Multi-Agent Apps

Keycard for Multi-Agent Apps Lets Developers Build Secure Autonomous Applications Where Access is Delegated Between Agents, on a Per-Task Basis, Without Standing Privileges

SAN FRANCISCO, May 14, 2026 (GLOBE NEWSWIRE) -- Today at AI Council 2026, Keycard, the provider of identity and access for AI agents, announced Keycard for Multi-Agent Apps, extending its platform to support delegated, session-based access across systems of autonomous agents. Keycard lets developers build apps where every agent has its own identity, access is scoped to each task and every action is fully attributable across agents, users and systems.

"Enterprises are rebuilding business functions around AI agents. Right now the developers building these systems have to choose: give agents broad access and they're ungovernable or lock them down and lose what makes them valuable," said Ian Livingstone, co-founder and CEO of Keycard. "Agents built using Keycard don't experience this trade-off, as they have their own identity, delegate access per-task and operate with no standing privileges or static credentials."

"We wanted our engineers deploying agents and tools into production without needing to be security or identity experts. Keycard's platform made that possible. We had agents running against production systems in days," said Dennis Yang, Principal Product Manager for Generative AI at Chime.

Multi-agent architectures are becoming the standard approach to building AI apps, with specialized agents increasingly being used by general-purpose agents to complete complex tasks across software development, operations, sales, marketing, finance and more. The problem is structural: most teams rely on shared API keys, inherited credentials or persistent access to connect these agents, none of which limit access to what the task actually requires.

This is compounded as agents gain more autonomy: an agent can delete a database or exfiltrate confidential information without any human overseeing it. Traditional approaches to service identity and access control were designed for a world of human operators, not agent-to-agent delegation, and without it, the risk shifts from isolated misuse to systemic failure.

Keycard for Multi-Agent Apps solves this by giving every agent verifiable identity without long-lived API keys or credentials on disk. Developers can build agents and tools using Keycard's SDKs for Python and TypeScript. When an agent starts, it automatically receives its identity through runtime attestation. When a user or agent initiates a task, Keycard creates a session that binds every action to the originating user and request, supporting three delegation patterns:

  • Agents acting on their own behalf across multi-hop workflows, each with scoped identity and delegated access.
  • Agents acting on behalf of humans or other agents through explicit delegation, preserving the full chain of authority from the originating user to every downstream agent.
  • Agents impersonating other agents or humans under policy constraints for specific operational workflows, with complete audit transparency.

All three patterns use the same SDK, the same policy engine and the same control plane. Agents discover and authenticate one another automatically using Client ID Metadata Documents. As agents delegate work to other agents or call tools, Keycard evaluates policy as part of every token exchange using OAuth 2.0 Token Exchange (RFC 8693), scoping access to the task and narrowing permissions at each hop so no agent ever holds more privilege than the task requires or policy allows. Every token in the chain is traceable, revocable and expires with the session.

Keycard for Multi-Agent Apps gives developers the tools to build and ship multi-agent apps that work across clouds and gives security teams the controls to govern them:

  • Import identity, instead of building it. Keycard's SDKs for Python, TypeScript and Go integrate with LangChain, Mastra and more, giving developers identity, delegation and access control as primitives they can drop into any agent or tool.
  • Work with any agent. Natively accessible to ChatGPT, Claude, Codex and any agent or tool that speaks MCP, A2A or OAuth 2.1 including OpenClaw and Pi.
  • Deploy across any platform. Runs on Vercel, Cloudflare, Fly.io, AWS, GCP, Azure and more. Identity travels with the agent with no static secrets to provision, rotate or protect.
  • Connect agents to any tool or service. The same scoped, session-bound credentials that govern agent-to-agent access work for connecting to APIs, databases and SaaS platforms.
  • Control what every agent can do. Developers and security teams set policies that control which agents can access which resources, what they can delegate and how far permissions can travel. Any change in policy triggers revocation across affected agents and sessions.
  • No token management required. Keycard manages the full token lifecycle, from issuance, storage and rotation to attenuation and revocation, across every agent and session.

Behind it all, the Keycard platform provides identity federation and tracking via OIDC, SCIM and near-real-time audit logging across every agent interaction. It is the same system powering Keycard for Coding Agents. Together, they give organizations a single platform for adopting, building, deploying and governing agents and connecting them to services, whether built or bought.

Keycard for Multi-Agent Apps is available in early access. Documentation can be found at https://docs.keycard.ai.

Keycard at AI Council 2026

  • Keycard co-founder Jared Hanson is giving a talk titled “Identity Is the Bottleneck: Why Agents Force a New Security Model” today at 11:30 a.m. PT
  • Keycard is co-hosting a “Building Internal AI” event with Browserbase, Cloudflare and Sentry tonight at 5 p.m. PT focused on the rapid adoption of internal AI and autonomous software systems across the enterprise

About Keycard
Keycard’s mission is to unlock the power of AI agents by giving developers and enterprises the foundations they need to build and adopt trusted agentic applications at scale. Its identity and access platform provides real-time, contextual guardrails, enabling the transition from static, human-driven workflows to machine-driven, autonomous, agentic applications. Keycard is a remote-first company and backed by Andreessen Horowitz, boldstart ventures and Acrew Capital. For more information, visit: https://www.keycard.ai.

Media and Analyst Contact:
Amber Rowland
amber@therowlandagency.com 
+1-650-814-4560


Primary Logo

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Share us

on your social networks:
LinkedIn Facebook

Sign up for:

Fiji Tech Network

The daily local news briefing you can trust. Every day. Subscribe now.

By signing up, you agree to our Terms & Conditions.