Keycard
Sources: Keycard (homepage) · Launch announcement (GlobeNewswire) · boldstart investment thesis · SiliconANGLE coverage
Homepage URL above is unverified — re-validate when Keycard publishes a public site.
What
Identity-and-access platform for AI agents. Provides real-time, contextual guardrails that let enterprises grant AI agents controlled access to internal systems, with the explicit pitch of replacing static, human-driven workflows with machine-driven, autonomous, agentic applications built on top.
Founding team has unusually deep identity-platform pedigree:
- Ian Livingstone and Matt Creager: previously at Manifold (acquired by Snyk); helped scale Snyk
- Jared Hanson: creator of Passport.js, former Chief Architect at Auth0
(Source: boldstart, SiliconANGLE)
Funding
$8M seed round led by a16z and boldstart ventures (round closed prior to public launch, exact date not disclosed; predates the $30M Series A).
$30M Series A, October 21, 2025, led by Acrew Capital.
$38M total, launch-day announcement.
The seed itself is sixth-largest agentic-AI-security seed in the 12-month window; total funding exceeds every other seed-stage agent-security startup at launch.
Relevance
Maps cleanly to the RA Identity plane (primary) with strong overlap into Control (least-agency policy enforcement). In the CMM, evidence supports D2 L3-L4 (identity & authorization) and D3 L3-L4 (control & least-agency).
Direct competitor positioning to Okta for AI Agents and Microsoft Entra Agent ID, but earlier-stage and developer-platform-shaped, not enterprise-IDP-shaped. For organizations that don’t already run on Okta or Microsoft, Keycard becomes a credible third commercial option for the agent-IAM slot.
Adjacent to capability-based authorization research (Tenuo Warrant) but in a different lane: Keycard is identity + access-policy (PDP/PEP-shaped), not artifact-carrying-policy capability tokens.
Product
Per launch coverage:
- Identity for agents: agent-as-principal model, distinct from human identities
- Real-time, contextual guardrails: policy decisions made at access time, not statically bound at deploy
- Foundations for trusted agentic applications at scale: developer-platform pitch
- Integrates with enterprise systems as the access broker
Gap
No public technical documentation as of May 2026 on the access-control model (RBAC vs ABAC vs capability-based vs hybrid), the policy language used, or whether Keycard implements the PAP split explicitly.
Notable Statements
- The Hanson + Manifold + Snyk lineage signals Keycard is built by the identity platform-builder community, not the AI-research community. It inherits the Auth0 / IdP playbook applied to NHIs and agents. This contrasts with the Tenuo research-grade capability-token approach.
See Also
- Comprehensive Agentic AI Security Landscape — the funding-landscape pass covering this cohort
- Okta for AI Agents, enterprise primary
- Microsoft Entra Agent ID, M365/Azure primary
- Non-Human Identity