Keycard has launched Keycard for Multi-Agent Apps, extending its identity and access platform to autonomous software systems.
The launch targets a growing area of AI software design in which developers use multiple specialised agents to carry out tasks across business functions such as software development, operations, sales, marketing and finance. The new offering is designed to manage how those agents identify themselves and obtain access as they hand work between one another.
Many teams building agent-based systems still rely on shared API keys, inherited credentials or persistent access to connect tools and agents. That can leave software with broader permissions than a specific task requires, particularly as AI agents begin to act with less direct human oversight.
Keycard's system gives each agent a distinct identity and ties access to a specific session and task rather than granting permanent privileges. Each action can be attributed across users, agents and systems, with access narrowed as tasks move through a chain of agents.
Developers can use software development kits for Python and TypeScript to build agents and tools on the platform. An agent receives its identity through runtime attestation when it starts, and a session is then created when a user or another agent initiates a task.
The product supports three delegation models: agents acting on their own behalf across workflows; agents acting on behalf of people or other agents through explicit delegation; and agents impersonating other agents or humans within policy limits for specific operational tasks.
Authentication and policy checks are built into token exchanges between agents using the OAuth 2.0 Token Exchange standard. This lets permissions shrink at each step of a workflow so that no agent holds more access than the task or policy allows, while tokens remain traceable, revocable and bound to the session.
In practical terms, Keycard is pitching the product at organisations trying to move from single AI assistants to networks of software agents that call other agents and tools. That shift has created security and governance questions for businesses that want agents to complete work without opening unrestricted paths into internal systems, databases and third-party applications.
"Enterprises are rebuilding business functions around AI agents. Right now the developers building these systems have to choose: give agents broad access and they're ungovernable or lock them down and lose what makes them valuable," said Ian Livingstone, Co-Founder and Chief Executive Officer, Keycard.
"Agents built using Keycard don't experience this trade-off, as they have their own identity, delegate access per-task and operate with no standing privileges or static credentials," Livingstone said.
The same identity model can also be used to connect agents to APIs, databases and software-as-a-service platforms. Policies set by developers and security teams determine which resources an agent can access, what it can delegate and how far those permissions can extend through a chain of tasks.
Any policy change triggers revocation across affected agents and sessions. The platform also manages token issuance, storage, rotation, attenuation and revocation, removing the need for developers to manage tokens directly.
Customer example
Keycard included an example from Chime, which has used the platform in production environments.
"We wanted our engineers deploying agents and tools into production without needing to be security or identity experts. Keycard's platform made that possible. We had agents running against production systems in days," said Dennis Yang, Principal Product Manager for Generative AI, Chime.
Keycard said the product works across cloud providers and application environments including AWS, GCP, Azure, Vercel, Cloudflare and Fly.io. It is also designed to work with agent frameworks and protocols including LangChain, Mastra, MCP, A2A and OAuth 2.1, as well as models and tools such as ChatGPT, Claude, Codex, OpenClaw and Pi.
The wider platform supports identity federation and tracking through OIDC, SCIM and audit logging across agent interactions. Keycard positioned the launch as part of the same platform used for its coding-agent product, offering one system for organisations seeking to build, deploy and govern AI agents and connect them to business services.
Keycard for Multi-Agent Apps is available in early access.