Keycard

169 posts

Keycard banner
Keycard

Keycard

@KeycardAI

Keycard puts users, developers and companies in control of AI agents with real-time, adaptive permissions and complete transparency.

Katılım Aralık 2024
39 Takip Edilen4.9K Takipçiler
Keycard
Keycard@KeycardAI·
"There's no separation between the control and data planes." @guypod (founder of @tessl_io and @snyksec) That's why prompt injection works, and why you can't secure a skill from inside the model. The fix: put the control plane where the context can't reach it.
Insecure Agents Podcast@insecureagents

"There's no separation between the control and data planes." @guypod (founder of @tessl_io and @snyksec) That's why prompt injection works, and why you can't secure a skill from inside the model. The fix: put the control plane where the context can't reach it.

English
0
0
1
559
Keycard
Keycard@KeycardAI·
Two CISOs from @box and @NomaSecurity on the security panel at @AICouncilConf described the same problem: teams today can't see half of what's running in their own environments. You can't govern an agent you can't identify. Identity comes first.
English
1
0
11
1.1K
Keycard
Keycard@KeycardAI·
AAuth Night: Moving Beyond OAuth was packed last night. The throughline: OAuth today, AAuth tomorrow. Keycard builds for both. Short-lived, task-scoped credentials on the OAuth stack you already run now. A future where agents carry their own mission and API keys disappear.
Insecure Agents Podcast@insecureagents

The energy at AAuth Night: Moving Beyond OAuth was incredible! @jankytweet shared how ID-JAG makes OAuth better today. @DickHardt introduced AAuth, a new protocol that tracks an agent's mission and runs agents without API keys. Thanks to our panelists and everyone who demo'd and @okta @snyksec @KeycardLabs @cloudsa for their support!

English
0
2
12
1.5K
Keycard
Keycard@KeycardAI·
It's a big day for Keycard! We have two events today Our workshop 12-3pm: Come build a MCP server in TypeScript and lock it down with Keycard. AAuth Night is tonight! @okta @snyksec @cloudsa (AARM) are joining us in support and helping us build a big tent around agent auth
Insecure Agents Podcast@insecureagents

AAuth Night: Moving Beyond OAuth is TONIGHT We have over 500 people registered for our @aiDotEngineer side event! It's a stone's throw from Moscone and doors open at 5:30pm expect DEMOS + PANEL + COMMUNITY

English
1
0
6
2.3K
Keycard
Keycard@KeycardAI·
Our Head of DevRel @KimMaida gave a talk titled "It's 10pm. Do You Know Where Your Agents Are?" @aiDotEngineer Long story short, you probably don't know where they are. Stop by our booth to learn how to control agent access and secure coding agents, MCPs, and 3rd party APIs.
Keycard tweet mediaKeycard tweet media
English
0
2
7
697
Keycard
Keycard@KeycardAI·
We're keeping busy @aiDotEngineer! Stop by our booth after @KimMaida's talk coming up here shortly at 2:50pm on the Security Track.
Keycard tweet media
English
0
0
4
625
Keycard
Keycard@KeycardAI·
Software factories are only possible with AI security in the loop. AI engineers must manage an ever growing agent supply chain across skills and packages that seem to be compromised almost every day. Organizations must manage agent identity sprawl as agents increasingly work on behalf of users and other agents. Security teams must find ways to govern agents and keep agents scoped to their task. Great job Allie opening up @aiDotEngineer WF Day 1! Next up, @KimMaida gives her talk "It's 10pm. Do you know where your agents are?" 2:50pm on the Security Track, don't miss it!
Allie Howe@vtahowe

What an honor to emcee the first day of @aiDotEngineer and introduce the Software Factories Track Thank you @swyx & team, and @KeycardLabs for the support. “A year ago @GeoffreyHuntley released the Ralph loop. It captured our attention and sparked our imagination as we watched Ralph loops work autonomously overnight and forge entire products on its own. However, it wasn't perfect and in the early days it came recommended for greenfield work only and it came with the expectation that it would get you about 90% of the way there. Since then we've learned quite a lot about loop engineering and in the last year there's been considerable advancements that make now that largest inflection point for software factories. Model vision has improved allowing them to see and verify work they couldn't before. Agents now have access to far richer tool ecosystems and live data, enabling them to work across real production environments. AI security practices have matured, giving agents the security, autonomy, and capability they need to perform meaningful work. Context windows have gotten larger and agent memory has improved allowing agents in a loop to track what's been done before. Lastly, reasoning models have improved helping the model think through more sophisticated tasks. All of this comes together now. Software factories are no longer a vision for the future. They've become a practical reality. Today's speakers are on the frontier of this shift and helping define this inflection point. They'll help us separate what's real from what's hype, share what actually works, and how to build software factories that produce reliable results, not slop.”

English
0
0
5
810
Keycard
Keycard@KeycardAI·
🥊 Jul 2 The Great Loops Debate, main stage. @ianlivingstone + @GeoffreyHuntley take on @dexhorthy and @grichadev. Do agent loops produce slop? Do we have the infra to verify the work? x.com/vtahowe/status…
Allie Howe@vtahowe

THE GREAT LOOPS DEBATE is on @ianlivingstone and @GeoffreyHuntley take on @dexhorthy and a surprise guest to answer Do loops produce slop? Do we have the AI infra we need today to verify the work and track state? What tasks are right for loops? Main stage 7/2 @aiDotEngineer

English
0
0
3
289
Keycard
Keycard@KeycardAI·
Keycard is at @aiDotEngineer World's Fair all week. Find us at our booth in Moscone West, right next to the Amazon AGI Lab. Here's our full schedule 🧵
English
1
1
8
1.1K
Keycard
Keycard@KeycardAI·
We're excited to share @snyksec is joining AAuth Night Snyk's job is securing what developers build, and agents are developers now, so having them in the room helps us build a big tent around AAuth and agent security best practices. RSVP to this and our other AIE side events👇
Keycard tweet media
English
1
0
6
924
Keycard
Keycard@KeycardAI·
If you want to learn how to build agent systems that you can trust sign up for our workshop luma.com/a9cu3jjx Build your own MCP server and lock it down with Keycard.
English
0
0
1
129
Keycard
Keycard@KeycardAI·
In the Railway incident an agent found a stray API token and deleted a prod database in 9 seconds. @zeeg (CPO, @sentry) makes the realist case: the model is rarely what holds agents back, the infrastructure around it is. Access scoped to the task is where this stops.
Insecure Agents Podcast@insecureagents

60 verified vulns including auth bypasses. Cost: $1,000 in compute. "They were all off the critical paths, and impact was limited, but they were issues we would have absolutely paid bounties for." @zeeg (CPO, @sentry) on what agents can actually do once you get past the hype.

English
1
3
10
1.5K
Keycard
Keycard@KeycardAI·
Today Keycard announced support for ID-JAG, the open standard behind Cross-App Access by @okta. It joins OAuth, A2A, and MCP as standards Keycard speaks, so you get one identity and access layer for the agents you build and the agents you buy. Your identity provider issues the grant, Keycard governs what the agent does with it. Agents borrow access to get their work done: a human's login, a shared service account, a static key copied between services. None of that can be scoped to one agent, governed, or revoked. That's what Keycard is for: centralizing how you adopt and build agents to automate your software development lifecycle and your business. Keycard is for developers building an agent or automating a workflow in your SDLC, for security governing every agent the organization builds or buys, and for every organization that wants to move fast with the right hard boundaries in place. Agents need short-lived, identity-bound tokens, not borrowed credentials. Secretless, scoped, governed. Read the announcement 👇
Keycard tweet media
English
1
0
7
1.1K
Keycard
Keycard@KeycardAI·
"You have to block the action before it runs." On Insecure Agents, Herman Errico (creator of AARM, PM at @TrustVanta, @cloudsa) makes the case that the action boundary is the security boundary: enforce at the moment a tool call fires, not at the prompt or model layer. This is exactly where access should be decided.
Insecure Agents Podcast@insecureagents

LLMs hallucinate 12-50% of the time. Agents turn those mistakes into real actions: shipped code, sent emails, dropped databases. Herman Errico (@TrustVanta), creator of AARM (@cloudsa), came on to tell us why you secure agents by blocking the action before it runs. Out now

English
1
0
6
1.1K